Secure processor for detecting and preventing exploits of software vulnerability

Description

FIELD OF THE INVENTION

The present invention relates to the field of secure processors, and more particularly to processors which tag code and data with metadata which controls or restricts access and/or execution privileges.

BACKGROUND OF THE INVENTION

Since 2005, Mitre Corporation has developed a list of common types of software vulnerabilities or weaknesses that lead to security violations in a computing system. See, cwe.mitre.org/index.html, and cve.mitre.org/data/downloads/allitems.html. See also, the National Vulnerability Database (NIST), nvd.nist.gov/.

Security-tagged architectures have been around for over five decades in research projects as well as commercially available processors like the Burrough's families of stack machines [37], the Intel iAPX 432 [30], the IBM System 38 [26] and others [19, 33, 35]. MINOS [12] adds a single bit tag to a data word, in the worst case, to protect the integrity of control flow data. In [42], instruction and data tags are used to track data from suspect inputs to prevent their malicious use as instructions of targets of jumps. Efforts such as LIFT [39], RAKSHA [13] and RIFLE [45] have used tagging to primarily track information flow. More elaborate tagging and metadata tags have been used in a number of other projects [2, 15] to implement a richer variety of security functions, designate proper usage of sensitive data structures and provide programmable security policies [15, 44]. The T-core processor uses two hardware-controlled tag bits per byte in memory to track taints and control flow integrity marks [3].

In all of this existing, the focus has been to use tags largely to enforce data usage and, barring the exception noted below, tags have not been used pervasively to enforce context-specific usage of existing instructions. Existing work have also used function tagging [2] to enforce security policies.

The concept of protection domains as security compartments have been around for a while [7, 10, 11, 17, 22, 33, 34, 48, 50].

The use of secure pointers and bounds register together implement functionality very similar to those realized in some designs with capability-based addressing [33,37]. However, capabilities in their purest form have no concept of a traditional address for the associated object. Instead, a unique object ID is used to refer to an object, which is then translated to a memory address.

The Security Tagged Architecture Co-Design (STACD) initiative discussed in [2] focused on eliminating inherent software vulnerabilities by redesigning the underlying hardware and the operating system to enforce software security policies and semantics. The proposed approach uses a metadata processing unit known as the Tagged Management Unit [or Tag management Unit] (TMU) that operates concurrently with the Central Processing Unit (CPU) to process the metadata. The introduction of tag-capable hardware requires software that uses tagged information.

Processors, such as Intel's x86 architecture, provide 2-bit tagging, to provide what is known as the ring architecture, which separates information into three domains; 0—The Kernel Domain, 1 & 2—Middle Domains (largely ignored), 3—User Domain. All kernel code and data must operate in the Kernel Domain (ring 0) while user code and data must remain in User Domain (ring 3). This technique increases the security of the system by providing isolation and separation of information, adhering to the security policy. However, Intel did not take into consideration the systems software. In order to use certain system functions, the user must perform a costly context switch into the Kernel Domain, which forced widespread violations of security policy by the hardware, allowing users to inject a portion of their code into the Kernel Domain.

The ST-ZKOS implements a 32-bit tag that is paired with each 32-bit word in memory. This effectively cuts the amount of memory. There are three primary fields:

- 1. Owner Field—this field indicates the entity that owns the resource managed by the code module. All code and data on the system have been separated into code modules that perform specific functions based on the concept of least privilege. An example of a code module would be the garbage collector, or a device driver.
- 2. Code-space Field—this field indicates the code modules that are currently executing and/or the code modules that are authorized to access specific operating system resources.
- 3. Control-bits Field—this field is used to even further support least privilege by providing some typing and access control information to system resources.

Each component on the bus would be associated with a single owner at any given time. Any master component owned by one entity would not be able to read/write from/to any slave component owned by another entity. Additionally, since the provenance of all components and the intent of their designers cannot be guaranteed, permission from the controller is required for component to accessing the bus (read or write), except for access requests. The bus width was widened to permit the 32-bit tag to accompany the associated code and data.

In order to associate each component on the bus with a specific owner, the components needed a way to identify who their owner is. The owner field of the tagging scheme allows each component to identify an owner. The other fields of the tag are used by the tag management unit to indicate what rules the data/code must follow in the processor and are not relevant for the interconnect.

Software needs a means to set the tag value for each component, thus identifying the owner. To accomplish this, the plug and play information for each component is stored in a record array in the arbiter of the controller. The arbiter needs to be modified such that this array is now memory mapped so that software can address it to assign tags for each component. When a master component, after having been granted sole access to the bus, writes data to a specific address, the arbiter will interpret the address to identify which slave component should receive the data, and will also compare the tag of the master with the tag of the slave from the memory mapped array to determine if they are owned by the same entity. If they are not, then the arbiter reports an error and cancels the transaction. Most memory components are shared among various owners.

Software needs to ensure that one owner does not attempt to overwrite the memory locations of another owner. The arbiter will not perform tag checks on writes to memory, such as Direct Memory Access (DMA) writes. For DMA writes, the arbiter will assign the master's tag to all data from the master on the tag bus to memory. This approach allegedly does not sacrifice security as the new data is tagged appropriately according to the owner of the master. Therefore, it is important that software assign the tag appropriately. The arbiter performs tag checks on reads from memory when the requesting master is not a processor. If the requesting master is not a processor, then the tag of the data is compared to the tag of the requesting master. If the tags do not match, then the arbiter initiates an error response and terminates the transaction.

