Patents by Inventor Michael A. Kozuch
Michael A. Kozuch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8751752Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.Type: GrantFiled: March 15, 2013Date of Patent: June 10, 2014Assignee: Intel CorporationInventors: Eric C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
-
Patent number: 8543772Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.Type: GrantFiled: December 2, 2010Date of Patent: September 24, 2013Assignee: Intel CorporationInventors: Eric C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
-
Publication number: 20130212313Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.Type: ApplicationFiled: March 15, 2013Publication date: August 15, 2013Inventors: Eric C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
-
Patent number: 8407476Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.Type: GrantFiled: November 10, 2009Date of Patent: March 26, 2013Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Patent number: 8386788Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.Type: GrantFiled: November 10, 2009Date of Patent: February 26, 2013Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Publication number: 20120117300Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.Type: ApplicationFiled: December 2, 2010Publication date: May 10, 2012Inventors: Erik C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
-
Patent number: 7921293Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.Type: GrantFiled: January 24, 2006Date of Patent: April 5, 2011Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock, Gilbert Neiger, Richard A. Uhlig, Bradley G. Burgess, David I. Poisner, Clifford D. Hall, Andy Glew, Lawrence O. Smith, III, Robert George
-
Patent number: 7865670Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.Type: GrantFiled: October 25, 2004Date of Patent: January 4, 2011Assignee: Intel CorporationInventors: Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
-
Patent number: 7793286Abstract: Methods and systems are provided to control transitions between a virtual machine (VM) and Virtual Machine Monitor (VMM). A processor uses state action indicators to load and/or store associated elements of machine state before completing the transition. The state action indicators may be stored in a Virtual Machine Control Structure (VMCS), predetermined, and/or calculated dynamically. In some embodiments, the values loaded can be directly acquired from the VMCS, predetermined and/or calculated dynamically. In some embodiments, the values stored may be acquired directly from machine state, predetermined and/or calculated dynamically.Type: GrantFiled: December 19, 2002Date of Patent: September 7, 2010Assignee: Intel CorporationInventors: Steven M. Bennett, Gilbert Neiger, Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Richard A. Uhlig
-
Publication number: 20100058075Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.Type: ApplicationFiled: November 10, 2009Publication date: March 4, 2010Inventors: Michael A. Kozuch, James A. Sutton, David Grawrock
-
Publication number: 20100058076Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.Type: ApplicationFiled: November 10, 2009Publication date: March 4, 2010Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
-
Patent number: 7631196Abstract: A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.Type: GrantFiled: February 25, 2002Date of Patent: December 8, 2009Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, David Grawrock
-
Patent number: 7437542Abstract: A conjugate processor includes an instruction set architecture (ISA) visible portion having a main pipeline, and an h-flow portion having an h-flow pipeline. The binary executed on the conjugate processor includes an essential portion that is executed on the main pipeline and a non-essential portion that is executed on the h-flow pipeline. The non-essential portion includes hint calculus that is used to provide hints to the main pipeline. The conjugate processor also includes a conjugate mapping table that maps triggers to h-flow targets. Triggers can be instruction attributes, data attributes, state attributes or event attributes. When a trigger is satisfied, the h-flow code specified by the target is executed in the h-flow pipeline.Type: GrantFiled: January 13, 2006Date of Patent: October 14, 2008Assignee: Intel CorporationInventors: Hong Wang, Ralph Kling, Yong-Fong Lee, David A. Berson, Michael A. Kozuch, Konrad Lai
-
Patent number: 7318141Abstract: Methods and systems are provided to control the execution of a virtual machine (VM). A VM Monitor (VMM) accesses VM Control Structures (VMCS) indirectly through access instructions passed to a processor. In one embodiment, the access instructions include VMCS component identifiers used by the processor to determine the appropriate storage location for the VMCS components. The processor identifies the appropriate storage location for the VMCS component within the processor storage or within memory.Type: GrantFiled: December 17, 2002Date of Patent: January 8, 2008Assignee: Intel CorporationInventors: Steve M. Bennett, Gilbert Neiger, Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Richard A. Uhlig, Larry Smith, Dion Rodgers, Andrew Glew, Erich Boleyn
-
Patent number: 7308576Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.Type: GrantFiled: December 31, 2001Date of Patent: December 11, 2007Assignee: Intel CorporationInventors: Andrew F. Glew, James A. Sutton, Lawrence O. Smith, David W. Grawrock, Gilbert Neiger, Michael A. Kozuch
-
Patent number: 7127548Abstract: In one embodiment, a command pertaining to one or more portions of a register is received from guest software. Further, a determination is made as to whether the guest software has access to all of the requested portions of the register based on indicators within a mask field that correspond to the requested portions of the register. If the guest software has access to all of the requested portions of the register, the command received from the guest software is executed on the requested portions of the register.Type: GrantFiled: April 16, 2002Date of Patent: October 24, 2006Assignee: Intel CorporationInventors: Steve Bennett, Andrew V. Anderson, Erik Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Gilbert Neiger, Richard Uhlig, Michael A. Kozuch
-
Patent number: 7124273Abstract: A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.Type: GrantFiled: February 25, 2002Date of Patent: October 17, 2006Assignee: Intel CorporationInventors: Andy Glew, Michael A. Kozuch, Erich S. Boleyn, Lawrence O. Smith, III, Gilbert Neiger, Richard Uhlig
-
Patent number: 7124327Abstract: In one embodiment, fault information relating to a fault associated with the operation of guest software is received. Further, a determination is made as to whether the fault information satisfies one or more filtering criterion. If the determination is positive, control remains with the guest software and is not transferred to the virtual machine monitor (VMM).Type: GrantFiled: June 29, 2002Date of Patent: October 17, 2006Assignee: Intel CorporationInventors: Steve Bennett, Andrew V. Anderson, Stalinselvaraj Jeyasingh, Alain Kagi, Gilbert Neiger, Richard Uhlig, Xiang Zou, Michael A. Kozuch
-
Patent number: 7024555Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.Type: GrantFiled: November 1, 2001Date of Patent: April 4, 2006Assignee: Intel CorporationInventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock, Gilbert Neiger, Richard A. Uhlig, Bradley G. Burgess, David I. Poisner, Clifford D. Hall, Andy Glew, Lawrence O. Smith, III, Robert George
-
Patent number: 7020766Abstract: A conjugate processor includes an instruction set architecture (ISA) visible portion having a main pipeline, and an h-flow portion having an h-flow pipeline. The binary executed on the conjugate processor includes an essential portion that is executed on the main pipeline and a non-essential portion that is executed on the h-flow pipeline. The non-essential portion includes hint calculus that is used to provide hints to the main pipeline. The conjugate processor also includes a conjugate mapping table that maps triggers to h-flow targets. Triggers can be instruction attributes, data attributes, state attributes or event attributes. When a trigger is satisfied, the h-flow code specified by the target is executed in the h-flow pipeline.Type: GrantFiled: May 30, 2000Date of Patent: March 28, 2006Assignee: Intel CorporationInventors: Hong Wang, Ralph Kling, Yong-Fong Lee, David A. Berson, Michael A. Kozuch, Konrad Lai