Patents by Inventor Michael A. Kozuch

Michael A. Kozuch has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8751752
    Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: June 10, 2014
    Assignee: Intel Corporation
    Inventors: Eric C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
  • Patent number: 8543772
    Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
    Type: Grant
    Filed: December 2, 2010
    Date of Patent: September 24, 2013
    Assignee: Intel Corporation
    Inventors: Eric C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
  • Publication number: 20130212313
    Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
    Type: Application
    Filed: March 15, 2013
    Publication date: August 15, 2013
    Inventors: Eric C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
  • Patent number: 8407476
    Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.
    Type: Grant
    Filed: November 10, 2009
    Date of Patent: March 26, 2013
    Assignee: Intel Corporation
    Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
  • Patent number: 8386788
    Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.
    Type: Grant
    Filed: November 10, 2009
    Date of Patent: February 26, 2013
    Assignee: Intel Corporation
    Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
  • Publication number: 20120117300
    Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
    Type: Application
    Filed: December 2, 2010
    Publication date: May 10, 2012
    Inventors: Erik C. Cota-Robles, Andy Glew, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
  • Patent number: 7921293
    Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value to establish security verification of secure software within the secure memory environment.
    Type: Grant
    Filed: January 24, 2006
    Date of Patent: April 5, 2011
    Assignee: Intel Corporation
    Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock, Gilbert Neiger, Richard A. Uhlig, Bradley G. Burgess, David I. Poisner, Clifford D. Hall, Andy Glew, Lawrence O. Smith, III, Robert George
  • Patent number: 7865670
    Abstract: One embodiment of the present invention is a technique to invalidate entries in a translation lookaside buffer (TLB). A TLB in a processor has a plurality of TLB entries. Each TLB entry is associated with a virtual machine extension (VMX) tag word indicating if the associated TLB entry is invalidated according to a processor mode when an invalidation operation is performed. The processor mode is one of execution in a virtual machine (VM) and execution not in a virtual machine.
    Type: Grant
    Filed: October 25, 2004
    Date of Patent: January 4, 2011
    Assignee: Intel Corporation
    Inventors: Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Gilbert Neiger, Richard Uhlig
  • Patent number: 7793286
    Abstract: Methods and systems are provided to control transitions between a virtual machine (VM) and Virtual Machine Monitor (VMM). A processor uses state action indicators to load and/or store associated elements of machine state before completing the transition. The state action indicators may be stored in a Virtual Machine Control Structure (VMCS), predetermined, and/or calculated dynamically. In some embodiments, the values loaded can be directly acquired from the VMCS, predetermined and/or calculated dynamically. In some embodiments, the values stored may be acquired directly from machine state, predetermined and/or calculated dynamically.
    Type: Grant
    Filed: December 19, 2002
    Date of Patent: September 7, 2010
    Assignee: Intel Corporation
    Inventors: Steven M. Bennett, Gilbert Neiger, Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Richard A. Uhlig
  • Publication number: 20100058075
    Abstract: A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state.
    Type: Application
    Filed: November 10, 2009
    Publication date: March 4, 2010
    Inventors: Michael A. Kozuch, James A. Sutton, David Grawrock
  • Publication number: 20100058076
    Abstract: An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state.
    Type: Application
    Filed: November 10, 2009
    Publication date: March 4, 2010
    Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock
  • Patent number: 7631196
    Abstract: A method and apparatus is provided in which a trustable operating system is loaded into a region in memory. A start secure operation (SSO) triggers a join secure operation (JSO) to halt all but one central processing unit (CPU) in a multi-processor computer. The SSO causes the active CPU to load a component of an operating system into a specified region in memory, register the identity of the loaded operating system by recording a cryptographic hash of the contents of the specified region in memory, begin executing at a known entry point in the specified region and trigger the JSO to cause the halted CPUs to do the same.
    Type: Grant
    Filed: February 25, 2002
    Date of Patent: December 8, 2009
    Assignee: Intel Corporation
    Inventors: Michael A. Kozuch, James A. Sutton, David Grawrock
  • Patent number: 7437542
    Abstract: A conjugate processor includes an instruction set architecture (ISA) visible portion having a main pipeline, and an h-flow portion having an h-flow pipeline. The binary executed on the conjugate processor includes an essential portion that is executed on the main pipeline and a non-essential portion that is executed on the h-flow pipeline. The non-essential portion includes hint calculus that is used to provide hints to the main pipeline. The conjugate processor also includes a conjugate mapping table that maps triggers to h-flow targets. Triggers can be instruction attributes, data attributes, state attributes or event attributes. When a trigger is satisfied, the h-flow code specified by the target is executed in the h-flow pipeline.
