Data processing system and method for accessing data in the data processing system
US-2022114002-A1 · Apr 14, 2022 · US
Techniques and technologies to address malicious single-stepping and zero-stepping of trusted execution environments
US12093432B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12093432-B2 |
| Application number | US-202117485077-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 24, 2021 |
| Priority date | Sep 24, 2021 |
| Publication date | Sep 17, 2024 |
| Grant date | Sep 17, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping event in the architecturally protected enclave.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus comprising: processing circuitry coupled to a memory, the processing circuitry to: detect, using an asynchronous exiting event software handler, an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave; and in response to the occurrence, implement, using at least one of a static contract or a dynamic contract on enclave page locking, a mitigation process to inhibit further occurrences of the single-stepping event or the zero-stepping event in the architecturally protected enclave. 2. The apparatus of claim 1 , wherein the processing circuitry is further to: implement a counter to monitor forward progress of the compute process which is to execute in the architecturally protected enclave; and generate an error signal when the counter indicates that the forward progress is less than a threshold. 3. The apparatus of claim 1 , wherein the processor circuitry is further to: monitor a frequency of fault events in the execution thread on the architecturally protected enclave; monitor one or more instructions that execute between an occurrence of fault events in the execution thread on the architecturally protected enclave; and generate an error signal when the frequency of the fault events is greater than a threshold. 4. The apparatus processor of claim 1 , wherein the processor circuitry is further to: detect a page fault within a locked region of a computer-readable memory in the architecturally protected enclave; and in response to the page fault, generate an error signal. 5. The apparatus of claim 1 , wherein the processor circuitry is further to: implement a counter to monitor a number of asynchronous enclave exit (AEX) events that occur in the architecturally protected enclave; generate an error signal when the number of asynchronous enclave exit (AEX) events is greater than the threshold; determine one or more memory addresses to be accessed by the one or more instructions to be executed by the architecturally protected enclave following an asynchronous enclave exit (AEX) event on the architecturally protected enclave; and initiate a prefetch operation to access the one or more memory addresses. 6. The apparatus of claim 1 , wherein the processor circuitry is further to: initiate a branch speculation process for the execution thread to warm up a cache memory. 7. A method comprising: detecting, by a processor of a computing device, using an asynchronous exiting event software handler, an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave; and in response to the occurrence, implementing, using at least one of a static contract or a dynamic contract on enclave page locking, a mitigation process to inhibit further occurrences of the single-stepping event or the zero-stepping event in the architecturally protected enclave. 8. The method of claim 7 , further comprising: implementing a counter to monitor forward progress of the compute process which is to execute in the architecturally protected enclave; and generating an error signal when the counter indicates that the forward progress is less than a threshold. 9. The method of claim 7 , further comprising: monitoring a frequency of fault events in the execution thread on the architecturally protected enclave; monitoring one or more instructions that execute between an occurrence of fault events in the execution thread on the architecturally protected enclave; and generating an error signal when the frequency of the fault events is greater than a threshold. 10. The method of claim 7 , further comprising: detecting a page fault within a locked region of a computer-readable memory in the architecturally protected enclave; and in response to the page fault, generating an error signal. 11. The method of claim 7 , further comprising: implementing a counter to monitor a number of asynchronous enclave exit (AEX) events that occur in the architecturally protected enclave; generating an error signal when the number of asynchronous enclave exit (AEX) events is greater than the threshold; determining one or more memory addresses to be accessed by one or more instructions to be executed by the architecturally protected enclave following an asynchronous enclave exit (AEX) event on the architecturally protected enclave; and initiating a prefetch operation to access the one or more memory addresses. 12. The method of claim 7 , further comprising: initiating a branch speculation process for the execution thread to warm up a cache memory. 13. At least one computer-readable medium having stored thereon instructions which, when executed, cause a computing device to perform operations comprising: detecting, using an asynchronous exiting event software handler, an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave; and in response to the occurrence, implementing, using at least one of a static contract or a dynamic contract on enclave page locking, a mitigation process to inhibit further occurrences of the single-stepping event or the zero-stepping event in the architecturally protected enclave. 14. The computer-readable medium of claim 13 , wherein the operations further comprise: implementing a counter to monitor forward progress of the compute process which is to execute in the architecturally protected enclave; and generating an error signal when the counter indicates that the forward progress is less than a threshold. 15. The computer-readable medium of claim 13 , wherein the operations further comprising: monitoring a frequency of fault events in the execution thread on the architecturally protected enclave; monitoring one or more instructions that execute between an occurrence of fault events in the execution thread on the architecturally protected enclave; and generating an error signal when the frequency of the fault events is greater than a threshold. 16. The computer-readable medium of claim 13 , wherein the operations further comprising: detect a page fault within a locked region of a computer-readable memory in the architecturally protected enclave; and in response to the page fault, generate an error signal. 17. The computer-readable medium of claim 13 , wherein the operations further comprising: implement a counter to monitor a number of asynchronous enclave exit (AEX) events that occur in the architecturally protected enclave; generate an error signal when the number of asynchronous enclave exit (AEX) events is greater than the threshold; determine one or more memory addresses to be accessed by one or more instructions to be executed by the architecturally protected enclave following an asynchronous enclave exit (AEX) event on the architecturally protected enclave; and initiate a prefetch operation to access the one or more memory addresses. 18. The computer-readable medium of claim 13 , wherein the operations further comprising: initiate a branch speculation process for the execution thread to warm up a cache memory.
Assignees
Inventors
Classifications
involving event detection and direct action · CPC title
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
Monitoring involving counting · CPC title
by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights (G06F12/1458 takes precedence) · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12093432B2 cover?
- In one embodiment, an apparatus comprises a processing circuitry to detect an occurrence of at least one of a single-stepping event or a zero-stepping event in an execution thread on an architecturally protected enclave and in response to the occurrence, implement at least one mitigation process to inhibit further occurrences of the at least one of a single-stepping event or a zero-stepping eve…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 17 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).