See, U.S. Pat. Nos. 3,956,615; 5,204,840; 7,171,689; 7,194,769; 7,219,239; 7,254,586; 7,346,922; 7,376,969; 7,451,488; 7,464,407; 7,607,169; 7,650,638; 7,673,345; 7,743,421; 7,752,255; 7,752,459; 7,761,917; 7,761,918; 7,788,722; 7,861,299; 7,926,113; 7,958,549; 7,962,961; 8,028,341; 8,055,732; 8,055,797; 8,056,130; 8,065,725; 8,095,984; 8,127,359; 8,141,155; 8,161,540; 8,176,001; 8,176,527; 8,201,257; 8,209,753; 8,224,930; 8,230,507; 8,234,711; 8,281,036; 8,296,848; 8,306,228; 8,316,448; 8,332,367; 8,365,278; 8,365,289; 8,381,192; 8,392,997; 8,422,379; 8,438,532; 8,438,643; 8,458,798; 8,468,606; 8,474,004; 8,484,741; 8,516,594; 8,522,348; 8,533,843; 8,544,098; 8,566,928; 8,572,550; 8,572,750; 8,595,845; 8,601,104; 8,601,530; 8,602,089; 8,607,336; 8,611,232; 8,612,936; 8,613,083; 8,615,656; 8,627,402; 8,631,248; 8,631,489; 8,640,240; 8,644,516; 8,650,637; 8,730,946; 8,762,188; 8,776,180; 8,789,192; 8,789,193; 8,813,235; 8,819,420; 8,826,438; 8,844,043; 8,844,045; 8,850,588; 8,856,936; 8,869,110; 8,874,685; 8,893,283; 8,903,705; 8,918,884; 8,918,887; 8,925,082; 8,949,169; 8,966,619; 8,966,639; 8,984,579; 8,984,643; 8,990,948; 9,003,537; 9,027,125; 9,032,533; 9,043,753; 9,043,920; 9,047,293; 9,069,930; 9,092,616; 9,094,448; 9,118,706; 9,128,801; 9,141,378; 9,141,805; 9,158,871; 9,160,761; 9,165,133; 9,166,994; 9,178,911; 9,224,117; 9,256,746; 9,268,945; 9,270,695; 9,276,951; 9,292,695; 9,298,923; 9,305,165; 9,306,969; 9,306,975; 9,317,692; 9,317,708; 9,319,425; 9,323,921; 9,325,729; 9,369,482; 9,372,995; 9,389,933; 9,392,007; 9,407,645; 9,411,965; 9,413,538; 9,425,965; 9,456,004; 9,467,464; 9,467,465; 9,473,529; 9,479,535; 9,495,183; 9,503,467; 9,516,058; 9,537,876; 9,537,884; 9,544,326; 9,588,803; 9,602,529; 9,614,864; 9,619,655; 9,628,501; 9,633,213; 9,635,033; 9,648,036; 9,665,721; 9,680,699; 9,680,861; 9,686,291; 9,690,583; 9,692,778; 9,692,779; 9,716,721; 9,722,803; 9,726,460; 9,727,736; 9,729,568; 9,762,617; 9,779,191; 9,792,438; 9,817,978; 9,825,981; 9,825,982; 9,846,780; 9,860,265; 9,866,426; 9,871,815; 9,881,271; 9,886,303; 9,886,581; 9,886,582; 9,887,886; 9,894,088; 9,898,739; 9,900,339; 9,912,683; 9,923,916; 9,923,917; 9,928,369; 9,930,065; 20030167406; 20030182572; 20040003278; 20040143730; 20040172557; 20040218762; 20050005169; 20050010821; 20050138413; 20050187963; 20050229255; 20060069912; 20060225135; 20060259726; 20060259828; 20060265324; 20060265751; 20070061874; 20070061885; 20070067846; 20070067847; 20070067848; 20070162890; 20070169199; 20070177615; 20070192866; 20070192867; 20080005784; 20080060077; 20080068381; 20080071793; 20080071826; 20080071871; 20080071888; 20080071889; 20080071891; 20080071896; 20080071898; 20080072032; 20080072241; 20080072277; 20080072278; 20080089521; 20080092237; 20080127293; 20080127349; 20080172739; 20080222724; 20080256638; 20080270104; 20080271018; 20080271019; 20080271025; 20080282339; 20080313739; 20080314570; 20090007269; 20090028135; 20090077666; 20090099885; 20090100077; 20090103524; 20090106318; 20090113550; 20090204591; 20090254993; 20090281864; 20090293100; 20100042824; 20100050266; 20100095235; 20100095381; 20100154066; 20100192228; 20100275263; 20100306851; 20110030057; 20110047369; 20110060809; 20110093954; 20110125548; 20110138469; 20110138471; 20110141877; 20110191854; 20110231936; 20120185945; 20120203590; 20120204261; 20120222123; 20120232679; 20120246103; 20120260306; 20120272205; 20120284221; 20120304299; 20120304300; 20120311534; 20120311715; 20130055394; 20130074038; 20130074188; 20130086688; 20130125204; 20130167240; 20130179685; 20130182561; 20130191808; 20130191919; 20130198846; 20130227698; 20130247206; 20130268253; 20130297375; 20130298192; 20130298230; 20130298242; 20130298243; 20130298244; 20130326469; 20140007241; 20140032505; 20140047545; 20140059683; 20140068267; 20140075414; 20140082733; 20140137257; 20140165204; 20140172495; 20140173731; 20140173737; 20140181975; 20140181976; 20140189787; 20140189873; 20140196154; 20140201843; 20140215614; 20140215629; 20140218389; 20140237545; 20140245376; 20140283083; 20140317677; 20140337971; 20140337974; 20140366145; 20140373160; 20150033340; 20150040220; 20150040228; 20150058993; 20150067323; 20150067762; 20150088733; 20150106873; 20150172307; 20150213358; 20150222655; 20150235164; 20150237062; 20150237065; 20150241139; 20150242637; 20150244734; 20150244735; 20150288712; 20150295948; 20150301515; 20150304337; 20150310217; 20160006735; 20160012236; 20160020959; 20160034682; 20160057164; 20160063248; 20160063249; 20160063250; 20160063251; 20160063252; 20160065598; 20160072835; 20160078377; 20160105455; 20160119373; 20160180080; 20160188882; 20160205122; 20160212153; 20160232358; 20160234065; 20160248794; 20160248796; 20160253590; 20160259944; 20160261640; 20160269435; 20160337484; 20160366174; 20160378994; 20170026401; 20170034023; 20170034089; 20170034200; 20170046519; 20170053115; 20170061133; 20170078322; 20170091465; 20170093910; 20170142138; 20170149786; 20170149816; 20170169217; 20170171236; 20170177367; 20170177368; 20170180411; 20170193239; 20170206381; 20170208084; 20170208085; 20170208093; 20170213002; 20170214708; 20170214710; 20170243009; 20170250998; 20170262655; 20170286690; 20170289187; 20170293563; 20170295181; 20170295197; 20170300911; 20170316213; 20170318048; 20170324763; 20170324766; 20170329975; 20170331682; 20170346847; 20170353313; 20170353482; 20180011708; 20180032733; 20180032736; 20180034840; 20180041539; 20180048668; 20180060867; 20180063171; 20180063172; 20180063177; 20180077156; 20180077188; 20180077193; 20180077195; 20180091539; 20180096609; and 20180103054, each of which is expressly incorporated herein by reference.

SUMMARY OF THE INVENTION

The present technology provides a microprocessor having specific hardware support for detection of common types of software vulnerabilities or weaknesses that lead to security violations in a computing system.

This technology may be implemented as a hardware improvement that can be incorporated into an existing processor type, called a “Secure Processor” (SP) to detect exploitations of software vulnerabilities in the software, either accidentally or maliciously by compromised programs. The mechanisms employed are largely portable across different instruction sets, and are therefore not limited to any particular type of microprocessor architecture.

The security mechanism adds tags to each instruction and data word, leading to a tagged processor design for the SP. The added tag bits are used to enforce specific usage of instructions and data in the SP. The tags may be uniform in size (8-bits), or variable in size. The SP associates relatively narrow word-tags with every memory word that contains data or an instruction, to detect the exploitation of a number of software vulnerabilities.

The SP improves on existing security-tagged architectures is its pervasive use of these tags, to not only enforce the data type compliance rules of the application, but to also enforce context-specific legal uses of both data and instructions associated with control transfer, secured/bounded pointers, potentially-tainted data from an input device, and in other critical scenarios.

The SP may include additional secure features, such as word-sized, in-line metadata tags that specify access control information, which complement the word tags, which help form a basis of protection domains. Protection domains are hardware-implemented security compartments that encapsulate externally-callable and private functions, private data and can be set up to a security compartment that encompasses a single address space or set up multiple protection domains within a single address space. This permits a single application or a system component (like the OS) to be compartmentalized. The callable functions within a domain are invoked through word-tag enforced legal call gates, and every invocation uses existing control transfer primitives tagged appropriately for context-specific use. Such calls perform an access control check which can further enforce the principle of least privileges and/or other access control policies.

To secure a fenced, contiguous region of data, word tags also ensure that accesses are possible with secured pointers, with automatic bounds checking on each access. The SP's security mechanisms also include CPU-internal per-thread key registers and memory encryption engines, which together with protection domains provide information containment and isolation. In many instances, the SP uses multiple layers of protection to provide a robust solution against the software vulnerabilities.

In SP, the enforcement of proper context-specific use of many existing instructions (that are related to control flow or to accesses performed to a secured memory region with bounds enforcement) is specifically targeted with word tags for instructions to avoid the addition of new instructions that lead to an ISA bloat.

The SP implements two types of protection domains, fully-isolated and lightweight domains relying on instruction tagging to implement secure call gates and using sealed pointers to implement cross-domain calls with access checks on entry. Word tags are also used labels to enforce context-specific usage of exiting instructions for cross-domain calls. The approach taken has some similarity with earlier work on capability extensions for a RISC pipeline [21, 46].

The SP's protection domains can be used within the applications or the systems software components, specifically within the OS, libraries and utilities and are thus more homogeneous compared to Intel's SGX [11] or ISoX [17] that provide safe execution harbor to the applications from a compromised kernel and also from ARM's Trustzone, which effectively provides a safe harbor for only the trusted components in a system.

The SP's use of low-overhead local handlers is similar to RAKSHA's [13], but the SP, for added security, implements the scope of such functions only to the individual functions identified by the compiler.

The SP's fencing mechanism for limiting accesses with bounds checking to a fenced memory region uses a capability-like secure region pointer that specifies the region's address and size and the privilege level with which the region is accessed using instructions at all privilege levels as long as they have the secured pointers. This is similar to Intel's MPX extensions [28] that rely on the use of privileged instructions.

It is therefore an object to provide a secure processor, comprising: a logic execution unit configured to process data based on instructions; a communication interface unit, configured to transfer the instructions and the data, and tags accompanying respective instructions and data; a tag processing unit, configured to enforce specific restrictions with respect to at least execution of instructions, access to resources, and manipulation of data, selectively dependent on the accompanying tags; and a control transfer processing unit, configured to validate a branch instruction execution and an entry point instruction of each control transfer, selectively dependent on the respective accompanying tags.