    Type: Grant
    Filed: January 13, 2006
    Date of Patent: October 14, 2008
    Assignee: Intel Corporation
    Inventors: Hong Wang, Ralph Kling, Yong-Fong Lee, David A. Berson, Michael A. Kozuch, Konrad Lai
  • Patent number: 7318141
    Abstract: Methods and systems are provided to control the execution of a virtual machine (VM). A VM Monitor (VMM) accesses VM Control Structures (VMCS) indirectly through access instructions passed to a processor. In one embodiment, the access instructions include VMCS component identifiers used by the processor to determine the appropriate storage location for the VMCS components. The processor identifies the appropriate storage location for the VMCS component within the processor storage or within memory.
    Type: Grant
    Filed: December 17, 2002
    Date of Patent: January 8, 2008
    Assignee: Intel Corporation
    Inventors: Steve M. Bennett, Gilbert Neiger, Erik C. Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Michael A. Kozuch, Richard A. Uhlig, Larry Smith, Dion Rodgers, Andrew Glew, Erich Boleyn
  • Patent number: 7308576
    Abstract: An authenticated code module comprises a value that attests to the authenticity of the module. The value is encrypted with a key corresponding to a key of a computing device that is to execute the module.
    Type: Grant
    Filed: December 31, 2001
    Date of Patent: December 11, 2007
    Assignee: Intel Corporation
    Inventors: Andrew F. Glew, James A. Sutton, Lawrence O. Smith, David W. Grawrock, Gilbert Neiger, Michael A. Kozuch
  • Patent number: 7127548
    Abstract: In one embodiment, a command pertaining to one or more portions of a register is received from guest software. Further, a determination is made as to whether the guest software has access to all of the requested portions of the register based on indicators within a mask field that correspond to the requested portions of the register. If the guest software has access to all of the requested portions of the register, the command received from the guest software is executed on the requested portions of the register.
    Type: Grant
    Filed: April 16, 2002
    Date of Patent: October 24, 2006
    Assignee: Intel Corporation
    Inventors: Steve Bennett, Andrew V. Anderson, Erik Cota-Robles, Stalinselvaraj Jeyasingh, Alain Kagi, Gilbert Neiger, Richard Uhlig, Michael A. Kozuch
  • Patent number: 7124273
    Abstract: A method and an apparatus are used to efficiently translate memory addresses. The translation scheme yields a translated address, a memory type for the translated address, and a fault bit for the translation.
    Type: Grant
    Filed: February 25, 2002
    Date of Patent: October 17, 2006
    Assignee: Intel Corporation
    Inventors: Andy Glew, Michael A. Kozuch, Erich S. Boleyn, Lawrence O. Smith, III, Gilbert Neiger, Richard Uhlig
  • Patent number: 7124327
    Abstract: In one embodiment, fault information relating to a fault associated with the operation of guest software is received. Further, a determination is made as to whether the fault information satisfies one or more filtering criterion. If the determination is positive, control remains with the guest software and is not transferred to the virtual machine monitor (VMM).
    Type: Grant
    Filed: June 29, 2002
    Date of Patent: October 17, 2006
    Assignee: Intel Corporation
    Inventors: Steve Bennett, Andrew V. Anderson, Stalinselvaraj Jeyasingh, Alain Kagi, Gilbert Neiger, Richard Uhlig, Xiang Zou, Michael A. Kozuch
  • Patent number: 7024555
    Abstract: An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.
    Type: Grant
    Filed: November 1, 2001
    Date of Patent: April 4, 2006
    Assignee: Intel Corporation
    Inventors: Michael A. Kozuch, James A. Sutton, II, David Grawrock, Gilbert Neiger, Richard A. Uhlig, Bradley G. Burgess, David I. Poisner, Clifford D. Hall, Andy Glew, Lawrence O. Smith, III, Robert George
  • Patent number: 7020766
    Abstract: A conjugate processor includes an instruction set architecture (ISA) visible portion having a main pipeline, and an h-flow portion having an h-flow pipeline. The binary executed on the conjugate processor includes an essential portion that is executed on the main pipeline and a non-essential portion that is executed on the h-flow pipeline. The non-essential portion includes hint calculus that is used to provide hints to the main pipeline. The conjugate processor also includes a conjugate mapping table that maps triggers to h-flow targets. Triggers can be instruction attributes, data attributes, state attributes or event attributes. When a trigger is satisfied, the h-flow code specified by the target is executed in the h-flow pipeline.
    Type: Grant
    Filed: May 30, 2000
    Date of Patent: March 28, 2006
    Assignee: Intel Corporation
    Inventors: Hong Wang, Ralph Kling, Yong-Fong Lee, David A. Berson, Michael A. Kozuch, Konrad Lai