Patents by Inventor Salmin Sultana
Salmin Sultana has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240333501Abstract: In a technique of hardware thread isolation, a processor comprises a first core including a first hardware thread register. The core is to select a first key identifier stored in the first hardware thread register in response to receiving a first memory access request associated with a first hardware thread of a process. Memory controller circuitry coupled to the first core is to obtain a first encryption key associated with the first key identifier. The first key identifier may be selected from the first hardware thread register based, at least in part, on a first portion of a pointer of the first memory access request. The first key identifier selected from the first hardware thread register is to be appended to a physical address translated from a linear address at least partially included in the pointer.Type: ApplicationFiled: March 31, 2023Publication date: October 3, 2024Applicant: Intel CorporationInventors: David M. Durham, Michael LeMay, Salmin Sultana, Karanvir S. Grewal, Sergej Deutsch
-
Publication number: 20240220423Abstract: Techniques disclosed include selecting a first key identifier (ID) for a first compartment of a compartmentalized process of a computing system, the first compartment including first private data; assigning a first extended page table (EPT) having at least one memory address including the first key ID; encrypting the first private data with a first key associated with the first key ID; and storing the encrypted first private data in a memory starting at the at least one memory address of the first EPT.Type: ApplicationFiled: December 28, 2022Publication date: July 4, 2024Applicant: Intel CorporationInventors: Michael LeMay, David M. Durham, Salmin Sultana, Andrew V. Anderson, Hans Goran Liljestrand
-
Patent number: 11711201Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.Type: GrantFiled: March 26, 2021Date of Patent: July 25, 2023Assignee: Intel CorporationInventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
-
Patent number: 11698964Abstract: A system for detecting malware includes a processor to collect processor trace information corresponding to an application being executed by the processor (202). The processor can also detect an invalid indirect branch instruction from the processor trace information (204) and detect at least one malware instruction being executed by the application in response to analyzing modified memory values corresponding to the invalid indirect branch (206). Additionally, the processor can block the application from accessing or modifying memory (208).Type: GrantFiled: December 13, 2017Date of Patent: July 11, 2023Assignee: INTEL CORPORATIONInventors: Danyu Bi, Salmin Sultana, Yuanyuan Li, Yong Jiang, Pramod Pesara, Selvakumar Panneer, Ravi Sahita
-
Patent number: 11669625Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.Type: GrantFiled: December 26, 2020Date of Patent: June 6, 2023Assignee: Intel CorporationInventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana
-
Patent number: 11580035Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.Type: GrantFiled: December 26, 2020Date of Patent: February 14, 2023Assignee: Intel CorporationInventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana, Andrew James Weiler
-
Publication number: 20230027329Abstract: A processor, a system, a machine readable medium, and a method.Type: ApplicationFiled: December 26, 2020Publication date: January 26, 2023Applicant: Intel CorporationInventors: David M. Durham, Michael D. LeMay, Salmin Sultana, Karanvir S. Grewal, Michael E. Kounavis, Sergej Deutsch, Andrew James Weiler, Abhishek Basak, Dan Baum, Santosh Ghosh
-
Publication number: 20220343029Abstract: Technologies provide domain isolation using encoded pointers to data and code. A system may be configured for decoding an encoded pointer to obtain a linear address of an encrypted code block of a first software component in memory. The first software component shares a linear address space of the memory with a plurality of software components. A processor uses the linear address to access the encrypted code block, determines a relative position of the encrypted code block within a memory slot of the linear address space, and decrypts the encrypted code block to generate a decrypted code block using a code key and a code tweak. The code tweak includes a relative position of the encrypted code block in the address space and domain metadata that uniquely identifies the software component. In some scenarios, the software component may be position independent code and may be relocatable to different address spaces.Type: ApplicationFiled: June 30, 2022Publication date: October 27, 2022Applicant: Intel CorporationInventors: Salmin Sultana, Michael LeMay, David M. Durham, Karanvir S. Grewal, Sergej Deutsch
-
Publication number: 20220335140Abstract: Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.Type: ApplicationFiled: June 30, 2022Publication date: October 20, 2022Applicant: Intel CorporationInventors: Salmin Sultana, David M. Durham, Michael LeMay, Karanvir S. Grewal, Sergej Deutsch
-
Patent number: 11455392Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.Type: GrantFiled: March 29, 2019Date of Patent: September 27, 2022Assignee: Intel CorporationInventors: Abhishek Basak, Li Chen, Salmin Sultana, Anna Trikalinou, Erdem Aktas, Saeedeh Komijani
-
Patent number: 11416603Abstract: Methods, systems, articles of manufacture and apparatus to detect process hijacking are disclosed herein. An example apparatus to detect control flow anomalies includes a parsing engine to compare a target instruction pointer (TIP) address to a dynamic link library (DLL) module list, and in response to detecting a match of the TIP address to a DLL in the DLL module list, set a first portion of a normalized TIP address to a value equal to an identifier of the DLL. The example apparatus disclosed herein also includes a DLL entry point analyzer to set a second portion of the normalized TIP address based on a comparison between the TIP address and an entry point of the DLL, and a model compliance engine to generate a flow validity decision based on a comparison between (a) the first and second portion of the normalized TIP address and (b) a control flow integrity model.Type: GrantFiled: January 11, 2019Date of Patent: August 16, 2022Assignee: Intel CorporationInventors: Zheng Zhang, Jason Martin, Justin Gottschlich, Abhilasha Bhargav-Spantzel, Salmin Sultana, Li Chen, Wei Li, Priyam Biswas, Paul Carlson