It is also an object to provide a secure processing method, comprising: transferring instructions and data, in conjunction with tags accompanying respective instructions and data; enforcing, by a tag processing unit, specific restrictions with respect to at least execution of instructions, access to resources, and manipulation of data by an instruction execution unit, selectively dependent on the accompanying tags; and validating a branch instruction execution and an entry point instruction of each control transfer, selectively dependent on the respective accompanying tags, with a control transfer processing unit.

The tag processing unit may be implemented in hardware.

The tag processing unit may be further configured to ensure compliance with data type rules; memory access rules; context-specific data usage rules; source-dependent data usage rules; data modification rules; source-dependent instruction execution rules; context-dependent instruction execution rules; instruction sequence modification rules; control transfer instruction rules; and/or metadata tag modification rules.

The tag processing unit may be configured to enforce a restriction on use of data as an address within a memory space; data as a return address for a subroutine call; data as a target address of an indirect branch; data as a pointer; an instruction to control flow to a legal path; an instruction to call a function; an instruction to return from a function call; an instruction to access a protected domain or module; an instruction to perform a legal operation based on the source data type; and/or an instruction to bound access to a fenced memory region.

The communication interface unit may be configured to concurrently or sequentially transfer a respective instruction or data, and a respective accompanying tag.

The logic execution unit may be a RISC or CISC processor or portion thereof, with word length 8, 16, 32, or 64 bits, for example.

The tags may be 4-bits, 8-bits, or 16-bits for example.

The tag may comprise a privilege level which restricts access by the logic execution unit under control of instructions having the privilege level to the tags. The may tag comprises a second privilege level which permits access by the logic execution unit under control of instructions having the second privilege level to the tags.

At least one tag may indicate tainted instructions or data, wherein the tag processing unit requires validation of the tainted instructions or data prior to use.

The secure processor may further comprise a cryptographic unit, configured to perform cryptographic operations on information communicated through the communication interface unit. The cryptographic unit may employ distinct cryptographic keys selectively dependent on the tags. The cryptographic unit may employ distinct cryptographic keys selectively dependent on a respective thread of instruction execution.

The secure processor may further comprise an address translation unit, configured to map logical memory spaces to physical memory pages. The address translation unit may be further configured to maintain separate memory pages of instructions, data, and tags. The address translation unit may be further configured to retrieve memory pages of tags together with associated memory pages of instructions or data for storage in a common cache. The address translation unit may be further configured to maintain a privilege restriction on memory pages of instructions and tags which restricts reading, writing, and execution, unless accessed by trusted hardware or according to instructions having associated tags which indicate higher privileges. The memory pages of tags may be subject to an integrity check by the secure processor prior to execution of instructions from the memory pages of instructions.

A set of instructions comprising a code segment may be accompanied by a metadata tag, comprising at least one of a security level or a privilege level of the code segment, wherein the tag processing unit may be further configured to compare the security level or the privilege level of the code segment with a security level or a privilege level indicated by the respective tag of a calling instruction of the code segment.

The logic execution unit may have a logic execution pipeline with a first number of stages, and the tag processing unit has a tag processing pipeline with a second number of stages, the first number and the second number being the same, and wherein instruction processing advances through the logic execution pipeline at the same rate as tags advance through the tag processing pipeline processing.

The tag processing pipeline may have a tag processing stage which relies on information provided by at least one stage of the logic execution pipeline.

The logic execution pipeline may selectively process instructions in dependence on signal generated by stages of the tag processing pipeline.

The tag processing unit may comprise a tag processing pipeline, and the logic execution units comprises a logic execution pipeline, the tag processing pipeline and logic execution pipeline having synchronized operation, wherein the tag processing pipeline relies on information received the logic execution pipeline pertaining to the instructions it processes, sent from a stage in the logic execution pipeline to a corresponding stage in the tag processing pipeline, and the tag processing pipeline having at least one stage configured to generate signals that affect the behavior of the logic execution pipeline.

The secure processor may further comprise an instruction cache having cache lines, each cache line comprising memory locations for storing instructions and memory locations for storing tags, wherein the secure processor is configured to retrieve instructions based on instruction addresses, and to retrieve tags for storing in the instruction cache based on an address of a corresponding instruction.

The communication interface unit may be configured to retrieve an instruction based on an instruction address, and to retrieve a tag corresponding to the instruction based on the instruction address.

The secure processor may further comprise a data cache having cache lines, each cache line comprising memory locations for storing data and memory locations for storing tags, wherein the secure processor is configured to retrieve data based on data addresses, and to retrieve tags for storing in the data cache based on an address of corresponding data.

The communication interface unit may be configured to retrieve data based on a data address, and to retrieve a tag corresponding to the data based on the data address.

The communication interface unit may be configured to: retrieve information from a memory according to an address, store the retrieved information in a cache, and to perform a confinement check to determine whether the address is within a predefined memory region, and selectively access a tag in dependence on whether the address is within the predefined memory region.

The predefined memory region may comprise a fenced memory region demarcating by a set of guard memory words defining a starting address of a string of memory locations containing the information to be retrieved.

The fenced memory region may contain information that does not need to be protected and tagged as unmodifiable.

Each tag may have a number of bits of information dependent on a number of bits of information in a corresponding instruction.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a protected domain and its typical contents.

FIG. 2 depicts protection domains.

FIG. 3 shows a block diagram of a RISC-V rocket pipeline with security extensions for realizing the SP in Gray.

FIG. 4 shows a flowchart of a method according to one embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In a particular embodiment of the Secure Processor (SP), each of the aforementioned security paradigms is employed. It is noted that these may be employed individually, or in subcombination, or with other solutions to address the same potential vulnerabilities.

In this embodiment, we assume a 32-bit memory word for the following discussions, as in the 32-bit version of RISC-V. Each of the 32-bit memory words has an associated 8-bit tag. Of course, the technology is not limited to 32-bit architectures, 8-bit tags, or RISC-V architectures, and the technology may explicitly include CISC architectures, such as x86, IA-32, IA-64, as well as ARM64, ARMv7s. ARMv7, nVidia GPU, ATI GPU, SPARC, MIPS, etc. Likewise, the technology may encompass 4, 6, 8, 12, 16, 32, and 64-bit architectures, and other less standard word-lengths. The tags may be 2, 4, 8, 12, 16, 24, 32, 48, or 64-bits, for example.

For data words, the tag indicates the data type and allowed access mode. For 32-bit memory words containing instructions, the 8-bit tag indicates how the instruction is to be used and if the instruction has any special significance that was intended by the programmer. The tags are interpreted during execution by tag processing units provided within the instruction decoder and/or processing units. The tag processing units (as well as optional tag storage, transfer, security, etc. hardware) distinguish the SP from the parent processor architecture. Note, however, that is may be possible in some architectures to implement the SP system without hardware modification, though microcode enhancements. However, in order to achieve minimal impact on processor throughput, and freedom from reliance on trusted software, hardware support and acceleration is preferred.

The tags can get updated as the result of executing an instruction. Preferably, programs, i.e., sequences of tagged instructions, have no ability to overwrite the tags directly—tag usage and tag updates are intrinsic to the instruction semantics. Tags on critical data and instructions can also be marked as immutable and unreadable to prevent the misuse of instruction and data. Tags are preferably only manipulable under software control by a single trusted module.

The SP separates instruction and data pages for security and to simplify addressing. Tags are stored in pages separate from the data, and code pages and the tag pages are marked as non-readable, non-writeable and non-executable. Only trusted tag manipulation logic and the SP hardware can access/update these pages. As in any normal processor, page protection bits are associated with each page (and stored within TLB entries) that indicate the permitted access modes (read, write, execute). The SP relies upon a trusted compiler, linker and loader, which take care of tag generation, tag loading and linking modules. An integrity check is performed immediately after booting to ensure that tag pages were not altered during forced disruptions in the booting phase.

Tags in SP are encoded and interpreted in context, depending on whether the page is an instruction page or data page. Tables 1 and 2 describe the possible tag values for data and instruction words. Data tags indicate the type of data in the associated word and/or, in some cases, how the data is to be legally used (e.g., as a return address or as the target of an indirect branch or as a pointer). Instruction tags are used to enforce control flow to legal paths, to enforce legal ways to call and return from functions and protected domains or modules and enforce legal data operations based on the source data type as well as bounded accesses to fenced memory regions. Note that, in effect, the instruction tags extend the ISA by designating specific context-dependent variant of some existing instructions. This, in effect, permits the extensions to be retrofitted into an existing datapath relatively easily. Additional combinations of the word tags shown in Tables 1 and 2 are also possible.

