Patents by Inventor Uday Savagaonkar

Uday Savagaonkar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20150205732
    Abstract: Systems, apparatuses, and methods, and for seamlessly protecting memory regions to protect against hardware-based attacks are disclosed. In one embodiment, an apparatus includes a decoder, control logic, and cryptographic logic. The decoder is to decode a transaction between a processor and memory-mapped input/output space. The control logic is to redirect the transaction from the memory-mapped input/output space to a system memory. The cryptographic logic is to operate on data for the transaction.
    Type: Application
    Filed: August 1, 2014
    Publication date: July 23, 2015
    Inventors: Uday SAVAGAONKAR, Ravi Sahita, David Durham, Men Long
  • Patent number: 9076019
    Abstract: A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor.
    Type: Grant
    Filed: June 29, 2011
    Date of Patent: July 7, 2015
    Assignee: Intel Corporation
    Inventors: Shay Gueron, Uday Savagaonkar, Francis X. McKeen, Carlos V. Rozas, David M. Durham, Jacob Doweck, Ofir Mulla, Ittai Anati, Zvika Greenfield, Moshe Maor
  • Publication number: 20150188710
    Abstract: Embodiments of an invention for offloading functionality from a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes verifying that a signature structure key matches a hardware key that permits functionality to be offloaded.
    Type: Application
    Filed: December 28, 2013
    Publication date: July 2, 2015
    Inventors: Simon Johnson, Francis McKeen, Vincent Scarlata, Carlos Rozas, Uday Savagaonkar, Michael Goldsmith, Ernie Brickell
  • Publication number: 20150186659
    Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.
    Type: Application
    Filed: December 27, 2013
    Publication date: July 2, 2015
    Inventors: Rebekah LESLIE-HURD, Ilya ALEXANDROVICH, Ittai ANATI, Alex BERENZON, Michael GOLDSMITH, Simon JOHNSON, Francis MCKEEN, Carlos ROZAS, Uday SAVAGAONKAR, Vincent SCARLATA, Vedvyas SHANBHOGUE, Wesley SMITH
  • Publication number: 20150095617
    Abstract: In an embodiment, the present invention includes a processor having a decode unit, an execution unit, and a retirement unit. The decode unit is to decode control transfer instructions and the execution unit is to execute control transfer instructions. The retirement unit is to retire a first control transfer instruction, and to raise a fault if a next instruction to be retired after the first control transfer instruction is not a second control transfer instruction and a target instruction of the first control transfer instruction is in code using the control transfer instructions.
    Type: Application
    Filed: September 27, 2013
    Publication date: April 2, 2015
    Inventors: Vedvyas SHANBHOGUE, Jason Brandt, Uday Savagaonkar, Ravi Sahita
  • Publication number: 20150033012
    Abstract: Embodiments of an invention for secure processing environment measurement and attestation are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive a first instruction associated with a build or a rebuild of a secure enclave. The execution unit is to execute the first instruction. Execution of the first instruction, when associated with the build, includes calculation of a first measurement and a second measurement of the secure enclave. Execution of the first instruction, when associated with the rebuild, includes calculation of the second measurement without calculation of the first measurement.
    Type: Application
    Filed: July 23, 2013
    Publication date: January 29, 2015
    Inventors: Vincent R. Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Rebekah Leslie-Hurd, Barry Huntley, Vedvyas Shanbhogue, Ittai Anati, Francis McKeen, Michael Goldsmith, William Wood, Shay Gueron
  • Publication number: 20150033316
    Abstract: Embodiments of an invention for feature licensing in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to initialize a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes determining whether a requested feature is licensed for use in the secure enclave.
    Type: Application
    Filed: July 23, 2013
    Publication date: January 29, 2015
    Inventors: Vincent Scarlata, Carlos Rozas, Simon Johnson, Uday Savagaonkar, Ittai Anati, Francis McKeen, Michael Goldsmith
  • Patent number: 8839237
    Abstract: A method to communicate information between components in a virtualization enabled platform. In one embodiment, a component exchanges data via a communication page which only integrity protected components can access. In another embodiment, an integrity protected communication broker exchanges data from a communication page of one component to another communication page of another component.
    Type: Grant
    Filed: December 31, 2007
    Date of Patent: September 16, 2014
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Uday Savagaonkar, Subhash Gutti
  • Patent number: 8826035
    Abstract: In general, in one aspect, the disclosure describes a process that includes a cryptographic engine and first and second registers. The cryptographic engine is to encrypt data to be written to memory, to decrypt data read from memory, to generate read integrity check values (ICVs) and write ICVs for memory accesses. The cryptographic engine is also to create a cumulative read ICV and a cumulative write ICV by XORing the generated read ICV and the generated write ICV with a current read MAC and a current write ICV respectively and to validate data integrity by comparing the cumulative read ICV and the cumulative write ICV. The first and second registers are to store the cumulative read and write ICVs respectively at the processor. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: September 2, 2014
    Assignee: Intel Corporation
    Inventors: David Durham, Men Long, Uday Savagaonkar
  • Publication number: 20140223197
    Abstract: A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor.
