Patents by Inventor Michael LeMay

Michael LeMay has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12360689
    Abstract: An apparatus includes circuitry to receive a memory access request based on a memory address in a memory allocation of a program. The memory allocation is assigned to a slot of memory apportioned into a plurality of slots. The circuitry is to calculate an index based, at least in part, on whether a size of the slot exceeds a slot threshold size, and determine whether a buffer communicatively coupled to the circuitry includes a buffer entry corresponding to the index and containing a set of metadata associated with the memory allocation. Based on the slot size, the circuitry is to calculate the index by either determining a metadata virtual address or by determining a virtual address of a midpoint of the slot. The indexed data may include bounds and tag information for the circuitry to determine if a memory access is within the bounds and matches the tag value.
    Type: Grant
    Filed: March 31, 2023
    Date of Patent: July 15, 2025
    Assignee: Intel Corporation
    Inventors: Yonghae Kim, David M. Durham, Michael LeMay
  • Patent number: 12346463
    Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits derived, at least in part, from the encoded pointer.
    Type: Grant
    Filed: October 31, 2023
    Date of Patent: July 1, 2025
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
  • Publication number: 20250148089
    Abstract: Techniques for instruction prefix encoding for cryptographic computing capability data types are described. In an embodiment, an apparatus includes an instruction decoder to decode a first instruction including a first prefix; and cryptography circuitry to perform a cryptographic operation on data, the cryptographic operation to be based at least in part on the first prefix and a relative enumeration in a pointer to the data.
    Type: Application
    Filed: July 1, 2023
    Publication date: May 8, 2025
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Hans Goran Liljestrand
  • Patent number: 12282567
    Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.
    Type: Grant
    Filed: August 1, 2022
    Date of Patent: April 22, 2025
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
  • Patent number: 12253958
    Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.
    Type: Grant
    Filed: October 7, 2021
    Date of Patent: March 18, 2025
    Assignee: Intel Corporation
    Inventors: Ravi L. Sahita, Gilbert Neiger, Vedvyas Shanbhogue, David M. Durham, Andrew V. Anderson, David A. Koufaty, Asit K. Mallick, Arumugam Thiyagarajah, Barry E. Huntley, Deepak K. Gupta, Michael Lemay, Joseph F. Cihula, Baiju V. Patel
  • Publication number: 20250077647
    Abstract: Techniques for using integrity check value tripwires for memory safety are described. In an embodiment, an apparatus includes an instruction decoder to decode one or more instructions to copy a memory region; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the one or more instructions, including detecting an integrity check value (ICV) mismatch; determining whether a granule in the memory region represents a tripwire; determining a suppression mode associated with the one or more instructions; and in response to determining that the suppression mode allows copying the tripwire, copying the tripwire.
    Type: Application
    Filed: November 30, 2023
    Publication date: March 6, 2025
    Applicant: Intel Corporation
    Inventors: Michael LeMay, Sebastian Osterlund, Floris Cornelis Gorter, Hans Goran Liljestrand, Luis Kida, Gabriel Ferreira Teles Gomes
  • Publication number: 20250068776
    Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.
    Type: Application
    Filed: November 14, 2024
    Publication date: February 27, 2025
    Applicant: Intel Corporation
    Inventors: Michael LeMay, David M. Durham
  • Patent number: 12216922
    Abstract: A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.
    Type: Grant
    Filed: September 16, 2022
    Date of Patent: February 4, 2025
    Assignee: Intel Corporation
    Inventors: Hans G. Liljestrand, Sergej Deutsch, David M. Durham, Michael LeMay, Karanvir S. Grewal
  • Publication number: 20250007706
    Abstract: Techniques for cryptographically enforcing control-flow integrity are described. In certain examples, a processor includes: a cryptographic circuit to encrypt, with a first key, a first code section to be stored in a single page of memory, and to encrypt, with a second key, a second code section to be stored in the single page of memory; decoder circuitry to decode a single instruction into a decoded single instruction, the single instruction comprising a key identifier, an identifier of the second code section, and an opcode that is to indicate execution circuitry is to, when executing the first code section, determine if the key identifier corresponds to the second key, and in response to corresponding, cause the cryptographic circuit to switch to using the second key to decrypt the second code section, and transfer execution from the first code section to the second code section; and the execution circuitry to execute the decoded instruction according to the opcode.
    Type: Application
    Filed: June 28, 2023
    Publication date: January 2, 2025
    Inventors: Pascal Nasahl, Salmin Sultana, Hans Goran Liljestrand, Karanvir Grewal, Michael LeMay, David M. Durham
  • Publication number: 20250005138
    Abstract: Techniques for explicit integrity check value initialization are described. In an embodiment, an apparatus includes an instruction decoder to decode a single instruction to set an integrity check value ICV corresponding to a destination location in a memory; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the single instruction, including storing data indicated by the single instruction into the destination location, and storing the ICV in the memory.