The storage overhead of tags, with 32-bit data words and 32-bit instructions (as in a RISC-V variant) is thus 25%. For the 64-bit RISC-V implementations, the storage overhead for tags is 12.5%.

TABLE 1

Examples of Data Word Tag Values, Their Meaning and Usage.

Data Word

Tag Value
Meaning/Use

[INV]
Invalid, uninitialized

[PW]
Writeable by writer with appropriate privilege

[PRW]
Readable and writeable by writers with the appropriate privilege.

[REA]
Return address, cannot be overwritten. Call instruction sets this tag, cleared

to INV on return

[MCM],
Mapped control register, writeable (MCM) or immutable - this is, not

[MCI]
writeable (MCI)

[JTI]
Jump table entry and immutable (=non-writeable)

[SP0],
Secured pointer types used for accessing a fenced region in permitted modes

[SP1]
with automatic bounds checking (Technique 4). Between two adjacent

memory words tagged as [SP0] and [SP1], specify the base address and size

of a fenced memory region and the permitted access mode. Both types of

pointers are marked as immutable and usable only by specially-tagged

memory instructions.

[DPR],
Protected domain function pointers. These come in two flavors - resolved

[DPU]
(DPR) and unresolved (DPU). These are used to transfer control to protection

domains (Technique 5). Both types of pointers are marked as immutable and

non-copyable at compile time.

Data type
Several types, with other variations (immutable, readable/writeable etc.) -

tags
unsigned, integers, floats, doubles etc. Used for type enforcements based on

permitted language semantics.

[TAI]
Potentially tainted data. Data coming in from external sources (such as via

the network) or DMA are tagged like this unless certified by a trusted

program to be of specific type.

[TBS]
Words in potentially tainted byte string passed as argument, for example, as

network packet payload, Technique 7.

Reserved
Reserved for use by system

TABLE 2

Examples of Instruction Word Tag Values, Their Meaning and Usage.

Instruction

Word Tag

Value
Meaning/Use

[INV]
Invalid, uninitialized

[IMI]
Immutable instruction (not modifiable). For safety, unless intended

otherwise by the system, all generated instructions are immutable and data

cannot be executed as instruction.

[TRT],
Target of a return from a function call, immutable (TRT) and target of a

[TCA]
function call (TCA) - Technique 4.

[TIN]
Target of an indirect branch

[RFN]
Instruction implementing a return from a function call (which could be an

ordinary JUMP instruction instead of a return instruction).

[EPD],
Instruction at legal entry point of a module/protection domain (EPD) and

[EXD]
exit point (EXD). Modules or domains can have multiple entry and exit

points.

[DIN]
Instruction within a protection domain, immutable by default

[LBR]
LOAD instruction capable of loading a bounds register with pointers tagged

as [SP0], [SP1], Technique 4

[FMA]
Memory instructions (LOADs or STOREs) capable of accessing a fenced

memory region with bounds register and automatic bounds checking,

Technique 4.

[ENC]
Used for STOREs - result has to be encrypted before the memory update. A

series of these stores deposit data into an internal encryption buffer before

encryption and writing to memory by the memory encryption/decryption

logic.

[CDT]
Cross-domain JUMP (unconditional) or system call (using unresolved

pointer, Technique 5)

[EMD]
In-lined metadata embedded within code containing information for access

checking at entry point to a protected domain, enabling local exception

handler of specific type, labeling source of indirect jump at target. These are

immutable by default. Note that words tagged as [EMD] are not

instructions, but they appear within code, so their tag is interpreted in the

context of a code page.

Reserved
Reserved for use by system

Metadata Tags

Metadata tags (MDTs) in SP are in line with the code as a 32-bit tagged entity, and such tags carry information used for access control, control flow integrity markers for indirect branches, information about local validated exception handlers that can be quickly invoked within a function. When a single MDT is not enough to convey the information needed, a sequence of metadata tags with appropriate indicators for the contents and flags to indicate the start and end of the sequence can be used. MDTs are generated by the compiler and are marked as immutable by all software, excepting the trusted software module that updates tags. MDTs can be implemented as 32-bit words tagged [EMD] that are embedded within the code. The 32-bit metadata word contains other indicators that specify its remaining contents. Embedding metadata within code makes it possible to exploit the temporal and spatial locality in accessing instructions.

The MDT containing access information within a code segment can include the security or privilege level of the code segment and can be compared against the caller's privilege level to implement class-based access control (e.g., MLS). Alternatively, or in addition, MDTs used for access control can include pointers to access control lists (whitelist and/or blacklist), permitted access mode to data private to the called segment. MDT s are also used for specifying local exception handlers, invoked essentially as a function call. Note that from the standpoint of the baseline processor, the MDTs are effectively NOPs (No-operation instructions) and are interpreted only by the tag processing logic.

Fenced Protected Regions with Automatic Bounds Checking

The SP permits memory regions to be fenced with automatic bounds checking. Virtual pages containing these regions are marked as not-readable, not-writeable, so that normal memory instructions are incapable of accessing such protected regions. Only memory instructions (such as LOADs and STOREs in a RISC ISA), specifically tagged by the compiler can access these fenced regions using a specified bounds register which demarcates the memory region. Memory accesses using such tagged instructions automatically force a SP hardware check of the effective memory address to ensure that the memory accessed falls within the region specified in the bounds register. Each bounds register has the following fields:

- (a) a start address S indicating the starting address of the fenced region in virtual memory;
- (b) an offset limit L that indicates the size of the data structure. The highest accessible address in this region is S+L−1; and
- (c) the access mode in which this data structure can be accessed—one of: read-only, write-only, read and write.

Four such bounds registers are provided in SP, BRO through BR3.

The information to be loaded into each bounds register is stored in two adjacent memory words tagged as “Secure Pointer 0” and “Secure Pointer 1”. The first of these two words contains the starting address of a secured data region containing sensitive data while the second word contains the segment register id of the segment containing the data, the offset limit and the access mode. The tags and contents of these words are generated at compile time and both words are immutable and unreadable by normal software. The compiler uses bounded pointers and specifically-tagged instructions, tagged [FMA] to perform secure accesses in the least privileged mode to a fenced contiguous memory region, going through an automatic bounds checking in hardware. Another special instruction tag ([LBR]) is used with a LOAD to permit secure pointers to be loaded into the specified bounds register.

Specifically, [LBR] LOAD <BRid><reg><offset>, tagged to indicate that this is a LOAD capable of loading a bounds register with secure pointers (tagged as [SP0] and [SP1]) is used to load the bounds register specified in <Brid> with the bounds of a fenced memory region. The effective memory address targeted by this LOAD is computed by adding the contents of an existing architected register specified in <reg> to the literal value specified in offset. The address so computed should point to a memory word tagged as “SP0”. The contents of this memory location, if the tag check passes, are loaded into the appropriate field of the specified bounds register. Next, the effective word address is incremented and should point to a memory word tagged as “SP1”. If the tag check passes, the contents are loaded into the respective fields within the specified bounds register. If either or both tag checks fail, an exception is generated. An alternative mechanism for loading, respectively, the two secure pointers (“Secure Pointer 0” and “Secure Pointer 1”) into a bounds register can use two separate LOAD instructions to load these pointers into a bounds register as follows:

- [LBR0] LOAD <BRid><reg><offset1>
- [LBR1] LOAD <BRid><reg><offset2>

Where the value of <offset2> is obtained by adding the value specified in <offset1> with the size of “Secure Pointer 1”. Note also that two separate tags are used for the two LOAD instructions, LBR0 and LBR1. The hardware implementing the LOAD tagged with LBR0 checks, in addition to all other checks as described above, if the pointer type being loaded matches the tag associated with Secure Pointer 0. A similar tag check is done for the LOAD tagged with LBR1 to check compatibility with “Secure pointer 1”. The two secure pointers can have distinct associated tag values to enable this check.

To access a fenced memory region, LOAD and STORE instructions, tagged as [FMA] can access a fenced memory region. Specifically, [FMA] LOAD <reg>, <Brid><offset> performs a load into the architectural register specified in <reg> by adding the contents of the “base” field of the bounds register specified in <BRid> and the offset. Note that in a normal LOAD instruction, the field used by <BRid> specifies an architectural register, whereas for a [FMA] LOAD, the same field specifies a bounds register. Before the memory access is actually performed, the following three checks are performed to ensure that:

- (a) the resulting word address is confined within the memory region specified in the bounds register;
- (b) if a read access is permitted as specified in the bounds register; and
- (c) the targeted memory word is tagged as readable.

