Patents by Inventor Vadim Sukhomlinov

Vadim Sukhomlinov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11354240
    Abstract: The present disclosure is directed to systems and methods that include cache operation storage circuitry that selectively enables/disables the Cache Line Flush (CLFLUSH) operation. The cache operation storage circuitry may also selectively replace the CLFLUSH operation with one or more replacement operations that provide similar functionality but beneficially and advantageously prevent an attacker from placing processor cache circuitry in a known state during a timing-based, side channel attack such as Spectre or Meltdown. The cache operation storage circuitry includes model specific registers (MSRs) that contain information used to determine whether to enable/disable CLFLUSH functionality. The cache operation storage circuitry may include model specific registers (MSRs) that contain information used to select appropriate replacement operations such as Cache Line Demote (CLDEMOTE) and/or Cache Line Write Back (CLWB) to selectively replace CLFLUSH operations.
    Type: Grant
    Filed: June 22, 2020
    Date of Patent: June 7, 2022
    Assignee: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij Doshi
  • Patent number: 11347853
    Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.
    Type: Grant
    Filed: September 16, 2019
    Date of Patent: May 31, 2022
    Assignee: MCAFEE, LLC
    Inventors: Palanivelrajan Rajan Shanmugavelayutham, Koichi Yamada, Vadim Sukhomlinov, Igor Muttik, Oleksandr Bazhaniuk, Yuriy Bulygin, Dmitri Dima Rubakha, Jennifer Eligius Mankin, Carl D. Woodward, Sevin F. Varoglu, Dima Mirkin, Alex Nayshtut
  • Patent number: 11320837
    Abstract: In some embodiments, the disclosed subject matter involves communication and negotiation between an autonomous entity or vehicle with a network of communication resources within a smart premises. The communication resources may include entry, landing or navigation beacons and a building infrastructure service. Negotiation for guidance, entry and other authorized tasks or services may be performed in a distributed fashion while en route or in proximity to a communication resource, rather than scheduled by a centralized server. Other embodiments are described and claimed.
    Type: Grant
    Filed: September 1, 2017
    Date of Patent: May 3, 2022
    Assignee: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij Arun Doshi, Katalin K. Bartfai-Walcott
  • Patent number: 11307854
    Abstract: A processor of an aspect includes a decode unit to decode an instruction. The instruction is to indicate a destination memory address information. An execution unit is coupled with the decode unit. The execution unit, in response to the decode of the instruction, is to store memory addresses, for at least all initial writes to corresponding data items, which are to occur after the instruction in original program order, to a memory address log. A start of the memory address log is to correspond to the destination memory address information. Other processors, methods, systems, and instructions are also disclosed.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: April 19, 2022
    Assignee: Intel Corporation
    Inventors: Kshitij Doshi, Roman Dementiev, Vadim Sukhomlinov
  • Patent number: 11171983
    Abstract: Embodiments are directed toward techniques to detect a first function associated with an address space initiating a call instruction to a second function in the address space, the first function to call the second function in a deprivileged mode of operation, and define accessible address ranges for segments of the address space for the second function, each segment to a have a different address range in the address space where the second function is permitted to access in the deprivileged mode of operation, Embodiments include switching to the stack associated with the second address space and the second function, and initiating execution of the second function in the deprivileged mode of operation.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: November 9, 2021
    Assignee: INTEL CORPORATION
    Inventors: Vadim Sukhomlinov, Kshitij Doshi, Michael Lemay, Dmitry Babokin, Areg Melik-Adamyan
  • Publication number: 20210319098
    Abstract: Techniques and apparatuses to harden AI systems against various attacks are provided. Among the different techniques and apparatuses, is provided, techniques and apparatuses that expand the domain for an inference model to include both visible classes and well as hidden classes. The hidden classes can be used to detect possible probing attacks against the model.
    Type: Application
    Filed: April 23, 2019
    Publication date: October 14, 2021
    Applicant: INTEL CORPORATION
    Inventors: OLEG POGORELIK, ALEX NAYSHTUT, OMER BEN-SHALOM, DENIS KLIMOV, RAIZY KELLERMANN, GUY BARNHART-MAGEN, VADIM SUKHOMLINOV
  • Patent number: 11126721
    Abstract: The disclosed embodiments generally relate to detecting malware through detection of micro-architectural changes (morphing events) when executing a code at a hardware level (e.g., CPU). An exemplary embodiment relates to a computer system having: a memory circuitry comprising an executable code; a central processing unit (CPU) in communication with the memory circuitry and configured to execute the code; a performance monitoring unit (PMU) associated with the CPU, the PMU configured to detect and count one or more morphing events associated with execution of the code and to determine if the counted number of morphine events exceed a threshold value; and a co-processor configured to initiate a memory scan of the memory circuitry to identify a malware in the code.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: September 21, 2021
    Assignee: INTEL CORPORATION
    Inventors: Alex Nayshtut, Vadim Sukhomlinov, Koichi Yamada, Ajay Harikumar, Venkat Gokulrangan
  • Publication number: 20210271733
    Abstract: Detailed are embodiments related to bit matrix multiplication in a processor. For example, in some embodiments a processor comprising: decode circuitry to decode an instruction have fields for an opcode, an identifier of a first source bit matrix, an identifier of a second source bit matrix, an identifier of a destination bit matrix, and an immediate; and execution circuitry to execute the decoded instruction to perform a multiplication of a matrix of S-bit elements of the identified first source bit matrix with S-bit elements of the identified second source bit matrix, wherein the multiplication and accumulation operations are selected by the operation selector and store a result of the matrix multiplication into the identified destination bit matrix, wherein S indicates a plural bit size is described.
