Patents by Inventor MELTEM OZSOY

MELTEM OZSOY has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11204874
    Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: December 21, 2021
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Raghunandan Makaram, Ilya Alexandrovich, Ittai Anati, Meltem Ozsoy
  • Publication number: 20210200551
    Abstract: An apparatus and method for tracking speculative execution flow and detecting potential vulnerabilities.
    Type: Application
    Filed: December 27, 2019
    Publication date: July 1, 2021
    Applicant: Intel Corporation
    Inventors: CARLOS ROZAS, FRANCIS MCKEEN, PASQUALE COCCHINI, MELTEM OZSOY, MATTHEW FERNANDEZ
  • Patent number: 11030120
    Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.
    Type: Grant
    Filed: June 27, 2019
    Date of Patent: June 8, 2021
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Simon P. Johnson, Raghunandan Makaram, Francis X. McKeen, Carlos V. Rozas, Meltem Ozsoy, Ilya Alexandrovich, Siddhartha Chhabra
  • Publication number: 20210064546
    Abstract: A processor includes a cryptographic engine to control access, using an secure region key identifier (ID), to one or more memory range of memory allocable for flexible conversion to secure pages of architecturally-protected memory regions, and a processor core. The processor core is to, responsive to receipt of a request to access the memory, perform a walk of page tables and extended page tables to translate a linear address of the request to a physical address of the memory. The processor core is further to determine that the physical address corresponds to an secure page within the one or more memory range of the memory, that a first key ID located within the physical address does not match the secure region key ID, and issue a page fault and deny access to the secure page in the memory.
    Type: Application
    Filed: June 27, 2019
    Publication date: March 4, 2021
    Inventors: Krystof C. Zmudzinski, Simon P. Johnson, Raghunandan Makaram, Francis X. McKeen, Carlos V. Rozas, Meltem Ozsoy, Ilya Alexandrovich, Siddhartha Chhabra
  • Patent number: 10922088
    Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: February 16, 2021
    Assignee: Intel Corporation
    Inventors: Fangfei Liu, Bin Xing, Michael Steiner, Mona Vij, Carlos Rozas, Francis McKeen, Meltem Ozsoy, Matthew Fernandez, Krystof Zmudzinski, Mark Shanahan
  • Publication number: 20200409711
    Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault and/or cache-based side-channel attacks. In an embodiment, a processor includes a decoder to decode an instruction into a decoded instruction, the instruction comprising a first field that indicates an instruction pointer to a user-level event handler; and an execution unit to execute the decoded instruction to, after a swap of an instruction pointer that indicates where an event occurred from a current instruction pointer register into a user-level event handler pointer register, push the instruction pointer that indicates where the event occurred onto call stack storage, and change a current instruction pointer in the current instruction pointer register to the instruction pointer to the user-level event handler.
    Type: Application
    Filed: June 29, 2019
    Publication date: December 31, 2020
    Inventors: Scott Constable, Fangfei Liu, Bin Xing, Michael Steiner, Mona Vij, Carlos Rozas, Francis X. McKeen, Meltem Ozsoy, Matthew Fernandez, Krystof Zmudzinski, Mark Shanahan
  • Publication number: 20200233807
    Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processor core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
    Type: Application
    Filed: April 2, 2020
    Publication date: July 23, 2020
    Inventors: Vedvyas Shanbhogue, Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Raghunandan Makaram, Ilya Alexandrovich, Ittai Anati, Meltem Ozsoy
  • Patent number: 10671542
    Abstract: Apparatuses, methods and storage medium associated with application execution enclave memory page cache management, are disclosed herein. In embodiments, an apparatus may include a processor with processor supports for application execution enclaves; memory organized into a plurality of host physical memory pages; and a virtual machine monitor to be operated by the processor to manage operation of virtual machines. Management of operation of the virtual machines may include facilitation of mapping of virtual machine-physical memory pages of the virtual machines to the host physical memory pages, including maintenance of an unallocated subset of the host physical memory pages to receive increased security protection for selective allocation to the virtual machines, for virtualization and selective allocation to application execution enclaves of applications of the virtual machines. Other embodiments may be described and/or claimed.
