Patents by Inventor Ramya Jayaram MASTI
Ramya Jayaram MASTI has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240061943Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits derived, at least in part, from the encoded pointer.Type: ApplicationFiled: October 31, 2023Publication date: February 22, 2024Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
-
Patent number: 11829488Abstract: An example method comprises storing, in a register, an encoded pointer to a memory location, where first context information is stored in first bits of the encoded pointer and a slice of a memory address of the memory location is encrypted and stored in second bits of the encoded pointer. The method further includes decoding the encoded pointer to obtain the memory address of the memory location, using the memory address obtained by decoding the encoded pointer to access encrypted data at the memory location, and decrypting the encrypted data based on a first key and a first tweak value. The first tweak value includes one or more bits and is derived, at least in part, from the encoded pointer.Type: GrantFiled: December 20, 2019Date of Patent: November 28, 2023Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti
-
Patent number: 11768946Abstract: A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.Type: GrantFiled: December 20, 2019Date of Patent: September 26, 2023Assignee: Intel CorporationInventors: David M. Durham, Ramya Jayaram Masti
-
Publication number: 20230085994Abstract: Methods and apparatus relating to logical resource partitioning via realm isolation are described. In an embodiment, a logic processor, to be assigned to one of a plurality of processor cores of a processor, executes one or more operations for at least one of a plurality of logical realms; The plurality of logical realms include a security monitor realm and the security monitor realm includes security monitor logic to maintain a Realm Identifier (RID) for each of the plurality of logical realms. The security monitor logic controls access to each of the plurality of realms based at least in part on the RID for each of the plurality of logical realms. Other embodiments are also disclosed and claimed.Type: ApplicationFiled: September 17, 2021Publication date: March 23, 2023Applicant: Intel CorporationInventors: Ramya Jayaram Masti, Thomas Toll, Barry Huntley
-
Patent number: 11526451Abstract: Embodiments are directed to providing a secure address translation service. An embodiment of a system includes a memory device to store memory data in a plurality of physical pages shared by a plurality of devices, a first table to map each page of memory to an associated bundle identifier (ID) that identifies one or more devices having access to a page of memory, a second table to map each bundle ID to page access permissions that define access to one or more pages associated with a bundle ID and a translation agent to receive requests from the plurality of devices to perform memory operations on the memory and determine page access permissions for requests received from the plurality of devices using the first table and the second table.Type: GrantFiled: December 23, 2020Date of Patent: December 13, 2022Assignee: Intel CorporationInventors: David Koufaty, Anna Trikalinou, Utkarsh Y. Kakaiya, Ravi Sahita, Ramya Jayaram Masti
-
Publication number: 20220382885Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: ApplicationFiled: August 1, 2022Publication date: December 1, 2022Inventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Publication number: 20220308791Abstract: In one embodiment, an apparatus includes a memory and a scheduler. The scheduler is coupled to the memory and a memory controller. The memory stores a plurality of metadata requests. Each of the plurality of metadata requests is associated with one of a plurality of metadata priority levels. The scheduler schedules transmission of a first metadata request of the plurality of metadata requests to the memory controller based at least in part on a first metadata priority level associated with the first metadata request and a first bandwidth portion of a metadata request bandwidth. The first bandwidth portion is associated with the first metadata priority level. Other embodiments are described and claimed.Type: ApplicationFiled: March 26, 2021Publication date: September 29, 2022Inventors: RAMYA JAYARAM MASTI, THOMAS TOLL, ADRIAN C. MOGA, VINCENT VON BOKERN
-
Patent number: 11416624Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: GrantFiled: December 20, 2019Date of Patent: August 16, 2022Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Patent number: 11403234Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: GrantFiled: January 10, 2020Date of Patent: August 2, 2022Assignee: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Publication number: 20220206951Abstract: A method is described. The method includes executing a memory access instruction for a software process or thread. The method includes creating a memory access request for the memory access instruction having a physical memory address and a first identifier of a realm that the software process or thread execute from. The method includes receiving the memory access request and determining a second identifier of a realm from the physical memory address. The method also includes servicing the memory access request because the first identifier matches the second identifier.Type: ApplicationFiled: December 24, 2020Publication date: June 30, 2022Inventors: Thomas TOLL, Ramya JAYARAM MASTI, Barry E. HUNTLEY, Vincent VON BOKERN, Siddhartha CHHABRA, Hormuzd M. KHOSRAVI, Vedvyas SHANBHOGUE, Gideon GERZON
-