    Type: Application
    Filed: January 22, 2021
    Publication date: September 2, 2021
    Inventors: Dmitry Y. Babokin, Kshitij A. Doshi, Vadim Sukhomlinov
  • Publication number: 20210263779
    Abstract: Embodiments of systems, apparatuses and methods provide enhanced function as a service (FaaS) to users, e.g., computer developers and cloud service providers (CSPs). A computing system configured to provide such enhanced FaaS service include one or more controls architectural subsystems, software and orchestration subsystems, network and storage subsystems, and security subsystems. The computing system executes functions in response to events triggered by the users in an execution environment provided by the architectural subsystems, which represent an abstraction of execution management and shield the users from the burden of managing the execution. The software and orchestration subsystems allocate computing resources for the function execution by intelligently spinning up and down containers for function code with decreased instantiation latency and increased execution scalability while maintaining secured execution.
    Type: Application
    Filed: April 16, 2019
    Publication date: August 26, 2021
    Applicant: Intel Corporation
    Inventors: Mohammad R. Haghighat, Kshitij Doshi, Andrew J. Herdrich, Anup Mohan, Ravishankar R. Iyer, Mingqiu Sun, Krishna Bhuyan, Teck Joo Goh, Mohan J. Kumar, Michael Prinke, Michael Lemay, Leeor Peled, Jr-Shian Tsai, David M. Durham, Jeffrey D. Chamberlain, Vadim A. Sukhomlinov, Eric J. Dahlen, Sara Baghsorkhi, Harshad Sane, Areg Melik-Adamyan, Ravi Sahita, Dmitry Yurievich Babokin, Ian M. Steiner, Alexander Bachmutsky, Anil Rao, Mingwei Zhang, Nilesh K. Jain, Amin Firoozshahian, Baiju V. Patel, Wenyong Huang, Yeluri Raghuram
  • Patent number: 11055226
    Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive a request for data, wherein the request is received on a system that regularly stores data in a cache and provide the requested data without causing the data or an address of the data to be cached or for changes to the cache to occur. In an example, the requested data is already in a level 1 cache, level 2 cache, or last level cache and the cache does not change its state. Also, a snoop request can be broadcasted to acquire the requested data and the snoop request is a read request and not a request for ownership of the data. In addition, changes to a translation lookaside buffer when the data was obtained using a linear to physical address translation is prevented.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 6, 2021
    Assignee: Intel Corporation
    Inventor: Vadim Sukhomlinov
  • Publication number: 20210191789
    Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.
    Type: Application
    Filed: December 4, 2020
    Publication date: June 24, 2021
    Applicant: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij A. Doshi
  • Publication number: 20210117535
    Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
    Type: Application
    Filed: December 7, 2020
    Publication date: April 22, 2021
    Inventors: Michael LEMAY, David M. DURHAM, Michael E. KOUNAVIS, Barry E. HUNTLEY, Vedvyas SHANBHOGUE, Jason W. BRANDT, Josh TRIPLETT, Gilbert NEIGER, Karanvir GREWAL, Baiju PATEL, Ye ZHUANG, Jr-Shian TSAI, Vadim SUKHOMLINOV, Ravi SAHITA, Mingwei ZHANG, James C. FARWELL, Amitabh DAS, Krishna BHUYAN
  • Patent number: 10965597
    Abstract: Examples may include techniques to route packets to virtual network functions. A network function virtualization load balancer is provided which routes packets to both maximize a specified distribution and minimize switching of contexts between virtual network functions. Virtual network functions are arranged to be able to shift a context from one virtual network function to another. As such, the system can be managed, for example, scaled up or down, regardless of the statefullness of the virtual network functions and their local contexts or flows.
