Patents by Inventor Michael LeMay

Michael LeMay has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230393769
    Abstract: A processor includes a register to store an encoded pointer for a memory address within a first memory allocation of a plurality of memory allocations in a memory region of a memory. The processor further includes circuitry to receive a memory operation request based on the encoded pointer and to obtain a first tag of a plurality of tags stored in a table in the memory. Each memory allocation of the plurality of memory allocations is associated with a respective one of the plurality of tags stored in the table. The circuitry is to further obtain pointer metadata stored in the encoded pointer and to determine whether to perform a memory operation corresponding to the memory operation request based, at least in part, on a determination of whether the first pointer metadata corresponds to the first tag.
    Type: Application
    Filed: September 30, 2022
    Publication date: December 7, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Sergej Deutsch, Dan Baum
  • Patent number: 11838418
    Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.
    Type: Grant
    Filed: August 20, 2020
    Date of Patent: December 5, 2023
    Assignee: Intel Corporation
    Inventors: Milind Girkar, Jason W. Brandt, Michael LeMay
  • Patent number: 11836094
    Abstract: A method comprises identifying a first page in a computer readable memory communicatively coupled to the apparatus that has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses, the first page in the computer readable memory comprising at least one encrypted data object, and set a page table entry bit for the first page to a first value which indicates that at least one memory allocation in the first page has been marked as being stored in memory as plaintext even if accessed using cryptographic addresses.
    Type: Grant
    Filed: March 21, 2022
    Date of Patent: December 5, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Anna Trikalinou, Michael LeMay
  • Patent number: 11829299
    Abstract: Technologies for execute only transactional memory include a computing device with a processor and a memory. The processor includes an instruction translation lookaside buffer (iTLB) and a data translation lookaside buffer (dTLB). In response to a page miss, the processor determines whether a page physical address is within an execute only transactional (XOT) range of the memory. If within the XOT range, the processor may populate the iTLB with the page physical address and prevent the dTLB from being populated with the page physical address. In response to an asynchronous change of control flow such as an interrupt, the processor determines whether a last iTLB translation is within the XOT range. If within the XOT range, the processor clears or otherwise secures the processor register state. The processor ensures that an XOT range starts execution at an authorized entry point. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 12, 2022
    Date of Patent: November 28, 2023
    Assignee: INTEL CORPORATION
    Inventors: David M. Durham, Michael LeMay, Men Long
  • Patent number: 11829488
    Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits and is derived, at least in part, from the encoded pointer.
    Type: Grant
    Filed: December 20, 2019
    Date of Patent: November 28, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
  • Patent number: 11822644
    Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: November 21, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael LeMay, Barry E. Huntley, Ravi Sahita
  • Patent number: 11797678
    Abstract: An example apparatus includes a scan manager to add a portion of a page of physical memory from a first sequence of mappings to a second sequence of mappings in response to determining the second sequence includes an address corresponding to the portion of the page of physical memory, and a scanner to scan the first sequence and the second sequence to determine whether at least one of first data in the first sequence or second data in the second sequence includes a pattern indicative of malware.
    Type: Grant
    Filed: July 23, 2021
    Date of Patent: October 24, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael LeMay, David M. Durham, Men Long
  • Patent number: 11789737
    Abstract: Systems, methods, and apparatuses for generating a protected stack allocation pointer. In certain examples, a hardware processor core comprises a decoder circuit to decode a single instruction into a decoded single instruction, the single instruction comprising one or more fields to indicate a stack allocation index as an operand, and an opcode to indicate that an execution circuit is to generate a stack allocation pointer to reference an address in a stack and an address in a shadow stack; and an execution circuit to execute the decoded single instruction according to the opcode.
    Type: Grant
    Filed: March 24, 2022
    Date of Patent: October 17, 2023
    Assignee: Intel Corporation
    Inventors: Michael Lemay, David M. Durham
  • Patent number: 11782826
    Abstract: A memory controller is to store a unique tag at the mid-point address within each of allocated memory portions. In addition to the tag data, additional metadata may be stored at the mid-point address of the memory allocation. For each memory access operation, an encoded pointer contains information indicative of a size of the memory allocation as well as its own tag data. The processor circuitry compares the tag data included in the encoded pointer with the tag data stored in the memory allocation. If the tag data included in the encoded pointer matches the tag data stored in the memory allocation, the memory operation proceeds. If the tag data included in the encoded pointer fails to match the tag data stored in the memory allocation, an error or exception is generated.
    Type: Grant
    Filed: December 1, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael LeMay
  • Patent number: 11782716
    Abstract: Systems, methods, and apparatuses relating to circuitry to implement individually revocable capabilities for enforcing temporal memory safety are described. In one embodiment, a hardware processor comprises an execution unit to execute an instruction to request access to a block of memory through a pointer to the block of memory, and a memory controller circuit to allow access to the block of memory when an allocated object tag in the pointer is validated with an allocated object tag in an entry of a capability table in memory that is indexed by an index value in the pointer, wherein the memory controller circuit is to clear the allocated object tag in the capability table when a corresponding object is deallocated.