Publication number: 20220121765Abstract: Methods, apparatus, systems, and articles of manufacture for controlling access to user data are disclosed herein. One such apparatus to control access to user data includes memory, instructions, and at least one processor to execute the instructions to attempt to verify an identity bid associated with a request for access to user data to be processed. The identity bid includes a cryptographic signature based on a secret embedded in a data compute agent that generated the identity bid. The processor is also to determine whether agent attributes included in the identity bid satisfy user data attributes associated with the user data, and to permit the data compute agent to access the user data when the identity bid is verified, and when the agent attributes satisfy the user data attributes.Type: ApplicationFiled: December 24, 2021Publication date: April 21, 2022Inventors: Annie Foong, Ramya Jayaram Masti, Georgia Sandoval
-
Publication number: 20220100871Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.Type: ApplicationFiled: September 26, 2020Publication date: March 31, 2022Applicant: Intel CorporationInventors: Barry E. Huntley, Hormuzd M. Khosravi, Thomas Toll, Ramya Jayaram Masti, Siddhartha Chhabra, Vincent Von Bokern
-
Publication number: 20210200880Abstract: Disclosed embodiments relate to Multi-Key Total Memory Encryption based on dynamic key derivation. In one example, a processor includes cryptographic circuitry, storage with multiple key splits and multiple full encryption keys, fetch and decode circuitry to fetch and decode an instruction specifying an opcode, an address, and a keyID, the opcode calling for the processor to use the address to determine whether to use an explicit key, in which case the keyID is used to select one of the multiple full encryption keys to use as a cryptographic key, and, otherwise, the processor is to dynamically derive the cryptographic key by using the keyID to select one of the multiple key splits, and provide the key split and a root key to a key derivation function to derive the cryptographic key, which is used by the encryption circuitry to perform a cryptographic operation on an the addressed memory location.Type: ApplicationFiled: December 27, 2019Publication date: July 1, 2021Applicant: Intel CorporationInventors: Hormuzd M. KHOSRAVI, Siddhartha CHHABRA, Vincent VON BOKERN, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Ramya Jayaram MASTI
-
Publication number: 20210173794Abstract: Embodiments are directed to providing a secure address translation service.Type: ApplicationFiled: December 23, 2020Publication date: June 10, 2021Applicant: Intel CorporationInventors: David Koufaty, Anna Trikalinou, Utkarsh Y. Kakaiya, Ravi Sahita, Ramya Jayaram Masti
-
Publication number: 20210026543Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data a system agent to receive requests from one or more input/output (I/O) devices to access the memory data memory and trusted translation components having trusted host physical address (HPA) permission tables (HPTs) to validate memory address translation requests received from trusted I/O devices to access pages in memory associated with trusted domains.Type: ApplicationFiled: September 25, 2020Publication date: January 28, 2021Applicant: Intel CorporationInventors: Anna Trikalinou, Ramya Jayaram Masti, Utkarsh Kakaiya, David Koufaty, Vedvyas Shanbhogue
-
Patent number: 10768968Abstract: A method includes receiving, by a processor from a virtual machine (VM) executed by the processor, an indication that a proper subset of a plurality of virtual memory pages of the VM are secure memory pages. The method further includes, responsive to determining the VM is attempting to access a first memory page, determining whether the proper subset comprises the first memory page. The method further includes, responsive to determining the proper subset comprises the first memory page: using first attributes specified by the VM for the first memory page; and ignoring second attributes specified by a virtual machine monitor (VMM) for the first memory page. The VMM is executed by the processor to manage the VM.Type: GrantFiled: September 28, 2018Date of Patent: September 8, 2020Assignee: Intel CorporationInventors: Gilbert Neiger, Geoffrey Strongin, Ramya Jayaram Masti
-
Publication number: 20200201789Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: ApplicationFiled: January 10, 2020Publication date: June 25, 2020Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Publication number: 20200159676Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.Type: ApplicationFiled: December 20, 2019Publication date: May 21, 2020Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Ramya Jayaram Masti, Gilbert Neiger, Jason W. Brandt
-
Patent number: 10649847Abstract: A communication apparatus comprising: a plurality of communication processes, each performing communication process on a flow associated thereto; a plurality of network interfaces, each of the network interfaces adapted to be connected to a network; a dispatcher that receives a packet from the network interface and dispatches the packet to an associated communication process, based on a dispatch rule that defines association of a flow to a communication process to which the flow is dispatched; and a control unit that performs control to roll back each of the communication processes using saved image thereof.Type: GrantFiled: May 11, 2015Date of Patent: May 12, 2020Assignee: NEC CorporationInventors: Takayuki Sasaki, Adrian Perrig, Srdjan Capkun, Claudio Soriente, Ramya Jayaram Masti, Jason Lee
-
Publication number: 20200125502Abstract: A method comprising responsive to a first instruction requesting a memory heap operation, identifying a data block of a memory heap; accessing a tag history for the data block, the tag history comprising a plurality of tags previously assigned to the data block; assigning a tag to the data block, wherein assigning the tag comprises verification that the tag does not match any of the plurality of tags of the tag history; and providing the assigned tag and a reference to a location of the data block.Type: ApplicationFiled: December 20, 2019Publication date: April 23, 2020Applicant: Intel CorporationInventors: David M. Durham, Ramya Jayaram Masti