    Type: Grant
    Filed: July 1, 2017
    Date of Patent: March 30, 2021
    Assignee: INTEL CORPORATION
    Inventors: Vadim Sukhomlinov, Kshitij A. Doshi, Andrey Chilikin
  • Patent number: 10929504
    Abstract: Detailed are embodiments related to bit matrix multiplication in a processor. For example, in some embodiments a processor comprising: decode circuitry to decode an instruction have fields for an opcode, an identifier of a first source bit matrix, an identifier of a second source bit matrix, an identifier of a destination bit matrix, and an immediate; and execution circuitry to execute the decoded instruction to perform a multiplication of a matrix of S-bit elements of the identified first source bit matrix with S-bit elements of the identified second source bit matrix, wherein the multiplication and accumulation operations are selected by the operation selector and store a result of the matrix multiplication into the identified destination bit matrix, wherein S indicates a plural bit size is described.
    Type: Grant
    Filed: November 21, 2019
    Date of Patent: February 23, 2021
    Assignee: Intel Corporation
    Inventors: Dmitry Y. Babokin, Kshitij A. Doshi, Vadim Sukhomlinov
  • Patent number: 10929535
    Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Meltdown or Spectre type attack by selectively introducing a variable, but controlled, quantity of uncertainty into the externally accessible system parameters visible and useful to the attacker. The systems and methods described herein provide perturbation circuitry that includes perturbation selector circuitry and perturbation block circuitry. The perturbation selector circuitry detects a potential attack by monitoring the performance/timing data generated by the processor. Upon detecting an attack, the perturbation selector circuitry determines a variable quantity of uncertainty to introduce to the externally accessible system data. The perturbation block circuitry adds the determined uncertainty into the externally accessible system data. The added uncertainty may be based on the frequency or interval of the event occurrences indicative of an attack.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: February 23, 2021
    Assignee: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij Doshi, Francesc Guim, Alex Nayshtut
  • Publication number: 20210036859
    Abstract: A method for authenticating a secure credential transfer to a device includes verifying user identity and device identity. In particular, the method includes verifying user identity by requesting and receiving a user identification input at a first client device and verifying device identity of a second client device by (i) determining a security status of the second client device from hardware of the second client device, (ii) invoking an identifier related to the security status of the second client device to an authentication server, and (iii) obtaining certification from the authentication server for the second client device based on the invoked identifier. After verifying the user identity and the device identity, the method includes establishing a secure channel between the first client device and the second client device for the secure credential transfer using one or more tokens generated by the authentication server.
    Type: Application
    Filed: July 30, 2019
    Publication date: February 4, 2021
    Inventors: Vadim Sukhomlinov, Alberto Martin, Andrey Pronin
  • Publication number: 20210026651
    Abstract: Examples are described that relate to waking up or invoking a function such as a processor-executed application or a hardware device. The application or a hardware device can specify which sources can cause wake-ups and which sources are not to cause wake-ups. A device or processor-executed software can monitor reads from or writes to a region of memory and cause the application or a hardware device to wake-up unless the wake-up is specified as inhibited. The updated region of memory can be precisely specified to allow a pinpoint retrieval of updated content instead of scanning a memory range for changes. In some cases, a write to a region of memory can include various parameters that are to be used by the woken-up application or a hardware device. Parameters can include a source of a wake-up, a timer to cap execution time, or any other information.
    Type: Application
    Filed: July 26, 2019
    Publication date: January 28, 2021
    Inventors: Alexander BACHMUTSKY, Kshitij A. DOSHI, Raghu KONDAPALLI, Vadim SUKHOMLINOV
  • Patent number: 10860390
    Abstract: A computing apparatus, including: a hardware computing platform; and logic to operate on the hardware computing platform, configured to: receive a microservice instance registration for a microservice accelerator, wherein the registration includes a microservice that the microservice accelerator is configured to provide, and a microservice connection capability indicating an ability of the microservice instance to communicate directly with other instances of the same or a different microservice; and log the registration in a microservice registration database.
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: December 8, 2020
    Assignee: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij A. Doshi
  • Patent number: 10860709
    Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: December 8, 2020
    Assignee: Intel Corporation
    Inventors: Michael Lemay, David M. Durham, Michael E. Kounavis, Barry E. Huntley, Vedvyas Shanbhogue, Jason W. Brandt, Josh Triplett, Gilbert Neiger, Karanvir Grewal, Baiju V. Patel, Ye Zhuang, Jr-Shian Tsai, Vadim Sukhomlinov, Ravi Sahita, Mingwei Zhang, James C. Farwell, Amitabh Das, Krishna Bhuyan
  • Patent number: 10831491
    Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side channel attack, such as a Spectre type attack, by limiting the ability of a user-level branch prediction inquiry to access system-level branch prediction data. The branch prediction data stored in the BTB may be apportioned into a plurality of BTB data portions. BTB control circuitry identifies the initiator of a received branch prediction inquiry. Based on the identity of the branch prediction inquiry initiator, the BTB control circuitry causes BTB look-up circuitry to selectively search one or more of the plurality of BTB data portions.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: November 10, 2020
    Assignee: Intel Corporation
    Inventors: Vadim Sukhomlinov, Kshitij Doshi