    Type: Grant
    Filed: July 1, 2016
    Date of Patent: June 2, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ittai Anati, Francis X. McKeen, Krystof C. Zmudzinski, Meltem Ozsoy
  • Patent number: 10628315
    Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
    Type: Grant
    Filed: September 28, 2017
    Date of Patent: April 21, 2020
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Raghunandan Makaram, Ilya Alexandrovich, Ittai Anati, Meltem Ozsoy
  • Patent number: 10552344
    Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: February 4, 2020
    Assignee: Intel Corporation
    Inventors: Carlos V. Rozas, Ittai Anati, Francis X. McKeen, Krystof Zmudzinski, Ilya Alexandrovich, Somnath Chakrabarti, Dror Caspi, Meltem Ozsoy
  • Patent number: 10540291
    Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: January 21, 2020
    Assignee: Intel Corporation
    Inventors: Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Rebekah M. Leslie-Hurd, Meltem Ozsoy, Somnath Chakrabarti, Mona Vij
  • Publication number: 20200004552
    Abstract: Detailed herein are systems, apparatuses, and methods for a computer architecture with instruction set support to mitigate against page fault- and/or cache-based side-channel attacks. In an embodiment, an apparatus includes a decoder to decode a first instruction, the first instruction having a first field for a first opcode that indicates that execution circuitry is to set a first flag in a first register that indicates a mode of operation that redirects program flow to an exception handler upon the occurrence of an event. The apparatus further includes execution circuitry to execute the decoded first instruction to set the first flag in the first register that indicates the mode of operation and to store an address of an exception handler in a second register.
    Type: Application
    Filed: June 29, 2018
    Publication date: January 2, 2020
    Inventors: Fangfei LIU, Bin XING, Michael STEINER, Mona VIJ, Carlos ROZAS, Francis MCKEEN, Meltem OZSOY, Matthew FERNANDEZ, Krystof ZMUDZINSKI, Mark SHANAHAN
  • Publication number: 20190196982
    Abstract: A secure enclave circuit stores an enclave page cache map to track contents of a secure enclave in system memory that stores secure data containing a page having a virtual address. An execution unit is to, in response to a request to evict the page from the secure enclave: block creation of translations of the virtual address; record one or more hardware threads currently accessing the secure data in the secure enclave; send an inter-processor interrupt to one or more cores associated with the one or more hardware threads, to cause the one or more hardware threads to exit the secure enclave and to flush translation lookaside buffers of the one or more cores; and in response to detection of a page fault associated with the virtual address for the page in the secure enclave, unblock the creation of translations of the virtual address.
    Type: Application
    Filed: December 26, 2017
    Publication date: June 27, 2019
    Inventors: Carlos V. ROZAS, Ittai ANATI, Francis X. MCKEEN, Krystof ZMUDZINSKI, Ilya ALEXANDROVICH, Somnath CHAKRABARTI, Dror CASPI, Meltem OZSOY
  • Publication number: 20190102324
    Abstract: Cache behavior for secure memory repartitioning systems is described. Implementations may include a processing core and a memory controller coupled between the processor core and a memory device. The processor core is to receive a memory access request to a page in the memory device, the memory access request comprising a first guarded attribute (GA) indicator indicating whether the page is a secure page belonging to an enclave, determine whether the first GA indicator matches a second GA indicator in a cache line entry corresponding to the page, the cache line entry comprised in a cache, and responsive to a determination that the first GA indicator does not match the second GA indicator, apply an eviction policy to the cache line entry based on whether the cache line is indicated as a dirty cache line and accessing second data in the memory device for the page.