An exception is generated if any of these conditions are not valid. The instruction [FMA] STORE <reg>, <BRid><offset> is the variant of a normal STORE and is used to write to a fenced memory region after checks similar to that of a [FMA] LOAD.

Protected Domains for Isolating Sensitive Data or Resources

Protected domains in SP encapsulate functions and sensitive data, including private data, and safeguard against unintended information leakage. Some of these functions within a protected domain are callable from external entities, including other protected domains, provided they have the appropriate privileges. These calls are cross-domain and take place through secure entry points, passing parameters through special registers. Cross-domain calls in SP use accesses to parameters passed to the called function and data inside the domain accessed by the function called in the least necessary access mode, as determined by the SP compiler or by using default policies. To complete the controlled, validated cross-domain call mechanisms, a separate call stack is used inside the protected domain as the called function executes. When the cross-domain call returns, this stack is cleared automatically to prevent any information leakage to the subsequent cross-domain calls.

The implementation of protected domains in SP relies on the tagging mechanism. A single segment encapsulates the code for a protected domain. Domain-local data and the local stack can also be implemented within this segment. Alternatively, these structures can be implemented as fenced regions with bounded pointers, with the secure pointers stored inside the domain's code segment. The cross domain call transfers control to the callee using a protected, unresolved pointer. Data private or exclusive to the called domain are protected using fenced, bounds checking. Input parameters may be similarly protected. Legal entry points are tagged as such and all other instructions in the domain are marked as non-enterable to prevent illicit calls. In-line metadata tags are used to verify the caller's privileges on entry through these legal entry points as described below. FIG. 1 depicts the essential ingredients of a protected domain.

Fully Isolated Protected Domains

The broad mechanism described above implements a fully-isolated domain. A fully-isolated domain provides full-fledged isolation guarantees and protection, and is implemented as a segment not known and not directly accessible to the caller. Cross-domain calls use a modified system call (or a new instruction, depending on the ISA targeted), specifying an appropriately tagged domain ID and a function offset in a sealed cross-domain pointer that essentially behaves as a capability, both specified in a single word tagged as “unresolved” domain function pointer. The domain ID is translated to a segment address by an underlying trusted system call handler.

Control transfer to an isolated domain, after appropriate tag validation of the tagged and modified system calls and unresolved pointer takes place as follows.

First, the call parameters are saved in special registers and the trusted system call handler translates the domain ID to an internal address.

Next, control is transferred to the specified entry point, where access checks are performed. Subsequently, a new context (that is, call stack) is allocated to serve the call. Such context stacks can be statically or dynamically allocated [20,46] and on exit, the context pages are cleared by marking the associated tags as invalid. This clearing is necessary to prevent information in the call stack from leaking to the next caller indirectly.

To complete the protected call, after validating the legitimacy of the caller from the access control information, the input parameters are copied from the parameter register into the newly-allocated context stack and the incoming parameter registers are cleared.

The above steps indicate that the overhead of a call to a fully-isolated protection domain is relatively expensive compared to a normal function call, as domain ID translation, context allocation are needed on an entry and context clearing is needed on an exit. Parameters in a cross-domain call to a fully isolated domain are passed through special registers as scalars or as pointers to pointer secured bounded segments, whose pointers are kept in the special parameter register set. The qualifier “fully-isolated” alludes to the higher level of isolation achieved between the caller and the callee using unresolved domain pointers, separate call stacks and automatic stack clearing on exits.

From an implementation perspective, cross-domain calls to fully-isolated domains can benefit from a number of optimizations that will be explored in this effort. Examples of these optimizations include the in-lining of domain IDs of frequent callers or storing them in a local hashed data structure, use of the encryption engine within the memory controller to keep private data encrypted in memory, and decrypt them when they are fetched into the registers, or encrypt register data when they are stored into memory. Finally, the access control functions using the information in metadata can be implemented in microcode or in software, that can use an approach similar to the one for fast local exception handling described later.

Lightweight Protected Domains

Somewhat moderate isolation can be implemented as a lightweight cross domain call where the protected domain is a segment co-mapped to the address space of the application that uses functions within the domain. A call to a function in a co-mapped domain is implemented by a JUMP instruction tagged by the compiler as a cross-domain transfer primitive. These JUMP instructions are immutable. The offset used in the JUMP is set by the compiler to the offset of a legal entry point. The address to be used is also tagged as a “resolved” domain pointer which can be only used by JUMPs tagged as a cross domain transfer instruction. The resolved domain pointers cannot be overwritten or copied, like words tagged as return addresses. They are only usable without restriction by trusted code within the system. An exception is generated if the target of the JUMP used for cross-domain call does not target a legal entry point, which has to have an instruction tagged as an entry point. Instructions within a protection domain that are not at legal entry points are tagged as “domain-sealed”. With co-mapped domains, a traditional activation stack (that is, call stack) can be used, making calls to functions within a co-mapped domain have an overhead identical to a normal function call.

Protected Domains

Critical systems functions and critical databases are examples of entities that demand the use of a fully-isolated domain for protection. FIG. 2 depicts a setup where multiple domains exist within the user and system space.

Protection domains represent a way of implementing security compartments that contain executable code. Access to the code within a compartment is enabled through predefined entry points and only if the caller has the right access privileges. From the usage perspective, the choice between a lightweight domain and a fully-isolated domain is determined largely by the level of isolation needed.

The SP permits one or more protection domains to be set up within the user space or within the systems space as shown in FIG. 2. Domains in SP are functionally identical whether they are in the user space or system space. A single application may be written to incorporate multiple protection domains in the user space. Similarly, the OS itself can be decomposed into multiple domains.

A simple decomposition breaks down the system into domains corresponding to core kernel functions, other kernel function, trusted tag manipulation module, system calls, Virtual Machine Monitor (VMM), individual libraries, individual utilities such as trusted linkers, trusted loaders, trusted compilers, etc. The hardware support is required to implement and enforce the address limits of the domain, confining address calculations performed with a segment base register in the virtual address to addresses within the domain.

Fast Local Exception Handling

In some cases, security checks can be quite elaborate and need to be performed in software. Such checks can be done using a function local to a protection domain that can be invoked with low overhead on a tag-generated exception. The existence of a local trap is indicated by inserting a metadata tag, preceding the code that uses the data, to indicate that a local handler exists for specific exception types. The in-lined metadata words at the beginning of this function where the exception is generated, passes on the address of the handling function and the type of exception it handles, to the underlying SP control logic. When the function generating the exception returns, the local exception function is disabled by another metadata tag (tagged [EMD]) inserted by the compiler to precede the return instruction, reverting exception handling responsibilities to the system-provided handler.

RAKSHA [13] also provides local handlers, but in the SP according to the present technology, their scope is additionally limited only to the function where they are specified for added security. Local exception handling for security checks can be used for dealing with SQL injection.

Keeping Track of Lowest Privileges in a Protected Call Chain

A call to a protected domain performs the necessary access checks, but it may be useful in some situations to keep track of the lowest privileged domain in the call chain. This information is passed on to the callee through an extension of the cross-domain parameter transfer register and saved in the context stack allocated for the call. With a dynamic, privilege-based security policy, where policies need to be changed on-the-fly, the privilege level of the protected domain with the lowest privilege in the call chain can be used in software to identify and deal with any unintended violation.

More generally, the tag in each case may be arbitrarily extensible through reference to an optional additional tag, register, stack entry, or memory location. Thus, the tag may be limited to 8 bits, but include “extensions” as required.

Crypto Engine and Per-Thread Key Registers

To permit fast encryption and decryption in the memory access path for data going out to memory or fetched from encrypted memory regions, the SP may incorporate a memory encryption and decryption engine within the memory controller. Memory access instructions (such as LOADs and STOREs) tagged as [ENC] may invoke memory encryption or decryption when a line is fetched from memory or written to memory.

This cryptographic processing capability may be used for other features, and thus need not be dedicated to the SP functionality only, though preferably the cryptographic key(s) used for SP is distinct from key(s) used for other purposes. Likewise, key management for the SP functionality key(s) is restricted to hardware and/or specially privileged software.

For example, memory writes to cache lines that need to be encrypted before being written to memory are marked within the cache using a bit flag and encryption takes place when such lines are evicted from the cache. This flag accompanies the line to the memory write buffer and is examined by the memory controller to decide if the line needs to be encrypted prior to the write.

The SP also incorporates a per-thread key register that is used to hold the key for the encryption. The key registers are loaded by a trusted kernel module when the thread is scheduled.

