Patents by Inventor David M. Durham

David M. Durham has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230400996
    Abstract: Some aspects of the present disclosure relate to an apparatus comprising interface circuitry and processor circuitry to write data bits to a memory, by applying a diffusion function on the data bits to calculate diffused data bits, calculating error correcting code (ECC) bits based on the data bits or based on the diffused data bits, applying a diffusion function on the ECC bits to calculate diffused ECC bits, storing the diffused ECC bits in an ECC portion of the memory, and storing the data bits or the diffused data bits in a data portion of the memory.
    Type: Application
    Filed: June 13, 2023
    Publication date: December 14, 2023
    Inventors: Sergej DEUTSCH, David M. DURHAM, Karanvir GREWAL, Raghunandan MAKARAM, Rajat AGARWAL, Christoph DOBRAUNIG, Krystian MATUSIEWICZ, Santosh GHOSH
  • Publication number: 20230402077
    Abstract: The technology described herein includes a first plurality of bijection diffusion function circuits to diffuse data bits into diffused data bits and store the diffused data bits into a memory; an error correcting code (ECC) generation circuit to generate ECC bits for the data bits; and a second plurality of bijection diffusion function circuits to diffuse the ECC bits into diffused ECC bits and store the diffused ECC bits into the memory.
    Type: Application
    Filed: December 22, 2022
    Publication date: December 14, 2023
    Applicant: Intel Corporation
    Inventors: Sergej Deutsch, Christoph Dobraunig, Rajat Agarwal, David M. Durham, Santosh Ghosh, Karanvir Grewal, Krystian Matusiewicz
  • Patent number: 11841806
    Abstract: In one embodiment, a multi-tenant computing system includes at least one processor including a plurality of cores on which a plurality of agents of a plurality of tenants of the multi-tenant computing system are to execute, a configuration storage, and a memory execution circuit. The configuration storage includes a first configuration register to store configuration information associated with the memory execution circuit. The first configuration register is to store a mode identifier to identify a mode of operation of the memory execution circuit. The memory execution circuit, in a first mode of operation, is to receive encrypted data of a first tenant of the plurality of tenants, the encrypted data encrypted by the first tenant, generate an integrity value for the encrypted data, and send the encrypted data and the integrity value to a memory, wherein the integrity value is not visible to the software of the multi-tenant computing system.
    Type: Grant
    Filed: August 2, 2021
    Date of Patent: December 12, 2023
    Assignee: Intel Corporation
    Inventors: Siddhartha Chhabra, David M. Durham
  • Publication number: 20230393769
    Abstract: A processor includes a register to store an encoded pointer for a memory address within a first memory allocation of a plurality of memory allocations in a memory region of a memory. The processor further includes circuitry to receive a memory operation request based on the encoded pointer and to obtain a first tag of a plurality of tags stored in a table in the memory. Each memory allocation of the plurality of memory allocations is associated with a respective one of the plurality of tags stored in the table. The circuitry is to further obtain pointer metadata stored in the encoded pointer and to determine whether to perform a memory operation corresponding to the memory operation request based, at least in part, on a determination of whether the first pointer metadata corresponds to the first tag.
    Type: Application
    Filed: September 30, 2022
    Publication date: December 7, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Sergej Deutsch, Dan Baum
  • Patent number: 11836094
    Abstract: A method comprises identifying a first page in a computer readable memory communicatively coupled to the apparatus that has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses, the first page in the computer readable memory comprising at least one encrypted data object, and set a page table entry bit for the first page to a first value which indicates that at least one memory allocation in the first page has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses.
    Type: Grant
    Filed: March 21, 2022
    Date of Patent: December 5, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Anna Trikalinou, Michael LeMay
  • Patent number: 11829299
    Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 12, 2022
    Date of Patent: November 28, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Michael LeMay, Men Long
  • Patent number: 11829488
    Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits and is derived, at least in part, from the encoded pointer.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: November 28, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
  • Patent number: 11797678
    Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.
    Type: Grant
    Filed: July 23, 2021
    Date of Patent: October 24, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael LeMay, David M. Durham, Men Long
  • Publication number: 20230333994
    Abstract: Embodiments are directed to memory protection with hidden inline metadata. An embodiment of an apparatus includes processor cores; a computer memory for the storage of data; and cache memory communicatively coupled with one or more of the processor cores, wherein one or more processor cores of the plurality of processor cores are to implant hidden inline metadata in one or more cachelines for the cache memory, the hidden inline metadata being hidden at a linear address level.
    Type: Application
    Filed: April 18, 2023
    Publication date: October 19, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Ron Gabor
  • Patent number: 11789737
    Abstract: Systems, methods, and apparatuses for generating a protected stack allocation pointer. In certain examples, a hardware processor core comprises a decoder circuit to decode a single instruction into a decoded single instruction, the single instruction comprising one or more fields to indicate a stack allocation index as an operand, and an opcode to indicate that an execution circuit is to generate a stack allocation pointer to reference an address in a stack and an address in a shadow stack; and an execution circuit to execute the decoded single instruction according to the opcode.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: October 17, 2023
    Assignee: Intel Corporation
    Inventors: Michael Lemay, David M. Durham
  • Patent number: 11782826
    Abstract: A memory controller is to store a unique tag at the mid-point address within each of allocated memory portions. In addition to the tag data, additional metadata may be stored at the mid-point address of the memory allocation. For each memory access operation, an encoded pointer contains information indicative of a size of the memory allocation as well as its own tag data. The processor circuitry compares the tag data included in the encoded pointer with the tag data stored in the memory allocation. If the tag data included in the encoded pointer matches the tag data stored in the memory allocation, the memory operation proceeds. If the tag data included in the encoded pointer fails to match the tag data stored in the memory allocation, an error or exception is generated.
