Patents by Inventor Michael LeMay
Michael LeMay has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12360689Abstract: An apparatus includes circuitry to receive a memory access request based on a memory address in a memory allocation of a program. The memory allocation is assigned to a slot of memory apportioned into a plurality of slots. The circuitry is to calculate an index based, at least in part, on whether a size of the slot exceeds a slot threshold size, and determine whether a buffer communicatively coupled to the circuitry includes a buffer entry corresponding to the index and containing a set of metadata associated with the memory allocation. Based on the slot size, the circuitry is to calculate the index by either determining a metadata virtual address or by determining a virtual address of a midpoint of the slot. The indexed data may include bounds and tag information for the circuitry to determine if a memory access is within the bounds and matches the tag value.Type: GrantFiled: March 31, 2023Date of Patent: July 15, 2025Assignee: Intel CorporationInventors: Yonghae Kim, David M. Durham, Michael LeMay
-
Patent number: 12346463Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits derived, at least in part, from the encoded pointer.Type: GrantFiled: October 31, 2023Date of Patent: July 1, 2025Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
-
Publication number: 20250148089Abstract: Techniques for instruction prefix encoding for cryptographic computing capability data types are described. In an embodiment, an apparatus includes an instruction decoder to decode a first instruction including a first prefix; and cryptography circuitry to perform a cryptographic operation on data, the cryptographic operation to be based at least in part on the first prefix and a relative enumeration in a pointer to the data.Type: ApplicationFiled: July 1, 2023Publication date: May 8, 2025Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Hans Goran Liljestrand
-
Patent number: 12282567Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: GrantFiled: August 1, 2022Date of Patent: April 22, 2025Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Patent number: 12253958Abstract: This disclosure is directed to a system for address mapping and translation protection. In one embodiment, processing circuitry may include a virtual machine manager (VMM) to control specific guest linear address (GLA) translations. Control may be implemented in a performance sensitive and secure manner, and may be capable of improving performance for critical linear address page walks over legacy operation by removing some or all of the cost of page walking extended page tables (EPTs) for critical mappings. Alone or in combination with the above, certain portions of a page table structure may be selectively made immutable by a VMM or early boot process using a sub-page policy (SPP). For example, SPP may enable non-volatile kernel and/or user space code and data virtual-to-physical memory mappings to be made immutable (e.g., non-writable) while allowing for modifications to non-protected portions of the OS paging structures and particularly the user space.Type: GrantFiled: October 7, 2021Date of Patent: March 18, 2025Assignee: Intel CorporationInventors: Ravi L. Sahita, Gilbert Neiger, Vedvyas Shanbhogue, David M. Durham, Andrew V. Anderson, David A. Koufaty, Asit K. Mallick, Arumugam Thiyagarajah, Barry E. Huntley, Deepak K. Gupta, Michael Lemay, Joseph F. Cihula, Baiju V. Patel
-
Publication number: 20250077647Abstract: Techniques for using integrity check value tripwires for memory safety are described. In an embodiment, an apparatus includes an instruction decoder to decode one or more instructions to copy a memory region; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the one or more instructions, including detecting an integrity check value (ICV) mismatch; determining whether a granule in the memory region represents a tripwire; determining a suppression mode associated with the one or more instructions; and in response to determining that the suppression mode allows copying the tripwire, copying the tripwire.Type: ApplicationFiled: November 30, 2023Publication date: March 6, 2025Applicant: Intel CorporationInventors: Michael LeMay, Sebastian Osterlund, Floris Cornelis Gorter, Hans Goran Liljestrand, Luis Kida, Gabriel Ferreira Teles Gomes
-
Publication number: 20250068776Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: November 14, 2024Publication date: February 27, 2025Applicant: Intel CorporationInventors: Michael LeMay, David M. Durham
-
Patent number: 12216922Abstract: A processor is to execute a first instruction to perform a simulated return in a program from a callee function to a caller function based on a first input stack pointer encoded with a first security context of a first callee stack frame. To perform the simulated return is to include generating a first simulated stack pointer to the caller stack frame. The processor is further to, in response to identifying an exception handler in the first caller function, execute a second instruction to perform a simulated call based on a second input stack pointer encoded with a second security context of the caller stack frame. To perform the simulated call is to include generating a second simulated stack pointer to a new stack frame containing an encrypted instruction pointer associated with the exception handler. The second simulated stack pointer is to be encoded with a new security context.Type: GrantFiled: September 16, 2022Date of Patent: February 4, 2025Assignee: Intel CorporationInventors: Hans G. Liljestrand, Sergej Deutsch, David M. Durham, Michael LeMay, Karanvir S. Grewal
-
Publication number: 20250007706Abstract: Techniques for cryptographically enforcing control-flow integrity are described. In certain examples, a processor includes: a cryptographic circuit to encrypt, with a first key, a first code section to be stored in a single page of memory, and to encrypt, with a second key, a second code section to be stored in the single page of memory; decoder circuitry to decode a single instruction into a decoded single instruction, the single instruction comprising a key identifier, an identifier of the second code section, and an opcode that is to indicate execution circuitry is to, when executing the first code section, determine if the key identifier corresponds to the second key, and in response to corresponding, cause the cryptographic circuit to switch to using the second key to decrypt the second code section, and transfer execution from the first code section to the second code section; and the execution circuitry to execute the decoded instruction according to the opcode.Type: ApplicationFiled: June 28, 2023Publication date: January 2, 2025Inventors: Pascal Nasahl, Salmin Sultana, Hans Goran Liljestrand, Karanvir Grewal, Michael LeMay, David M. Durham
