Patents by Inventor Anna Trikalinou
Anna Trikalinou has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12019562Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.Type: GrantFiled: September 22, 2021Date of Patent: June 25, 2024Assignee: Intel CorporationInventors: Michael D. LeMay, David M. Durham, Anjo Lucas Vahldiek-Oberwagner, Anna Trikalinou
-
Patent number: 12001346Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.Type: GrantFiled: December 18, 2020Date of Patent: June 4, 2024Assignee: Intel CorporationInventors: Thomas Unterluggauer, Alaa Alameldeen, Scott Constable, Fangfei Liu, Francis McKeen, Carlos Rozas, Anna Trikalinou
-
Patent number: 11921646Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.Type: GrantFiled: June 16, 2022Date of Patent: March 5, 2024Assignee: Intel CorporationInventors: David Koufaty, Rajesh Sankaran, Anna Trikalinou, Rupin Vakharwala
-
Patent number: 11836094Abstract: A method comprises identifying a first page in a computer readable memory communicatively coupled to the apparatus that has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses, the first page in the computer readable memory comprising at least one encrypted data object, and set a page table entry bit for the first page to a first value which indicates that at least one memory allocation in the first page has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses.Type: GrantFiled: March 21, 2022Date of Patent: December 5, 2023Assignee: INTEL CORPORATIONInventors: David M. Durham, Anna Trikalinou, Michael LeMay
-
Publication number: 20230297725Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.Type: ApplicationFiled: May 22, 2023Publication date: September 21, 2023Inventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
-
Patent number: 11755500Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.Type: GrantFiled: December 26, 2020Date of Patent: September 12, 2023Assignee: Intel CorporationInventors: Anna Trikalinou, Abhishek Basak
-
Patent number: 11625275Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.Type: GrantFiled: December 2, 2020Date of Patent: April 11, 2023Assignee: INTEL CORPORATIONInventors: Krystof Zmudzinski, Siddhartha Chhabra, Reshma Lal, Alpa Narendra Trivedi, Luis S. Kida, Pradeep M. Pappachan, Abhishek Basak, Anna Trikalinou
-
Patent number: 11526451Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.Type: GrantFiled: December 23, 2020Date of Patent: December 13, 2022Assignee: Intel CorporationInventors: David Koufaty, Anna Trikalinou, Utkarsh Y. Kakaiya, Ravi Sahita, Ramya Jayaram Masti
-
Publication number: 20220309008Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes memory for storage of data, an IOMMU coupled to the memory, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the memory, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the memory pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the memory within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.Type: ApplicationFiled: June 16, 2022Publication date: September 29, 2022Applicant: Intel CorporationInventors: David Koufaty, Rajesh Sankaran, Anna Trikalinou, Rupin Vakharwala
-
Patent number: 11455392Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.Type: GrantFiled: March 29, 2019Date of Patent: September 27, 2022Assignee: Intel CorporationInventors: Abhishek Basak, Li Chen, Salmin Sultana, Anna Trikalinou, Erdem Aktas, Saeedeh Komijani
-
Patent number: 11416415Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.Type: GrantFiled: June 18, 2019Date of Patent: August 16, 2022Assignee: INTEL CORPORATIONInventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya
-
Patent number: 11392511Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes DRAM for storage of data, an IOMMU coupled to the DRAM, and a host-to-device link to couple the IOMMU with one or more devices and to operate as a translation agent on behalf of one or more devices in connection with memory operations relating to the DRAM, including receiving a translated request from a discrete device via the host-to-device link specifying a memory operation and a physical address within the DRAM pertaining to the memory operation, determining page access permissions assigned to a context of the discrete device for a physical page of the DRAM within which the physical address resides, allowing the memory operation to proceed when the page access permissions permit the memory operation, and blocking the memory operation when the page access permissions do not permit the memory operation.Type: GrantFiled: September 25, 2019Date of Patent: July 19, 2022Assignee: Intel CorporationInventors: David Koufaty, Rajesh Sankaran, Anna Trikalinou, Rupin Vakharwala