    Type: Grant
    Filed: December 1, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay
  • Patent number: 11784786
    Abstract: Technologies disclosed herein provide one example of a processor that includes a register to store a first encoded pointer for a first memory allocation for an application and circuitry coupled to memory. Size metadata is stored in first bits of the first encoded pointer and first memory address data associated with the first memory allocation is stored in second bits of the first encoded pointer. The circuitry is configured to determine a first memory address of a first marker region in the first memory allocation, obtain current data from the first marker region at the first memory address, compare the current data to a reference marker stored separately from the first memory allocation, and determine that the first memory allocation is in a first state in response to a determination that the current data corresponds to the reference marker.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Sergej Deutsch, David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Michael E. Kounavis
  • Patent number: 11783081
    Abstract: In a method to utilize a secure public cloud, a computer receives a domain manager image and memory position-dependent address information in response to requesting a service from a cloud services provider. The computer also verifies the domain manager image and identifies a key domain key to be used to encrypt data stored in a key domain of a key domain-capable server. The computer also uses the key domain key and the memory-position dependent address information to encrypt a domain launch image such that the encrypted domain launch image is cryptographically bound to at least one memory location of the key domain. The computer also encrypts the key domain key and sends the encrypted domain launch image and the encrypted key domain key to the key domain-capable server, to cause a processor of the key domain-capable server to create the key domain. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 16, 2020
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Ravi L. Sahita, Barry E. Huntley, Nikhil M. Deshpande
  • Patent number: 11782716
    Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.
    Type: Grant
    Filed: November 2, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Michael LeMay, Vedvyas Shanbhogue, Deepak Gupta, Ravi Sahita, David M. Durham, Willem Pinckaers, Enrico Perla
  • Publication number: 20230315648
    Abstract: Systems, methods, and apparatuses for implementing micro-context based trust domains are described. In one example, a system includes a hardware processor core to implement a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain with a region of protected memory, and assign a micro-context identification value, that is not readable by privileged system code that is to execute on the hardware processor core, to each granule of a plurality of granules of physical memory of the protected memory (e.g., where a granule is a proper subset of a page of memory relating to a single object in memory); and a memory management circuit coupled between the hardware processor core and the physical memory, wherein the memory management circuit is to prevent data in the protected memory having a first micro-context identification value from being accessed by code based on the code having a different micro-context identification value.
    Type: Application
    Filed: March 31, 2022
    Publication date: October 5, 2023
    Inventor: David M. Durham
  • Publication number: 20230315857
    Abstract: Implementations describe providing isolation in virtualized systems using trust domains. In one implementation, a processing device includes a memory ownership table (MOT) that is access-controlled against software access. The processing device further includes a processing core to execute a trust domain resource manager (TDRM) to manage a trust domain (TD), maintain a trust domain control structure (TDCS) for managing global metadata for each TD, maintain an execution state of the TD in at least one trust domain thread control structure (TD-TCS) that is access-controlled against software accesses, and reference the MOT to obtain at least one key identifier (key ID) corresponding to an encryption key assigned to the TD, the key ID to allow the processing device to decrypt memory pages assigned to the TD responsive to the processing device executing in the context of the TD, the memory pages assigned to the TD encrypted with the encryption key.
    Type: Application
    Filed: April 5, 2023
    Publication date: October 5, 2023
    Inventors: Ravi L. Sahita, Baiju V. Patel, Barry E. Huntley, Gilbert Neiger, Hormuzd M. Khosravi, Ido Ouziel, David M. Durham, Ioannis T. Schoinas, Siddhartha Chhabra, Carlos V. Rozas, Gideon Gerzon
  • Patent number: 11775447
    Abstract: In one embodiment, an apparatus comprises a processor to read a data line from memory in response to a read request from a VM. The data line comprises encrypted memory data. The apparatus also comprises a memory encryption circuit in the processor. The memory encryption circuit is to use an address of the read request to select an entry from a P2K table; obtain a key identifier from the selected entry of the P2K table; use the key identifier to select a key for the read request; and use the selected key to decrypt the encrypted memory data into decrypted memory data. The processor is further to make the decrypted memory data available to the VM. The P2K table comprises multiple entries, each comprising (a) a key identifier for a page of memory and (b) an encrypted address for that page of memory. Other embodiments are described and claimed.
    Type: Grant
    Filed: October 12, 2021
    Date of Patent: October 3, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Siddhartha Chhabra, Amy L. Santoni, Gilbert Neiger, Barry E. Huntley, Hormuzd M. Khosravi, Baiju V. Patel, Ravi L. Sahita, Gideon Gerzon, Ido Ouziel, Ioannis T. Schoinas, Rajesh M. Sankaran
  • Patent number: 11775332
    Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 22, 2021
    Date of Patent: October 3, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Siddhartha Chhabra, Michael E. Kounavis
  • Patent number: 11768946
    Abstract: A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: September 26, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Ramya Jayaram Masti
  • Patent number: 11741018
    Abstract: An apparatus and method for efficient process-based compartmentalization.
    Type: Grant
    Filed: July 26, 2022
    Date of Patent: August 29, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Jacob Doweck, Michael Lemay, Deepak Gupta