The present approach provides cryptographic protection in two areas: software requested cryptographic operations and cryptography embedded in the hardware to support the SP architecture tag and data security. A cryptographic block is provided for software use. The software cryptographic engine block enforces protocol compliance to eliminate common misuse of cryptographic operations. Cryptographic keys are isolated from software access and provide the capability to generate unique power-on keys to protect data at rest.

The embedded cryptographic processing utilizes high speed encryption/decryption engines and hash capabilities for protecting the various tags and vulnerable memory areas defined in the SP architecture from modification and inadvertent data exposure. In addition, the solution provides flexibility for future enhancements by enabling integration of commercial Physically Unclonable Functions (PUFs) to provide unique per part protection, verification and authentication of data. This combination of enhancements is utilized to eliminate attacks on the cryptographic operations.

Memory Mapped IO Devices and Taint Tagging

The SP maps all IO device registers to the memory space and protects accesses to them using special tags [MCM, MCI]. For added protection, these can be private to drivers that are implemented as a protected domain.

The SP also implements taint propagation. Any IO device that can import potentially suspect data performs the DMAs into area word-tagged as [INV], or invalid. Any use of such data triggers exceptions that validates the data type in software, and once validated, copies it into the appropriate memory locations with proper tags. Byte sequences coming in from potentially compromised sources, such as a network interface, will be stored as a sequence of words tagged with [TBS] or, as a potentially tainted byte string components, with null byte pads to round up to a word size. Any operation using an input tagged as [INV] or [TBS] propagates the same tag to the result (both value and flags such as carry, zero, etc.). Overflows, underflows and results produced using inappropriate types of input operands will also taint the result produced by tagging it as [INV].

Specific SP Example

FIG. 3 shows an embodiment of a simple pipelined processor (the RISC-V Rocket implementation) with hardware extensions for realizing the SP pipeline design, including the branch, call, return and jump target validation, instruction tags, data tags, tag processing log (TPL), context control, key registers and optional encryption/decryption, as well as the latches associated with them (unlabeled boxes) in between adjacent pipeline stages Extended registers may also include bounds registers, parameter registers for cross-domain calls and the local handler address register. TPL is the tag processing logic for operations. The cryptographic engine can encrypt/decrypt data or pass data through without encryption/decryption. The tag storage and the tag processing components and latches can be implemented in a separate parallel pipeline.

Tags and data or code are all stored in their respective pages. Accesses to a data or instruction word requires the corresponding tag to be fetched, thus doubling the number of memory accesses needed. The performance penalty that results is mitigated by using extensions (Itag$ and Dtag$) to the instruction (I$) and data cache (D$) to hold the tags corresponding to a cache line, noting that accesses to tags exhibit the same localities seen in the course of accessing instructions and data. The impact of using tag caching was simulated on the Simplescalar simulator for an Alphas ISA (which is representative) with 32 Kbyte instruction and data caches, extended to hold tags and with a 256K unified L2 cache holding data, instruction and tag lines. Across the benchmarks in the SPEC benchmark suite, the extra memory accesses needed for word tags impose a performance penalty of less than 2% to a maximum of 19%, with an average penalty of about 10.5%. This can be reduced with other optimizations such as word tag prefetching and page-level tag consolidation into the TLB entries of pages with immutable and homogeneous contents. The additional energy overhead of word tag accesses can be reduced by using line buffering [21], which keeps recently-accessed cache rows in a few buffers external to the cache tag and data arrays, preventing unnecessary discharges of the pre-charged bit lines in the cache tag and data arrays on a hit in the line buffers in a direct silicon implementation or avoiding a read of the RAM-implemented data ways in a FPGA implementation, saving energy. This technique imposes no penalty on the cache access time and can also be used on the normal caches to stay within a reasonable power budget.

FIG. 4 shows a flowchart of a method of operating the secure processor in accordance with an embodiment of the invention.

Instructions and data are transferred, in conjunction with tags accompanying respective instructions and data 101. Tag may optionally comprise a privilege level which restricts access by the logic execution unit under control of instructions having the privilege level to the tags, and/or a second privilege level which permits access by the logic execution unit under control of instructions having the second privilege level to the tags 101A.

A tag processing unit enforces specific restrictions with respect to at least execution of instructions, access to resources, and manipulation of data by an instruction execution unit, selectively dependent on the received tags 102. The tag processing unit may ensure compliance with data type rules; memory access rules; context-specific data usage rules; source-dependent data usage rules; data modification rules; source-dependent instruction execution rules; context-dependent instruction execution rules; instruction sequence modification rules; control transfer instruction rules; and/or metadata tag modification rules. The tag processing unit may enforce a restriction on use of data as an address within a memory space; data as a return address for a subroutine call; data as a target address of an indirect branch; data as a pointer; an instruction to control flow to a legal path; an instruction to call a function; an instruction to return from a function call; an instruction to access a protected domain or module; an instruction to perform a legal operation based on the source data type; and/or an instruction to bound access to a fenced memory region 102A.

A branch instruction execution and an entry point instruction of each control transfer are validated, selectively dependent on the respective tags, with a control transfer processing unit 103.

Security Provided by SP

The SP relies fundamentally on the integrity of the word-tagging mechanism and in-line metatags (which are also word-tagged). This is realized by making tags inaccessible to software. The only exception to this is a high-privilege trusted software module that can manipulate the tags. SP also assumes that the compiler, linker and loader are trusted, as the compiler is responsible for the tag generation and the linker and loader are responsible for loading the word tags in a secure memory area inaccessible to all but the trusted software module that can manipulate tags. The hardware, of course, is also assumed to be secure as it interprets the tags. Attacks during booting or tag loading by induced interrupts that can potentially corrupt the tags are addressed by validating the hash signature of the tag pages prior to execution.

Instruction tagging in the SP, to enforce their context-dependent legal use, a distinctive feature of the SP, provides the basis for enforcing control flow for functions calls and returns and for directing indirect jumps to legal targets. The SP also disallows data to be interpreted as instruction—this is the basis for preventing several attacks. At the same time, to permit legal code modifications in interpreters and during the boot loading of some OSs, the functions performing such modifications are vetted out and validated at run-time using tags.

Data areas secured with bounds checking and accessed in the least-necessary access modes use secure pointers and specially-tagged memory instructions, making it impossible for normal memory instructions to access such fenced areas, which are implemented in pages marked as non-readable and non-writeable (and non-executable).

Protection Domains (PDs) in the SP for encapsulating data, associated private and public functions, are invoked only through compiler-directed control instructions (tagged as such) and invoke domain functions through legal entry points by ensuring that the control transfer to such domains from the caller take place at instructions tagged as entry points. PDs are entered only after validating the eligibility of the caller at the entry point using in-line metadata tags that point to access control information or has embedded access control information. This guarantees that only legitimate callers can invoke the PD's public functions. PDs allocate a call-specific context (call stack) on each call and can also use optional encryption for any private data in the RAM, facilitated by a master key maintained in the per-thread key register and memory encryption/de-encryption engine. All of these features permit PDs to implement security compartments and guard against unintended data leakage.

Examples of Security Provided by SP Against Software Vulnerabilities

The protection provided by the SP may be provided against instances of weaknesses from various CWE (Common Weakness Enumeration) classes as listed by Mitre Corporation.

The following table lists how exemplary instances of the seven classes of CWEs are handled in SP. Tags are shown, where used in square brackets. Additionally, the SP compiler avoids vulnerabilities by using proper libraries, vetted functions and trusted system functions.

