Patents by Inventor Samira Briongos

Samira Briongos has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20250068732
    Abstract: A computer-implemented method mitigates side channel attacks in cache memory. The method includes: loading data into a cache line of the cache memory, which includes marking the data as sensitive in metadata of the cache line based on the data being tagged as sensitive; tracking interactions with the data; and determining whether the interactions with the data are not normal based on a preset criteria and the tracked interactions with the data.
    Type: Application
    Filed: November 7, 2023
    Publication date: February 27, 2025
    Inventors: Samira Briongos, Claudio Soriente
  • Publication number: 20250007897
    Abstract: A method for enabling enclave migration is provided, where the contents of the enclave and its sealed data are transferred from a sending host to a receiving host. An attestation is performed between a security monitor of the sending host and a security monitor of the receiving host, where the attestation includes an exchange of a shared cryptographic key K between the two security monitors. The shared cryptographic key K is used to implement a secure communication channel between the two security monitors. The two security monitors execute, via the secure communication channel, a predetermined transfer protocol. The predetermined transfer protocol includes an initial exchange of verification messages between the security monitors to verify that both security monitors are ready and can execute the transfer, and a subsequent transfer of enclave data between the security monitors.
    Type: Application
    Filed: October 27, 2021
    Publication date: January 2, 2025
    Inventors: Samira BRIONGOS, Claudio SORIENTE, Ghassan KARAME
  • Publication number: 20240061938
    Abstract: A method for implementing a software update for a selected enclave of a computing system includes obtaining, by a security monitor (SM) of the computing system, the software update for the selected enclave, installing, by the SM, the software update for the selected enclave to provide updated enclave software code, and measuring, by the SM, the updated enclave software code to provide a software update measurement. The updated enclave software code is stored in a memory region isolated from a memory region in which data for the selected enclave is stored. The method further includes transmitting, by the SM, the software update measurement to one or more respective other enclaves that share a memory region with the selected enclave.
    Type: Application
    Filed: October 17, 2022
    Publication date: February 22, 2024
    Inventors: Samira Briongos, Felix Klaedtke
  • Patent number: 11907371
    Abstract: A method for detecting a microarchitectural attack on a trusted execution environment (TEE) and/or a violation of an expected execution flow of an application running in the TEE includes implementing a counting thread. An eviction set is loaded in a transaction. The eviction set corresponds to a cache set used by an operation of the application such that a transactional abort is received upon the operation being executed. A value of the counting thread is read upon receiving the transactional abort. These steps are repeated for a next operation of the application running in the TEE and an execution time is measured for the operation based on a difference between the values of the counting thread. The measured execution time for the operation is compared with an expected execution time to detect one or more variations that indicate the microarchitectural attack and/or the violation of the expected execution flow.
    Type: Grant
    Filed: July 19, 2021
    Date of Patent: February 20, 2024
    Assignee: NEC CORPORATION
    Inventor: Samira Briongos
  • Publication number: 20240020425
    Abstract: A method provides trusted timing services to an enclave of a computer having memory and a trusted hardware timer. The computer executes a privileged management program and an untrusted operating system. The privileged management program has access to the memory and the trusted hardware timer, has higher privileges than the untrusted operating system, and exposes a system call to the enclave for requesting the trusted timing services. The method includes: receiving, by the privileged management program, a request for timing services from the enclave, via the system call; reserving, by the privileged management program, a memory region of the memory for tracking time; and writing, by the privileged management program, at least one value of the trusted hardware timer into the memory region.
    Type: Application
    Filed: August 3, 2022
    Publication date: January 18, 2024
    Inventors: Samira Briongos, Claudio Soriente, Felix Klaedtke, Ghassan Karame
  • Patent number: 11836244
    Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.
    Type: Grant
    Filed: June 2, 2021
    Date of Patent: December 5, 2023
    Assignee: NEC CORPORATION
    Inventors: Samira Briongos, Claudio Soriente, Ghassan Karame
  • Patent number: 11775360
    Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.
    Type: Grant
    Filed: February 15, 2022
    Date of Patent: October 3, 2023
    Assignee: NEC CORPORATION
    Inventors: Samira Briongos, Claudio Soriente
  • Publication number: 20230168954
    Abstract: A method executes inter-enclave communication via cache memory of a processor. The method includes: instantiating a first enclave such that it is configured to execute a first communication thread, which is configured to read/write data to the cache memory; instantiating a second enclave such that it is configured to execute a second communication thread, which is configured to read/write data to cache memory; executing, by the first enclave, the first communication thread to send message data to the second enclave, executing the first communication thread comprising writing the message data to the cache memory; and executing, by the second enclave, the second communication thread to receive the message data. Executing the second communication thread can include: monitoring the cache memory to determine whether the data message is being sent; and based upon determining the data message is being sent, reading from the cache memory to receive the data message.
    Type: Application
    Filed: February 15, 2022
    Publication date: June 1, 2023
    Inventors: Samira Briongos, Claudio Soriente
  • Publication number: 20220284098
    Abstract: A method for detecting a microarchitectural attack on a trusted execution environment (TEE) and/or a violation of an expected execution flow of an application running in the TEE includes implementing a counting thread. An eviction set is loaded in a transaction. The eviction set corresponds to a cache set used by an operation of the application such that a transactional abort is received upon the operation being executed. A value of the counting thread is read upon receiving the transactional abort. These steps are repeated for a next operation of the application running in the TEE and an execution time is measured for the operation based on a difference between the values of the counting thread. The measured execution time for the operation is compared with an expected execution time to detect one or more variations that indicate the microarchitectural attack and/or the violation of the expected execution flow.
    Type: Application
    Filed: July 19, 2021
    Publication date: September 8, 2022
    Inventor: Samira Briongos
  • Publication number: 20220245237
    Abstract: A method for detecting a trusted execution environment (TEE) clone application operating on a computing device includes measuring a plurality of read time periods associated with a plurality of monitored cache sets within a memory cache based on executing a first auxiliary thread of a TEE application on the computing device. Each of the read time periods indicating a time period that is used to read data within one of the monitored cache sets. The read time periods are compared with a time threshold to determine one or more cache misses. The TEE clone application is detected as operating on the computing device based on the determined cache misses.
    Type: Application
    Filed: June 2, 2021
    Publication date: August 4, 2022
    Inventors: Samira Briongos, Claudio Soriente, Ghassan Karame