    Type: Application
    Filed: June 29, 2011
    Publication date: August 7, 2014
    Inventors: Shay Gueron, Uday Savagaonkar, Francis X. McKeen, Carlos V. Rozas, David M. Durham, Jacob Doweck, Ofir Mulla, Ittai Anati, Zvika Greenfield, Moshe Maor
  • Publication number: 20140205085
    Abstract: In general, in one aspect, noise is injected into a bitmap associated with content to be presented on a display to create a noisy bitmap. The noisy bitmap is encrypted using electronic code book (ECB) encryption. The resulting ciphertext does not include recognizable patterns from the content as is typical with ECB encryption. The injection of noise may include modifying pixel values for at least a subset of pixels in the bitmap. The pixel values may be modified by using a counter, a known modification pattern, or a random number generator. The bitmap may be analyzed to determine how the bitmap can be modified to maximize the randomness of the bitmap while ensuring that the noisy bitmap is visually perceptually similar when presented. The noise may be injected into a block of pixels prior to the block being encrypted.
    Type: Application
    Filed: December 30, 2011
    Publication date: July 24, 2014
    Inventors: Scott Janus, Jason Martin, UDAY Savagaonkar
  • Publication number: 20140173275
    Abstract: Embodiments of an invention for securing transmissions between processor packages are disclosed. In one embodiment, an apparatus includes an encryption unit to encrypt first content to be transmitted from the apparatus to a processor package directly through a point-to-point link.
    Type: Application
    Filed: December 19, 2012
    Publication date: June 19, 2014
    Inventors: Simon Johnson, Abhishek Das, Carlos Rozas, Uday Savagaonkar, Robert Blankenship, Kiran Padwekar
  • Patent number: 8738889
    Abstract: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
    Type: Grant
    Filed: October 12, 2012
    Date of Patent: May 27, 2014
    Assignee: Intel Corporation
    Inventors: Uday Savagaonkar, Madhavan Parthasarathy, Ravi Sahita, David Durham
  • Patent number: 8645704
    Abstract: Disclosed is a method for restricting access of a first code of a plurality of codes of a first function from a second function. The method comprises calling the second function by the first function, addresses of the plurality of codes are stored in a stack page and colored in a first color (102). The method comprises performing access control check in a transition page for verifying whether the first function has permission to call the second function (104). Further the method comprises protecting the first code from the second function by coloring the addresses in a second color (106). Furthermore, the method comprises executing the second function by pushing addresses of the second function on the stack page, the addresses of the second function colored in a third color (108) and unprotecting the first code by coloring the addresses of the first code in the first color (110).
    Type: Grant
    Filed: May 7, 2007
    Date of Patent: February 4, 2014
    Assignee: Intel Corporation
    Inventors: Uday Savagaonkar, David Durham, Ravi Sahita, Subhash Gutti
  • Publication number: 20140006746
    Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.
    Type: Application
    Filed: June 29, 2012
    Publication date: January 2, 2014
    Inventors: Gur Hildesheim, Shlomo Raikin, Ittai Anati, Gideon Gerzon, Uday Savagaonkar, Francis Mckeen, Carlos Rozas, Michael Goldsmith, Prashant Dewan
  • Patent number: 8555380
    Abstract: A method for automatically modifying an executable file for a software agent is provided. The method comprises detecting original static entry and exit points in the executable file and generating corresponding transformed points; modifying the executable file by linking the executable file to the integrity services environment and embedding a signed agent manifest; loading the modified executable file into memory and registering a target list with the software agent's hypervisor, wherein the target list provides mappings between protected and active page tables; detecting dynamic entry and exit points in the executable file and generating corresponding transformed points; switching to a protected context, in response to a transformed exit point being invoked, and switching to an active context, in response a transformed entry point being invoked; and de-registering the software agent with the memory protection module, in response to the software agent being unloaded.
    Type: Grant
    Filed: February 28, 2008
    Date of Patent: October 8, 2013
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Ravi Sahita, Uday Savagaonkar
  • Patent number: 8464251
    Abstract: A virtual machine monitor; and an executive virtual machine to manage page tables in place of the virtual machine monitor are described. Other embodiments may be described and claimed.
    Type: Grant
    Filed: March 31, 2007
    Date of Patent: June 11, 2013
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Uday Savagaonkar, Paul Schmitz
  • Publication number: 20130055391
    Abstract: Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
    Type: Application
    Filed: October 31, 2012
    Publication date: February 28, 2013
    Inventors: Ravi Sahita, Uday Savagaonkar
  • Publication number: 20130036291
    Abstract: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, a method includes receiving an instruction requiring an address translation; initiating, in response to receiving the instruction, a page walk from a page table pointed to by the contents of a page table pointer storage location; finding, during the page walk, a transition entry; storing the address translation and one of a plurality of address source identifiers in a translation lookaside buffer, the one of the plurality of address source identifiers based on one of a plurality of a virtual partition identifiers, at least two of the plurality of virtual partition identifiers associated with one of a plurality of virtual machines; and re-initiating the page walk.
    Type: Application
    Filed: October 12, 2012
    Publication date: February 7, 2013
    Inventors: Uday Savagaonkar, Madhavan Parthasarathy, Ravi Sahita, David Durham
  • Patent number: 8341369
    Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: December 25, 2012
    Assignee: Intel Corporation
    Inventors: Uday Savagaonkar, Travis T. Schluessler, Hormuzd Khosravi, Ravi Sahita, Gayathri Nagabhushan, David Durham