TABLE 3

Common Weakness Evaluation

CWE Class
Examples
SP Mechanism Addressing CWE

Buffer errors
Stack attacks including ROP
Instruction and return address tagging

CWE119: improper restriction of
Bounds registers implementing fenced

operation within memory area
memory area

CWE120: buffer copying without

checking buffer size

Permissions,
CWE-250: execution with
Access-controlled protection domains,

privileges, access
unnecessary privilege
access to data in least-necessary mode

control
CWE-306: missing authentication

of critical functions

Resource
CWE-732: incorrect permission
PD encapsulating resource + memory

management
for critical resources
encryption, memory-mapped, tagged

device control registers in fenced area +

BR

CWE-22: Improper Limitation of
Word tagging to taint input arguments and

a Pathname to a Restricted
software handlers on using tainted

Directory,
arguments

CWE-494: Download of Code

Without Integrity Check

Code injection
JOP
Tagging of jumps, jump table entries,

targets + CFI markers in in-lined MD

Executing data as instructions
Data word tags disabling execution +

separate data and instruction pages

CWE-89: SQL injection, CWE-
Word tagging to taint input arguments

79: cross-domain scripting
[TBS] and software handlers on using

tainted argument words of byte sequence

Information
Information exposure through
Access controlled PDs, tag marking data

leakage
error message (CWE-209), debug
as sensitive, memory encryption

(CWE-215), caching (CWE-524),

log files (CWE-532)

Crypto error
CWE-306: missing authentication
Access controlled PDs, encryption-needed

of critical functions
tag [ENC]

CWE-327: use of broken crypto
Force use of hardware crypto engine,

master key in per-tread key register

Numeric errors
Operations on incompatible
Data type enforcement through tagging,

operands
tagging result produced as [TAI]

CWE-682: Incorrect Calculation
Tagging result produced with

overflow/underflow as tainted [TAI]

CWE-198: Use of Incorrect Byte
Words in byte sequence from external

Ordering
sources marked as tainted [TBS], invokes

handlers on use. Other situations handled

by compiler.

Example details on how SP handles some vulnerability classes is discussed below.

Buffer Errors

In SP, buffer errors are avoided by using protected fenced memory regions in general. In buffer overflow attacks that center on a stack and compromise function call and return control flow, word and instruction tags detect control flow compromises as follows. The key idea here is to enforce that the return from a function uses a legitimate return address from the call stack and that control returns to the instruction immediately following the call instruction (implemented using a JALR or JAL on the RISC-V). The SP accomplishes this as follows:

- 1. The control logic implementing a Call instruction is augmented to tag the return address pushed onto the call stack as a “return” address. The return address tag is generated only by the Call instruction. The return address tag also marks the word as immutable (that is not overwriteable) and permits only a return instruction (tagged appropriately) to use this return address. Word tagged as a return address cannot also be copied (for instance by using a LOAD).
- 2. The instruction following a call, which is the point of return, is tagged by the compiler as the target of a return.
- 3. The Return instruction or the JUMP instruction implementing a function call return is tagged as a “return” instruction by the compiler.

Control flow returns only when the target address on the call stack is marked as a return address and the next instruction executed is marked as the target of a return. A successfully executed return also resets the stack location associated with the return address used to permit overwrites during subsequent usage.

For relocation of stacks and context switches, tag checking is turned off momentarily by a trusted code and stack words, including words tagged as a return address can be copied and written elsewhere.

This simple data word-tagging and instruction-tagging mechanism prevents the simple “stack smashing” attacks as well as libc attacks [40], and more sophisticated return-oriented programming attacks [27] that all use buffer overruns to overwrite return addresses on the attack. Overwrites to stack locations that hold the return address are prevented, and raise an exception because of the “return” address tag, which prevents overwrites and copying. Further, for libc and ROP attacks, arbitrary gadgets cannot be constructed, as the instruction at the point of the misdirected return is not tagged as a legitimate instruction following a call by the compiler in general.

The tag-based implementation of proper function call and return control flow has significant advantages compared to shadow stacks that provide similar functionality (for example, as recently introduced by Intel [29]). The shadow stack mechanism essentially saves the return address at the time of a call on a separate shadow stack. At the time of a return, the return address used for the normal call stack is compared against the return address saved on the shadow stack and an exception is triggered on a mismatch. The shadow stack needs to be implemented in a protected area and also needs to be saved and restored on context switches. SP eliminates the need to implement and manage a shadow stack across context switches. The mechanism also imposes zero performance overhead (i.e., the protection mechanism does not add any execution overhead when the security checks pass, other than the performance degradation caused by additional accesses to tags, which are mitigated using the encoded tag cache hierarchy and tag perfecting), and is far less complicated than exotic architectural support that has been proposed for detecting ROP attacks [4, 5, 31].

Enforcing Control Flow for Indirect/Computed Branches

The legal targets of an indirect jump are all tagged as such at compile time. When an indirect jump executes, the tag of the target is verified to be marked as a target for the indirect branch; an exception is generated if the indirect branch attempts to transfer control to any instruction that is not marked as a target. Jump-oriented programming attacks that construct attack gadgets by stringing together existing instruction chunks through the modification of targets of indirect jumps [6] are thus not possible. Again, the SP is far simpler compared to proposed solutions like [4, 5], or the use of special instructions at the target of indirect branches, as in a recent Intel solution [29], and has a zero performance overhead.

Note that with the SP tagging scheme, it is still possible for an indirect jump to legally transfer control to the marked target of another indirect jump. Although this would be a relatively difficult exploit, the SP can protect against this by storing an in-line metadata tag at the target that holds a unique-compiler-generated label derived from the indirect branch's virtual address. This metadata-bearing word is followed by the original instruction at the target. Control transfer is allowed only after validating this label and ensuring that the jump target is labeled as a legitimate target. This approach is similar to what has been used for enforcing control flow integrity in software [1].

Protecting Transfer Vectors and Function Pointer Tables

A class of attacks redirect control flow from the intended path by altering the address of virtual functions used by many programming languages (for example, Vtable attacks for C++ programs) or jump vectors stored in jump tables by the linker for dynamically linked code modules. Tagging these table entries as immutable jump table entry prevents them from being overwritten by malicious code and also ensures their proper use by jump instructions.

Preserving Code Integrity

At the page level, data segments have an associated NX (no-execute flag) for each page within the segment. In addition, instructions are tagged as immutable by the compiler, so they cannot be altered. Together, these mechanisms ensure code integrity is preserved. However, there are legitimate reasons for using run-time code modification in current systems. Many OSs use self-modifying code at boot time for booting off a small image. Similarly, bytecode interpreters in languages such as Java rely on code modification for performance optimization. A solution to permitting these undesirable legacy practices is to validate the code that performs this on-the-fly modification, and rely on the trusted software module that can directly access and update the tags before and after modification. To do this, the permitted functions that modify the binaries at run-time are implemented within their own protection domain and they are permitted to call functions within the domain runs the functions that perform the code modifications. This permission is granted through explicit entries in an access control list for the protection domain that implements the tag updates.

SQL Injection and Cross-Domain Scripting

Both SQL injection and cross-domain scripting vulnerabilities stem from the use of potentially tainted inputs. The SP marks such inputs as tainted with the word tag [TAI]. Byte sequences are put into words, and the constituent words bear this tag. The SP does not rely on hardware to perform the validation of arguments, as the process is very complex. Instead, any attempt to use such tainted arguments trigger a context-specific check by a handler. In some cases, the handler may be encapsulated in the domain where the argument is processed or used, and is invoked through a locally-handled trap as a function call with low overhead. As an example in the case of SQL injection, the SQL database and its associated functions can be encapsulated in a protection domain with a handler to check the byte string passed on as argument. On exit from the validation function (which will typically call trusted functions for validating the argument as legal, for example using SQL whitelists and/or blacklists and other mechanisms), normal exception handling is automatically restored.

General Implementation of the Security Extensions

The SP technologies are implementation-agnostic across many RISC ISAs. The narrow tags and in-line metadata tags facilitate this. Extending tag storage to instruction and data caches facilitate the performance scaling, along with use of known techniques for mitigating the overhead of tag accesses. It is worth noting that the SP system, as described herein, does not use all of the 256 tag values that are possible with 8-bit word tags. This permits other tag values to be used in ways that can evolve as the SP design matures during or beyond the project, and other extensions consistent with the SP architecture or independent of it.

The access control policies used for protection domains in SP are also very flexible, as the access control code can be implemented in software within trusted handlers that can be invoked quickly as a local handler. Thus, SP's security architecture provides flexibility in the design and use of tags, as well as in crafting a variety of security policies.

In the SP, the code associated with protection domains is designed to support multithreading and SMP (multicore) implementations. Utilities for SP are also designed to be thread-safe. Cross-domain parameter passing registers, bounds, special registers containing a local handler address(es), and tags associated with general-purpose registers in the ISA, have to be all part of the context of a process/thread and need to be saved on context switches. Extending the tags to the instruction and data caches permit exiting cache coherence mechanisms to be easily used for SP for multicore implementations with cache coherence logic.

For CISC ISAs like the x86, variable-length instructions do impose an addressing challenge for the instruction tags in separate pages from the code. The solution to be used for incorporating the SP security mechanism for detecting software vulnerability exploits relies on instructions being non-writable, and stores instructions adjacent to their tags, and the instruction decoder is modified to take the (uniform-sized) instruction tags into account. The compiler also takes into account the tag size for generating the offsets used in PC-relative addressing.