    Type: Application
    Filed: July 1, 2023
    Publication date: January 2, 2025
    Applicant: Intel Corporation
    Inventors: Michael LeMay, David M. Durham
  • Patent number: 12182317
    Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 24, 2021
    Date of Patent: December 31, 2024
    Assignee: Intel Corporation
    Inventors: Michael LeMay, David M. Durham
  • Publication number: 20240354108
    Abstract: Techniques for implementing instructions and modified instruction encodings for checking tags and for interspersing islands of tags in line with bucketed data for locality by a processor are described. In an example, an apparatus includes decoder circuitry and execution circuitry. The decoder circuitry is to decode an instruction into a decoded instruction. The instruction has an opcode to indicate that the execution circuitry is to use metadata and instruction encodings to selectively perform a memory safety check. The execution circuitry is to execute the decoded instruction according to the opcode.
    Type: Application
    Filed: September 29, 2023
    Publication date: October 24, 2024
    Applicant: Intel Corporation
    Inventors: Michael LeMay, David M. Durham, Joseph Cihula, Joseph Nuzman, Dan Baum, Jonathan Combs
  • Publication number: 20240333501
    Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.
    Type: Application
    Filed: March 31, 2023
    Publication date: October 3, 2024
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
  • Publication number: 20240330000
    Abstract: Techniques for implementing forward-edge control-flow integrity (FECFI) using capability instructions in a hardware processor are described. In certain examples, a hardware processor (e.g.
    Type: Application
    Filed: March 31, 2023
    Publication date: October 3, 2024
    Inventors: Scott D. Constable, Michael LeMay
  • Publication number: 20240329861
    Abstract: An apparatus includes circuitry to receive a memory access request based on a memory address in a memory allocation of a program. The memory allocation is assigned to a slot of memory apportioned into a plurality of slots. The circuitry is to calculate an index based, at least in part, on whether a size of the slot exceeds a slot threshold size, and determine whether a buffer communicatively coupled to the circuitry includes a buffer entry corresponding to the index and containing a set of metadata associated with the memory allocation. Based on the slot size, the circuitry is to calculate the index by either determining a metadata virtual address or by determining a virtual address of a midpoint of the slot. The indexed data may include bounds and tag information for the circuitry to determine if a memory access is within the bounds and matches the tag value.
    Type: Application
    Filed: March 31, 2023
    Publication date: October 3, 2024
    Applicant: Intel Corporation
    Inventors: Yonghae Kim, David M. Durham, Michael LeMay
  • Patent number: 12093182
    Abstract: A method comprises receiving, in a store buffer, at least a portion of a store instruction, the at least a portion of the store instruction comprising a data operand and a first object capability register operand which comprises a first object type identifier for a first object, obtaining, from a corresponding load instruction, a second object capability register operand which comprises a second object type identifier, and determining whether the first object type identifier matches the second object type identifier.
    Type: Grant
    Filed: December 24, 2021
    Date of Patent: September 17, 2024
    Assignee: Intel Corporation
    Inventor: Michael LeMay
  • Patent number: 12050701
    Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.
    Type: Grant
    Filed: June 6, 2022
    Date of Patent: July 30, 2024
    Assignee: Intel Corporation
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Patent number: 12045174
    Abstract: Embodiments are directed to tagless implicit integrity with multi-perspective pattern search for memory safety. An embodiment of an apparatus includes one or more processors comprising hardware circuitry to: access encrypted data stored in a memory hierarchy using a pointer; decrypt the encrypted data using a current version of a pointer tag of the pointer to yield first decrypted data; perform an entropy test on the first decrypted data; responsive to the entropy test failing to detect patterns in the first decrypted data, re-decrypt the encrypted data using one or more different versions of the pointer tag of the pointer to yield one or more other decrypted data; perform the entropy test on the one or more other decrypted versions; and responsive to the entropy test detecting the patterns in the one or more other decrypted data, signal an exception to the one or more processors with respect to the encrypted data.
    Type: Grant
    Filed: March 25, 2022
    Date of Patent: July 23, 2024
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Michael Lemay
  • Publication number: 20240220423
    Abstract: Techniques disclosed include selecting a first key identifier (ID) for a first compartment of a compartmentalized process of a computing system, the first compartment including first private data; assigning a first extended page table (EPT) having at least one memory address including the first key ID; encrypting the first private data with a first key associated with the first key ID; and storing the encrypted first private data in a memory starting at the at least one memory address of the first EPT.
    Type: Application
    Filed: December 28, 2022
    Publication date: July 4, 2024
    Applicant: Intel Corporation
    Inventors: Michael LeMay, David M. Durham, Salmin Sultana, Andrew V. Anderson, Hans Goran Liljestrand
  • Patent number: 12019733
    Abstract: A method comprises receiving, in a store buffer, at least a portion of a store instruction, the at least a portion of the store instruction comprising a data operand, receiving, a load instruction for execution; and determining whether the store instruction and the load instruction are in different compartments.
    Type: Grant
    Filed: March 11, 2022
    Date of Patent: June 25, 2024
    Assignee: Intel Corporation
    Inventor: Michael LeMay