    Type: Grant
    Filed: November 2, 2021
    Date of Patent: October 10, 2023
    Assignee: Intel Corporation
    Inventors: Michael LeMay, Vedvyas Shanbhogue, Deepak Gupta, Ravi Sahita, David M. Durham, Willem Pinckaers, Enrico Perla
  • Patent number: 11768931
    Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: September 26, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael LeMay, Barry E. Huntley, Ravi Sahita
  • Patent number: 11741018
    Abstract: An apparatus and method for efficient process-based compartmentalization.
    Type: Grant
    Filed: July 26, 2022
    Date of Patent: August 29, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Jacob Doweck, Michael Lemay, Deepak Gupta
  • Patent number: 11734199
    Abstract: Enforcing memory operand types using protection keys is generally described herein. A processor system to provide sandbox execution support for protection key rights attacks includes a processor core to execute a task associated with an untrusted application and execute the task using a designated page of a memory; and a memory management unit to designate the page of the memory to support execution of the untrusted application.
    Type: Grant
    Filed: December 2, 2022
    Date of Patent: August 22, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael Lemay, David A Koufaty, Ravi L. Sahita
  • Patent number: 11704297
    Abstract: Embodiments are directed to collision-free hashing for accessing cryptographic computing metadata and for cache expansion. An embodiment of an apparatus includes one or more processors to: receive a physical address; compute a set of hash functions using a set of different indexes corresponding to the set of hash functions, wherein the set of hash functions combine additions, bit-level reordering, bit-linear mixing, and wide substitutions, wherein the plurality of hash functions differ in the bit-linear mixing; access a plurality of cache units utilizing the set of hash functions; read different sets of the plurality of cache units in parallel, where a set of the different sets is obtained from each cache unit of the plurality of cache units; and responsive to the physical address being located one of the different sets, return cache line data of the set corresponding to the set of the cache unit having the physical address.
    Type: Grant
    Filed: July 19, 2022
    Date of Patent: July 18, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
  • Publication number: 20230195461
    Abstract: Systems, methods, and apparatuses for implementing capabilities using narrow registers are described.
    Type: Application
    Filed: December 16, 2021
    Publication date: June 22, 2023
    Inventors: Michael LeMay, Jason W. Brandt
  • Publication number: 20230195614
    Abstract: Systems, methods, and apparatuses for implementing non-redundant metadata storage addressed by bounded capabilities are described.
    Type: Application
    Filed: December 21, 2021
    Publication date: June 22, 2023
    Inventor: Michael LeMay
  • Publication number: 20230195360
    Abstract: Systems, methods, and apparatuses for implementing capability-based compartment switches with descriptors are described.
    Type: Application
    Filed: December 22, 2021
    Publication date: June 22, 2023
    Inventor: Michael LeMay
  • Patent number: 11681793
    Abstract: Technologies for memory management with memory protection extension include a computing device having a processor with one or more protection extensions. The processor may load a logical address including a segment base, effective limit, and effective address and generate a linear address as a function of the logical address with the effective limit as a mask. The processor may switch to a new task described by a task state segment extension. The task state extension may specify a low-latency segmentation mode. The processor may prohibit access to a descriptor in a local descriptor table with a descriptor privilege level lower than the current privilege level of the processor. The computing device may load a secure enclave using secure enclave support of the processor. The secure enclave may load an unsandbox and a sandboxed application in a user privilege level of the processor. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 29, 2021
    Date of Patent: June 20, 2023
    Assignee: INTEL CORPORATION
    Inventors: Michael LeMay, Barry E. Huntley, Ravi Sahita
  • Patent number: 11630920
    Abstract: A system may use memory tagging for side-channel defense, memory safety, and sandboxing to reduce the likelihood of successful attacks. The system may include memory tagging circuitry to address existing and potential hardware and software architectures security vulnerabilities. The memory tagging circuitry may prevent memory pointers from being overwritten, prevent memory pointer manipulation (e.g., by adding values), and increase the granularity of memory tagging to include byte-level tagging in cache. The memory tagging circuitry may sandbox untrusted code by tagging portions of memory to indicate when the tagged portions of memory include contain a protected pointer. The memory tagging circuitry provides security features while enabling CPUs to continue using and benefiting from speculatively performing operations.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: April 18, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Michael Lemay, Siddhartha Chhabra, Kai Cong
  • Publication number: 20230112707
    Abstract: Enforcing memory operand types using protection keys is generally described herein. A processor system to provide sandbox execution support for protection key rights attacks includes a processor core to execute a task associated with an untrusted application and execute the task using a designated page of a memory; and a memory management unit to designate the page of the memory to support execution of the untrusted application.
    Type: Application
    Filed: December 2, 2022
    Publication date: April 13, 2023
    Inventors: Michael Lemay, David A. Koufaty, Ravi L. Sahita