-
Publication number: 20220123930Abstract: A method comprises detecting execution of a fork( ) operation in a cryptographic computing system that generates a parent process and a child process, assigning a parent kernel data structure to the parent process and a child kernel data structure to the child process, detecting, in the child process, a write operation comprising write data and a cryptographic target address, and in response to the write operation blocking access to a corresponding page in the parent process, allocating a new physical page in memory for the child process, encrypting the write data with a cryptographic key unique to the child process, and filling the new physical page in memory with magic marker data.Type: ApplicationFiled: December 24, 2021Publication date: April 21, 2022Applicant: Intel CorporationInventors: Salmin Sultana, David M. Durham, Michael LeMay, Karanvir Grewal, Sergej Deutsch
-
Publication number: 20220100907Abstract: In one embodiment, a processor includes a memory hierarchy that stores encrypted data, tracking circuitry that tracks an execution context for instructions executed by the processor, and cryptographic computing circuitry to encrypt/decrypt data that is stored in the memory hierarchy. The cryptographic computing circuitry obtains context information from the tracking circuitry for a load instruction to be executed by the processor, where the context information indicates information about branch predictions made by a branch prediction unit of the processor, and decrypts the encrypted data using a key and the context information as a tweak input to the decryption.Type: ApplicationFiled: December 10, 2021Publication date: March 31, 2022Applicant: Intel CorporationInventors: Abhishek Basak, Salmin Sultana, Santosh Ghosh, Michael D. LeMay, Karanvir S. Grewal, David M. Durham
-
Patent number: 11194902Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.Type: GrantFiled: December 27, 2018Date of Patent: December 7, 2021Assignee: Intel CorporationInventors: Li Chen, Kai Cong, Salmin Sultana
-
Publication number: 20210374247Abstract: The present invention discloses a secure ML pipeline to improve the robustness of ML models against poisoning attacks and utilizing data provenance as a tool. Two components are added to the ML pipeline, a data quality pre-processor, which filters out untrusted training data based on provenance derived features and an audit post-processor, which localizes the malicious source based on training dataset analysis using data provenance.Type: ApplicationFiled: August 10, 2021Publication date: December 2, 2021Applicant: Intel CorporationInventors: Salmin Sultana, Lawrence Booth, JR., Mic Bowman, Jason Martin, Micah Sheller
-
Patent number: 11188643Abstract: Methods, apparatus, systems and articles of manufacture for detecting a side channel attack using hardware performance counters are disclosed. An example apparatus includes a hardware performance counter data organizer to collect a first value of a hardware performance counter at a first time and a second value of the hardware performance counter at a second time. A machine learning model processor is to apply a machine learning model to predict a third value corresponding to the second time. An error vector generator is to generate an error vector representing a difference between the second value and the third value. An error vector analyzer is to determine a probability of the error vector indicating an anomaly. An anomaly detection orchestrator is to, in response to the probability satisfying a threshold, cause the performance of a responsive action to mitigate the side channel anomaly.Type: GrantFiled: December 27, 2018Date of Patent: November 30, 2021Assignee: INTEL CORPORATIONInventors: Li Chen, Abhishek Basak, Salmin Sultana, Justin Gottschlich
-
Publication number: 20210218547Abstract: In one embodiment, an encoded pointer is constructed from a stack pointer that includes offset. The encoded pointer includes the offset value and ciphertext that is based on encrypting a portion of a decorated pointer that includes a maximum offset value. Stack data is encrypted based on the encoded pointer, and the encoded pointer is stored in a stack pointer register of a processor. To access memory, a decoded pointer is constructed based on decrypting the ciphertext of the encoded pointer and the offset value. Encrypted stack data is accessed based on the decoded pointer, and the encrypted stack is decrypted based on the encoded pointer.Type: ApplicationFiled: March 26, 2021Publication date: July 15, 2021Applicant: Intel CorporationInventors: Andrew James Weiler, David M. Durham, Michael D. LeMay, Sergej Deutsch, Michael E. Kounavis, Salmin Sultana, Karanvir S. Grewal
-
Patent number: 11016773Abstract: Embodiments described herein provide for a computing device comprising a hardware processor including a processor trace module to generate trace data indicative of an order of instructions executed by the processor, wherein the processor trace module is configurable to selectively output a processor trace packet associated with execution of a selected non-deterministic control flow transfer instruction.Type: GrantFiled: September 27, 2019Date of Patent: May 25, 2021Assignee: INTEL CORPORATIONInventors: Salmin Sultana, Beeman Strong, Ravi Sahita
-
Publication number: 20210150040Abstract: A processor includes a register to store an encoded pointer to a memory location in memory and the encoded pointer is to include an encrypted portion. The processor further includes circuitry to determine a first data encryption factor based on a first data access instruction, decode the encoded pointer to obtain a memory address of the memory location, use the memory address to access an encrypted first data element, and decrypt the encrypted first data element using a cryptographic algorithm with first inputs to generate a decrypted first data element. The first inputs include the first data encryption factor based on the first data access instruction and a second data encryption factor from the encoded pointer.Type: ApplicationFiled: December 26, 2020Publication date: May 20, 2021Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana
-
Publication number: 20210149825Abstract: A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.Type: ApplicationFiled: December 26, 2020Publication date: May 20, 2021Inventors: David M. Durham, Karanvir S. Grewal, Michael D. LeMay, Salmin Sultana, Andrew James Weiler