-
Publication number: 20250005138Abstract: Techniques for explicit integrity check value initialization are described. In an embodiment, an apparatus includes an instruction decoder to decode a single instruction to set an integrity check value ICV corresponding to a destination location in a memory; and execution circuitry coupled to the instruction decoder, the execution circuitry to perform one or more operations corresponding to the single instruction, including storing data indicated by the single instruction into the destination location, and storing the ICV in the memory.Type: ApplicationFiled: July 1, 2023Publication date: January 2, 2025Applicant: Intel CorporationInventors: Michael LeMay, David M. Durham
-
Patent number: 12182317Abstract: Methods and apparatus relating to techniques for region-based deterministic memory safety are described. In some embodiment, one or more instructions may be used to encrypt, decrypt, and/or check a pointer to a portion of the data stored in memory. The portion of the data is stored in a first region of the memory. The first region of the memory includes a plurality of identically sized allocation slots. Other embodiments are also disclosed and claimed.Type: GrantFiled: June 24, 2021Date of Patent: December 31, 2024Assignee: Intel CorporationInventors: Michael LeMay, David M. Durham
-
Publication number: 20240354108Abstract: Techniques for implementing instructions and modified instruction encodings for checking tags and for interspersing islands of tags in line with bucketed data for locality by a processor are described. In an example, an apparatus includes decoder circuitry and execution circuitry. The decoder circuitry is to decode an instruction into a decoded instruction. The instruction has an opcode to indicate that the execution circuitry is to use metadata and instruction encodings to selectively perform a memory safety check. The execution circuitry is to execute the decoded instruction according to the opcode.Type: ApplicationFiled: September 29, 2023Publication date: October 24, 2024Applicant: Intel CorporationInventors: Michael LeMay, David M. Durham, Joseph Cihula, Joseph Nuzman, Dan Baum, Jonathan Combs
-
Publication number: 20240333501Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
-
Publication number: 20240330000Abstract: Techniques for implementing forward-edge control-flow integrity (FECFI) using capability instructions in a hardware processor are described. In certain examples, a hardware processor (e.g.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Inventors: Scott D. Constable, Michael LeMay
-
Publication number: 20240329861Abstract: An apparatus includes circuitry to receive a memory access request based on a memory address in a memory allocation of a program. The memory allocation is assigned to a slot of memory apportioned into a plurality of slots. The circuitry is to calculate an index based, at least in part, on whether a size of the slot exceeds a slot threshold size, and determine whether a buffer communicatively coupled to the circuitry includes a buffer entry corresponding to the index and containing a set of metadata associated with the memory allocation. Based on the slot size, the circuitry is to calculate the index by either determining a metadata virtual address or by determining a virtual address of a midpoint of the slot. The indexed data may include bounds and tag information for the circuitry to determine if a memory access is within the bounds and matches the tag value.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Applicant: Intel CorporationInventors: Yonghae Kim, David M. Durham, Michael LeMay
-
Patent number: 12093182Abstract: A method comprises receiving, in a store buffer, at least a portion of a store instruction, the at least a portion of the store instruction comprising a data operand and a first object capability register operand which comprises a first object type identifier for a first object, obtaining, from a corresponding load instruction, a second object capability register operand which comprises a second object type identifier, and determining whether the first object type identifier matches the second object type identifier.Type: GrantFiled: December 24, 2021Date of Patent: September 17, 2024Assignee: Intel CorporationInventor: Michael LeMay
-
Patent number: 12050701Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.Type: GrantFiled: June 6, 2022Date of Patent: July 30, 2024Assignee: Intel CorporationInventors: Michael E. Kounavis, Santosh Ghosh, Sergej Deutsch, Michael LeMay, David M. Durham
-
Patent number: 12045174Abstract: Embodiments are directed to tagless implicit integrity with multi-perspective pattern search for memory safety. An embodiment of an apparatus includes one or more processors comprising hardware circuitry to: access encrypted data stored in a memory hierarchy using a pointer; decrypt the encrypted data using a current version of a pointer tag of the pointer to yield first decrypted data; perform an entropy test on the first decrypted data; responsive to the entropy test failing to detect patterns in the first decrypted data, re-decrypt the encrypted data using one or more different versions of the pointer tag of the pointer to yield one or more other decrypted data; perform the entropy test on the one or more other decrypted versions; and responsive to the entropy test detecting the patterns in the one or more other decrypted data, signal an exception to the one or more processors with respect to the encrypted data.Type: GrantFiled: March 25, 2022Date of Patent: July 23, 2024Assignee: INTEL CORPORATIONInventors: David M. Durham, Michael Lemay
-
Publication number: 20240220423Abstract: Techniques disclosed include selecting a first key identifier (ID) for a first compartment of a compartmentalized process of a computing system, the first compartment including first private data; assigning a first extended page table (EPT) having at least one memory address including the first key ID; encrypting the first private data with a first key associated with the first key ID; and storing the encrypted first private data in a memory starting at the at least one memory address of the first EPT.Type: ApplicationFiled: December 28, 2022Publication date: July 4, 2024Applicant: Intel CorporationInventors: Michael LeMay, David M. Durham, Salmin Sultana, Andrew V. Anderson, Hans Goran Liljestrand
-
Patent number: 12019733Abstract: A method comprises receiving, in a store buffer, at least a portion of a store instruction, the at least a portion of the store instruction comprising a data operand, receiving, a load instruction for execution; and determining whether the store instruction and the load instruction are in different compartments.Type: GrantFiled: March 11, 2022Date of Patent: June 25, 2024Assignee: Intel CorporationInventor: Michael LeMay