-
Publication number: 20220206958Abstract: An apparatus comprising a processor unit comprising circuitry to generate, for a first network host, a request for an object of a second network host, wherein the request comprises an address comprising a routable host ID of the second network host and an at least partially encrypted object ID, wherein the address uniquely identifies the object within a distributed computing domain; and a memory element to store at least a portion of the object.Type: ApplicationFiled: September 22, 2021Publication date: June 30, 2022Applicant: Intel CorporationInventors: Michael D. LeMay, David M. Durham, Anjo Lucas Vahldiek-Oberwagner, Anna Trikalinou
-
Publication number: 20220206960Abstract: A method comprises identifying a first page in a computer readable memory communicatively coupled to the apparatus that has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses, the first page in the computer readable memory comprising at least one encrypted data object, and set a page table entry bit for the first page to a first value which indicates that at least one memory allocation in the first page has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses.Type: ApplicationFiled: March 21, 2022Publication date: June 30, 2022Applicant: Intel CorporationInventors: David M. Durham, Anna Trikalinou, Michael LeMay
-
Patent number: 11373013Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.Type: GrantFiled: December 28, 2018Date of Patent: June 28, 2022Assignee: INTEL CORPORATIONInventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
-
Publication number: 20220200783Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.Type: ApplicationFiled: December 18, 2020Publication date: June 23, 2022Applicant: Intel CorporationInventors: Thomas Unterluggauer, Alaa Alameldeen, Scott Constable, Fangfei Liu, Francis McKeen, Carlos Rozas, Anna Trikalinou
-
Patent number: 11354415Abstract: Technologies disclosed herein provide mitigations against warm boot attacks on memory modules. For instance, in one embodiment, a non-volatile dual in-line memory module (NVDIMM) in a host computing system may detect a transition from a low-power state to a full-power state, receive a nonce value from a processor of the host computing system after the transition, verify the nonce value, and allow access to data stored on the NVDIMM based on successful verification of the nonce value. In another embodiment, an NVDIMM may be locked in response to detecting a transition from a high-power state to a low-power state in a host computing system. After a transition from the low-power state to the full-power state, the NVDIMM may obtain one or more passphrases, verify the one or more passphrases, and allow access to data stored on the NVDIMM based on successful verification of the one or more passphrases.Type: GrantFiled: June 29, 2019Date of Patent: June 7, 2022Assignee: Intel CorporationInventors: Anna Trikalinou, Daniel S. Lake, Sham M. Datta, Asher M. Altman, John K. Grooms
-
Publication number: 20220100911Abstract: In one embodiment, a read request is received from a peripheral device across an interconnect, with the read request including a process identifier and an encrypted virtual address. One or more keys are obtained based on the process identifier of the read request, and the encrypted virtual address of the read request is decrypted based on the one or more keys to obtain an unencrypted virtual address. Encrypted data is retrieved from memory based on the unencrypted virtual address, and the encrypted data is decrypted based on the one or more keys to obtain plaintext data. The plaintext data is transmitted to the peripheral device across the interconnect.Type: ApplicationFiled: December 10, 2021Publication date: March 31, 2022Applicant: Intel CorporationInventors: Anna Trikalinou, Abhishek Basak, Rupin H. Vakharwala, Utkarsh Y. Kakaiya
-
Publication number: 20220092223Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.Type: ApplicationFiled: October 29, 2021Publication date: March 24, 2022Applicant: Intel CorporationInventors: Luis Kida, Krystof Zmudzinski, Reshma Lal, Pradeep Pappachan, Abhishek Basak, Anna Trikalinou
-
Publication number: 20220091998Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.Type: ApplicationFiled: December 6, 2021Publication date: March 24, 2022Applicant: Intel CorporationInventors: Reshma Lal, Pradeep M. Pappachan, Luis Kida, Krystof Zmudzinski, Siddhartha Chhabra, Abhishek Basak, Alpa Narendra Trivedi, Anna Trikalinou, David M. Lee, Vedvyas Shanbhogue, Utkarsh Y. Kakaiya