    Type: Application
    Filed: September 29, 2017
    Publication date: April 4, 2019
    Inventors: Meltem Ozsoy, Krystof C. Zmudzinski, Larisa Novakovsky, Julius Mandelblat, Francis X. McKeen, Carlos V. Rozas, Ittai Anati, Ilya Alexandrovich
  • Publication number: 20190095334
    Abstract: Secure memory repartitioning technologies are described. Embodiments of the disclosure may include a processing device including a processing core and a memory controller coupled between the processor core and a memory device. The memory device includes a memory range including a section of convertible pages that are convertible to secure pages or non-secure pages. The processor core is to receive a non-secure access request to a page in the memory device, responsive to a determination, based on one or more secure state bits in one or more secure state bit arrays, that the page is a secure page, insert an abort page address into a translation lookaside buffer, and responsive to a determination, based on the one or more secure state bits in the one or more secure state bit arrays, that the page is a non-secure page, insert the page into the translation lookaside buffer.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Inventors: Vedvyas Shanbhogue, Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Raghunandan Makaram, Ilya Alexandrovich, Ittai Anati, Meltem Ozsoy
  • Publication number: 20190095357
    Abstract: A system includes a processor core and main memory. The processor core is to, in response to execution of a patch-load instruction, retrieve, from a predetermined area of the main memory, memory protection metadata and a memory range of reserved memory, wherein the reserved memory is not flexibly convertible to enclave pages. The processor core is further to retrieve a bit from an architectural control register, wherein a value of the bit is to indicate whether an operating system is capable of management of flexibly-convertible enclave pages. The processor core is further to activate, using the memory protection metadata and one of the first information or the second information, a mode of protected memory management for the processor core in response to the value of the bit in the architectural control register.
    Type: Application
    Filed: September 28, 2017
    Publication date: March 28, 2019
    Inventors: Meltem OZSOY, Vedvyas SHANBHOGUE, Krystof C. ZMUDZINSKI, Francis X. MCKEEN, Carlos V. ROZAS, Ilya ALEXANDROVICH, Ittai ANATI, Raghunandan MAKARAM, Dror CASPI, Hisham SHAFI
  • Publication number: 20180329829
    Abstract: Translation lookaside buffer (TLB) tracking and managing technologies are described. A processing device comprises a translation lookaside buffer (TLB) and a processing core to execute a virtual machine monitor (VMM), the VMM to manage a virtual machine (VM) including virtual processors. The processing core to execute, via the VM, a plurality of conversion instructions on at least one of the virtual processors to convert a plurality of non-secure pages to a plurality of secure pages. The processing core also to execute, via the VM, one or more allocation instructions on the at least one of the virtual processors to allocate at least one secure page of the plurality of secure pages, execution of the one or more allocation instructions to include determining whether the TLB is cleared of mappings to the at least one secure page prior to allocating the at least one secure page.
    Type: Application
    Filed: May 10, 2017
    Publication date: November 15, 2018
    Inventors: Krystof C. Zmudzinski, Carlos V. Rozas, Francis X. McKeen, Rebekah M. Leslie-Hurd, Meltem Ozsoy, Somnath Chakrabarti, Mona Vij
  • Publication number: 20180004675
    Abstract: Apparatuses, methods and storage medium associated with application execution enclave memory page cache management, are disclosed herein. In embodiments, an apparatus may include a processor with processor supports for application execution enclaves; memory organized into a plurality of host physical memory pages; and a virtual machine monitor to be operated by the processor to manage operation of virtual machines. Management of operation of the virtual machines may include facilitation of mapping of virtual machine-physical memory pages of the virtual machines to the host physical memory pages, including maintenance of an unallocated subset of the host physical memory pages to receive increased security protection for selective allocation to the virtual machines, for virtualization and selective allocation to application execution enclaves of applications of the virtual machines. Other embodiments may be described and/or claimed.
    Type: Application
    Filed: July 1, 2016
    Publication date: January 4, 2018
    Inventors: VEDVYAS SHANBHOGUE, ITTAI ANATI, FRANCIS X. MCKEEN, KRYSTOF C. ZMUDZINSKI, MELTEM OZSOY