Patents by Inventor Salmin Sultana

Salmin Sultana has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240333501
    Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.
    Type: Application
    Filed: March 31, 2023
    Publication date: October 3, 2024
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
  • Publication number: 20240220423
    Abstract: Techniques disclosed include selecting a first key identifier (ID) for a first compartment of a compartmentalized process of a computing system, the first compartment including first private data; assigning a first extended page table (EPT) having at least one memory address including the first key ID; encrypting the first private data with a first key associated with the first key ID; and storing the encrypted first private data in a memory starting at the at least one memory address of the first EPT.
    Type: Application
    Filed: December 28, 2022
    Publication date: July 4, 2024
    Applicant: Intel Corporation
    Inventors: Michael LeMay, David M. Durham, Salmin Sultana, Andrew V. Anderson, Hans Goran Liljestrand
  • Patent number: 11711201
    Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.
    Type: Grant
    Filed: March 26, 2021
    Date of Patent: July 25, 2023
    Assignee: Intel Corporation
    Inventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
  • Patent number: 11698964
    Abstract: A system for detecting malware includes a processor to collect processor trace information corresponding to an application being executed by the processor (202). The processor can also detect an invalid indirect branch instruction from the processor trace information (204) and detect at least one malware instruction being executed by the application in response to analyzing modified memory values corresponding to the invalid indirect branch (206). Additionally, the processor can block the application from accessing or modifying memory (208).
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: July 11, 2023
    Assignee: INTEL CORPORATION
    Inventors: Danyu Bi, Salmin Sultana, Yuanyuan Li, Yong Jiang, Pramod Pesara, Selvakumar Panneer, Ravi Sahita
  • Patent number: 11669625
    Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: June 6, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana
  • Patent number: 11580035
    Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.
    Type: Grant
    Filed: December 26, 2020
    Date of Patent: February 14, 2023
    Assignee: Intel Corporation
    Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana, Andrew James Weiler
  • Publication number: 20230027329
    Abstract: A processor, a system, a machine readable medium, and a method.
    Type: Application
    Filed: December 26, 2020
    Publication date: January 26, 2023
    Applicant: Intel Corporation
    Inventors: David M. Durham, Michael D. LeMay, Salmin Sultana, Karanvir S. Grewal, Michael E. Kounavis, Sergej Deutsch, Andrew James Weiler, Abhishek Basak, Dan Baum, Santosh Ghosh
  • Publication number: 20220343029
    Abstract: Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.
    Type: Application
    Filed: June 30, 2022
    Publication date: October 27, 2022
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, Michael LeMay, David M. Durham, Karanvir S. Grewal, Sergej Deutsch
  • Publication number: 20220335140
    Abstract: Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.
    Type: Application
    Filed: June 30, 2022
    Publication date: October 20, 2022
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, David M. Durham, Michael LeMay, Karanvir S. Grewal, Sergej Deutsch
  • Patent number: 11455392
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: September 27, 2022
    Assignee: Intel Corporation
    Inventors: Abhishek Basak, Li Chen, Salmin Sultana, Anna Trikalinou, Erdem Aktas, Saeedeh Komijani
  • Patent number: 11416603
    Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.
    Type: Grant
    Filed: January 11, 2019
    Date of Patent: August 16, 2022
    Assignee: Intel Corporation
    Inventors: Zheng Zhang, Jason Martin, Justin Gottschlich, Abhilasha Bhargav-Spantzel, Salmin Sultana, Li Chen, Wei Li, Priyam Biswas, Paul Carlson
  • Publication number: 20220123930
    Abstract: A method comprises detecting execution of a fork( ) operation in a cryptographic computing system that generates a parent process and a child process, assigning a parent kernel data structure to the parent process and a child kernel data structure to the child process, detecting, in the child process, a write operation comprising write data and a cryptographic target address, and in response to the write operation blocking access to a corresponding page in the parent process, allocating a new physical page in memory for the child process, encrypting the write data with a cryptographic key unique to the child process, and filling the new physical page in memory with magic marker data.
    Type: Application
    Filed: December 24, 2021
    Publication date: April 21, 2022
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, David M. Durham, Michael LeMay, Karanvir Grewal, Sergej Deutsch
  • Publication number: 20220100907
    Abstract: In one embodiment, a processor includes a memory hierarchy that stores encrypted data, tracking circuitry that tracks an execution context for instructions executed by the processor, and cryptographic computing circuitry to encrypt/decrypt data that is stored in the memory hierarchy. The cryptographic computing circuitry obtains context information from the tracking circuitry for a load instruction to be executed by the processor, where the context information indicates information about branch predictions made by a branch prediction unit of the processor, and decrypts the encrypted data using a key and the context information as a tweak input to the decryption.
    Type: Application
    Filed: December 10, 2021
    Publication date: March 31, 2022
    Applicant: Intel Corporation
    Inventors: Abhishek Basak, Salmin Sultana, Santosh Ghosh, Michael D. LeMay, Karanvir S. Grewal, David M. Durham
  • Patent number: 11194902
    Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: December 7, 2021
    Assignee: Intel Corporation
    Inventors: Li Chen, Kai Cong, Salmin Sultana
  • Publication number: 20210374247
    Abstract: The present invention discloses a secure ML pipeline to improve the robustness of ML models against poisoning attacks and utilizing data provenance as a tool. Two components are added to the ML pipeline, a data quality pre-processor, which filters out untrusted training data based on provenance derived features and an audit post-processor, which localizes the malicious source based on training dataset analysis using data provenance.
    Type: Application
    Filed: August 10, 2021
    Publication date: December 2, 2021
    Applicant: Intel Corporation
    Inventors: Salmin Sultana, Lawrence Booth, JR., Mic Bowman, Jason Martin, Micah Sheller
  • Patent number: 11188643
    Abstract: Methods, apparatus, systems and articles of manufacture for detecting a side channel attack using hardware performance counters are disclosed. An example apparatus includes a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time. A machine learning model processor is to apply a machine learning model to predict a third value corresponding to the second time. An error vector generator is to generate an error vector representing a difference between the second value and the third value. An error vector analyzer is to determine a probability of the error vector indicating an anomaly. An anomaly detection orchestrator is to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate the side channel anomaly.
    Type: Grant
    Filed: December 27, 2018
    Date of Patent: November 30, 2021
    Assignee: INTEL CORPORATION
    Inventors: Li Chen, Abhishek Basak, Salmin Sultana, Justin Gottschlich
  • Publication number: 20210218547
    Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.
    Type: Application
    Filed: March 26, 2021
    Publication date: July 15, 2021
    Applicant: Intel Corporation
    Inventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
  • Patent number: 11016773
    Abstract: Embodiments described herein provide for a computing device comprising a hardware processor including a processor trace module to generate trace data indicative of an order of instructions executed by the processor, wherein the processor trace module is configurable to selectively output a processor trace packet associated with execution of a selected non-deterministic control flow transfer instruction.
    Type: Grant
    Filed: September 27, 2019
    Date of Patent: May 25, 2021
    Assignee: INTEL CORPORATION
    Inventors: Salmin Sultana, Beeman Strong, Ravi Sahita
  • Publication number: 20210150040
    Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.
    Type: Application
    Filed: December 26, 2020
    Publication date: May 20, 2021
    Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana
  • Publication number: 20210149825
    Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.
    Type: Application
    Filed: December 26, 2020
    Publication date: May 20, 2021
    Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana, Andrew James Weiler