Patents by Inventor Abhishek Basak

Abhishek Basak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20210200552
    Abstract: An apparatus and method for non-speculative resource deallocation.
    Type: Application
    Filed: December 27, 2019
    Publication date: July 1, 2021
    Inventors: FANGFEI LIU, CARLOS ROZAS, THOMAS UNTERLUGGAUER, FRANCIS MCKEEN, ALAA ALAMELDEEN, Abhishek Basak, XIANG ZOU, RON GABOR, JIYONG YU
  • Publication number: 20210117340
    Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.
    Type: Application
    Filed: December 26, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Anna Trikalinou, Abhishek Basak
  • Publication number: 20210117576
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Application
    Filed: December 2, 2020
    Publication date: April 22, 2021
    Applicant: Intel Corporation
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20210110031
    Abstract: An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.
    Type: Application
    Filed: December 23, 2020
    Publication date: April 15, 2021
    Applicant: Intel Corporation
    Inventors: Abhishek Basak, Erdem Aktas
  • Publication number: 20210089466
    Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.
    Type: Application
    Filed: August 5, 2020
    Publication date: March 25, 2021
    Inventors: Vedvyas SHANBHOGUE, Ravi SAHITA, Rajesh SANKARAN, Siddhartha CHHABRA, Abhishek BASAK, Krystof ZMUDZINSKI, Rupin VAKHARWALA
  • Publication number: 20210073145
    Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
    Type: Application
    Filed: September 15, 2020
    Publication date: March 11, 2021
    Applicant: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Abhishek Basak, David M. Durham
  • Publication number: 20200410094
    Abstract: Embodiments of methods and apparatuses for hardware load hardening are disclosed. In an embodiment, a processor includes safe logic, data forwarding hardware, and data fetching hardware. The safe logic is to determine whether a load is safe. The data forwarding hardware is to, in response to a determination that the load is safe, forward data requested by the load. The data fetching logic is to fetch the data requested by the load, regardless of the determination that the load is safe.
    Type: Application
    Filed: June 29, 2019
    Publication date: December 31, 2020
    Applicant: Intel Corporation
    Inventors: Fangfei Liu, Alaa Alameldeen, Abhishek Basak, Ron Gabor, Francis McKeen, Joseph Nuzman, Carlos Rozas, Igor Yanover, Xiang Zou
  • Patent number: 10878134
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: December 29, 2020
    Assignee: INTEL CORPORATION
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20200372188
    Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.
    Type: Application
    Filed: August 14, 2020
    Publication date: November 26, 2020
    Applicant: Intel Corporation
    Inventors: Abhishek Basak, Pradeep Pappachan, Siddhartha Chhabra, Alpa Narendra Trivedi, Erdem Aktas, Ravi Sahita
  • Patent number: 10783089
    Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: September 22, 2020
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, Prashant Dewan, Abhishek Basak, David M. Durham
  • Patent number: 10761996
    Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: September 1, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi Sahita, Rajesh Sankaran, Siddhartha Chhabra, Abhishek Basak, Krystof Zmudzinski, Rupin Vakharwala
  • Publication number: 20200272474
    Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.
    Type: Application
    Filed: June 17, 2019
    Publication date: August 27, 2020
    Applicant: Intel Corporation
    Inventors: Ron Gabor, Alaa Alameldeen, Abhishek Basak, Fangfei Liu, Francis McKeen, Joseph Nuzman, Carlos Rozas, Igor Yanover, Xiang Zou
  • Publication number: 20200159969
    Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.
    Type: Application
    Filed: November 18, 2019
    Publication date: May 21, 2020
    Inventors: Vedvyas Shanbhogue, Utkarsh Y. Kakaiya, Ravi Sahita, Abhishek Basak, Pradeep Pappachan, Erdem Aktas
  • Patent number: 10536264
    Abstract: Embodiments include a computing processor control flow enforcement system including a processor, a block cipher encryption circuit, and an exclusive-OR (XOR) circuit. The control flow enforcement system uses a block cipher encryption to authenticate a return address when returning from a call or interrupt. The block cipher encryption circuit executes a block cipher encryption on a first number including an identifier to produce a first encrypted result and executes a block cipher encryption on a second number including a return address and a stack location pointer to produce a second encrypted result. The XOR circuit performs an XOR operation on the first encrypted result and the second encrypted result to produce a message authentication code tag.
    Type: Grant
    Filed: December 28, 2016
    Date of Patent: January 14, 2020
    Assignee: Intel Corporation
    Inventors: Santosh Ghosh, Manoj R Sastry, Jesse R. Walker, Ravi L. Sahita, Abhishek Basak, Vedvyas Shanbhogue, David M. Durham
  • Publication number: 20190318082
    Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.
    Type: Application
    Filed: June 26, 2019
    Publication date: October 17, 2019
    Applicant: INTEL CORPORATION
    Inventors: ABHISHEK BASAK, RAVI SAHITA, VEDVYAS SHANBHOGUE
  • Publication number: 20190311123
    Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.
    Type: Application
    Filed: June 18, 2019
    Publication date: October 10, 2019
    Inventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
  • Publication number: 20190228155
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.
    Type: Application
    Filed: March 29, 2019
    Publication date: July 25, 2019
    Inventors: Abhishek Basak, Li Chen, Salmin Sultana, Anna Trikalinou, Erdem Aktas, Saeedeh Komijani
  • Publication number: 20190227827
    Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.
    Type: Application
    Filed: March 29, 2019
    Publication date: July 25, 2019
    Inventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
  • Publication number: 20190228145
    Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.
    Type: Application
    Filed: March 30, 2019
    Publication date: July 25, 2019
    Inventors: Vedvyas Shanbhogue, Ravi Sahita, Abhishek Basak, Pradeep Pappachan, Utkarsh Kakaiya, Ravi Sahita, Rupin Vakharwala
  • Patent number: 10360374
    Abstract: Various embodiments are generally directed to techniques for control flow protection with minimal performance overhead, such as by utilizing one or more micro-architectural optimizations to implement a shadow stack (SS) to verify a return address before returning from a function call, for instance. Some embodiments are particularly directed to a computing platform, such as an internet of things (IoT) platform, that overlaps or parallelizes one or more SS access operations with one or more data stack (DS) access operations.
    Type: Grant
    Filed: May 25, 2017
    Date of Patent: July 23, 2019
    Assignee: INTEL CORPORATION
    Inventors: Abhishek Basak, Ravi L. Sahita, Vedvyas Shanbhogue