It is also possible to use 4-bit encoded tags for SP, which makes it easy to pad memory lines containing instruction tags and simplify instruction tag addressing. There are many specific optimizations that can reduce the performance overhead of a x86 CPU including the SP security mechanisms, compared to the baseline traditional implementation.

For example, micro-op (uop) trace caches used in many x86 implementations, which contain validated traces and security checks (and associated performance delays and power dissipations), can be avoided when the trace is re-executed and other performance boosting artifacts built around trace caches (such as group commitment) can be used.

REFERENCES

Each of the following is expressly incorporated herein by reference in its entirety.

1. Abadi, M., M. Budiu, Ú. Erlingsson, and J. Ligatti, “Control-flow Integrity”, in Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340-353. ACM, 2005.
2. Air Force Research Laboratory Report No. AFRL-RI-RS-TR-2015-210, Security-Tagged Architecture Co-Design (STACD), September 2015.
3. Air Force Research Laboratory, Publicly-released information on the T-Core project, provided by J. Rooks, in email to J. Kiernan at Lockheed-Martin, May 19, 2017.
4. Aktas, E., F. Afram, K. Ghose, “Continuous, Low Overhead, Run-Time Validation of Program Executions”, in IEEE Proceedings of the 47th Annual Symposium on Microarchitecture (MICRO), (2014), pp. 229-241.
5. Arora, D., Ravi, S., Raghunathan, A., and Jha, N. K. “Hardware-assisted run-time monitoring for secure program execution on embedded processors.” IEEE Transactions on Very Large Scale Integration (VLSI) Systems 14, no. 12 (2006): 1295-1308.
6. Bletsch T., X. Jiang, V. W. Freeh, Z. Liang, “Jump oriented programming: a new class of code-reuse attack”, In Proc. of the 6th ACM Symposium on Information, Computer and Communications Security. ASIACCS, pp. 30-40, 2011.
7. Chen, Y.-Y., P. A. Jamkhedkar, and R. B. Lee, “A Software Hardware Architecture for Self-Protecting Data”, in Proceedings of the ACM Conference on Computer and Communications Security, pp. 14-27. ACM, 2012.
8. Cheng, B.-C., and W.-M. Hwu, “Modular Interprocedural Pointer Analysis using Access Paths: Design, Implementation, and Evaluation”, in ACM SIGPLAN Notices 35, no. 5 (2000), pp. 57-69.
9. Choi, J.-D., M. Burke, and P. Carini. “Efficient Flow-sensitive Interprocedural Computation of Pointer-induced Aliases and Side effects”, in Proceedings of the 20th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 232-245, 1993.
10. Costan, V, Ilia Lebedev, and Srinivas Devadas, “Sanctum: Minimal Hardware Extensions for Strong Software Isolation”, in Proceedings of the 25th Usenix Security Symposium, 2016, pp. 857-874.
11. Costan, V. and Srinivas Devadas, “Intel SGX Explained”, Cryptology ePrint Archive, Report 2016/086, February 2016.
12. Crandall, J. R. and F. T. Chong, “MINOS: Control Data Attack Prevention Orthogonal to Memory Model”, in Proceedings of the 37th Intl. Symposium on Microarchitecture, Portland, OR, December 2004.
13. Dalton, M., H. Kannan, and C. Kozyrakis, “Raksha: A Flexible Information Flow Architecture for Software Security”, in Proceedings of the International Symposium on Computer Architecture (ISCA), pp. 482-493, 2007.
14. De Moura, L., and N. Bjørner, “Z3: An efficient SMT solver”, in Proceedings of International conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 337-340, 2008.
15. Dhawan, U., C. Hritcu, R. Rubin, N. Vasilakis, S. Chiricescu, J. M. Smith, T. F. Knight, Jr., B. C. Pierce and A. DeHon, “Architectural Support for Software-Defined Metadata Processing”, in Proceedings of the 20-th International Conference on Architectural Support for Programmin Languages and Operating Systems, pp. 487-502, 2015.
16. Emami, M., R. Ghiya, and L. J. Hendren. “Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers, in ACM SIGPLAN Notices, vol. 29, no. 6, pp. 242-256, 1994.
17. Evtyushkin, D. E., J. Elwell, M. Ozsoy, D. Ponomarev, N. Abu-Ghazaleh and R. Riley, “Iso-X: A Flexible Architecture for Hardware-Managed Isolated Execution”, in Proceedings of the 47-th Annual Symposium on Microarchitecture (MICRO), (2014), pp. 190-202. IEEE.
18. Fahndrich, M., J. S. Foster, Z. Su, and A. Aiken, “Partial Online Cycle Elimination in Inclusion Constraint Graphs”, in Proceedings Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '98), pp. 85-96, 1998.
19. Feustel, Edward A, “On the Advantages of Tagged Architectures”, in IEEE Transactions on Computers, Vol. 22 (7), pp. 644-652, July 1973.
20. Ghose K. and P. Vasek, “A Fast Capability Extension to a RISC Architecture”, in Proceedings of the EUROMICRO Conference, September 1996, pp. 606-614.
21. Ghose, K. and M. B. Kamble, “Reducing Power in Superscalar Processor Caches using Subbanking, Multiple Line Buffers and Bit-line segmentation”, in Proceedings of the 1999 international symposium on Low Power Electronics and Design (ISLPED '99), pp. 70-75, 1999.
22. Graham, B, Protection in an Information Processing Utility, in Communications of the ACM, Volume 11, pp. 306-312, May 1968.
23. Halfond, W. G. J., and A. Orso, “AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks”, in Proceedings of the 20th IEEE/ACM international Conference on Automated Software Engineering (ASE '05), pp. 174-183, 2005.
24. Hardekopf, B., and C. Lin, “The Ant and the Grasshopper: Fast and Accurate Pointer Analysis for Millions of Lines of Code”, in ACM SIGPLAN Notices, vol. 42, no. 6, pp. 290-299, 2007.
25. Heintze, N., and O. Tardieu, “Ultra-fast Aliasing Analysis using CLA: A Million Lines of C Code in a Second”, in ACM SIGPLAN Notices, vol. 36, no. 5, pp. 254-263, 2001.
26. Houdek, M. E., F. G. Soltis, and R. L. Hoffman, “IBM System/38 Support for Capability-based Addressing”, in Proceedings of the Eighth Annual Symposium on Computer Architecture, pp. 341-348, 1981.
27. Hund R., T. Holz and F. Freiling, “Return oriented rootkits: Bypassing kernel code integrity protection mechanisms”, in Proc. of Usenix Security Symposium, pp. 383-398, 2009.
28. Intel Corporation, Intel Memory Protection Extensions Enabling Guide, software.intel.com/sites/default/files/managed/9d/f6/Intel_MPX_EnablingGuide.pdf Accessed: 2017-05-30.
29. Intel Corporation, Control-flow Enforcement Technology Preview, Document Number: 334525-001, June 2016.
30. Intel Corporation, Introduction to the iAPX 432 Architecture, Manual No. 171821-001, 1981.
31. Kayaalp M., Ozsoy M., Abu-Ghazaleh N., Ponomarev D., “Branch Regulation: Low Overhead Protection Fron Code Reuse Attacks”, 39th Int'l. Symp. on Computer Architecture (ISCA), pp. 94-105, 2012.
32. Landi, W., and B. G. Ryder. “A Safe Approximate Algorithm for Interprocedural Pointer Aliasing”, ACM SIGPLAN Notices 39, no. 4 (2004), pp. 473-489.
33. Levy, H. M., Capability-Based Computer Systems, Digital Press, 1984.
34. McKeen, F., I. Alexandrovich, A. Berenzon, C. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar, “Innovative Instructions and Software Model for Isolated Execution”, in Proceedings of the Workshop on Hardware and Architectural Support for Security and Privacy (HASP), pp. 10:1-10:8, 2013.
35. Moon, D. A., “Architecture of the Symbolics 3600”, in Proceedings of the 12^th. Annual International Symposium on Computer Architecture, ISCA, pp. 76-83, 1985. IEEE Computer Society.
36. Nystrom, Erik, Hong-Seok Kim, and Wen-Mei Hwu. “Bottom-up and Top-down Context-sensitive Summary-based Pointer Analysis.” Static Analysis, pp. 165-180, 2004.
37. Organick, E. I, Computer System Organization: The B5700/B6700 Series, Academic Press, 1973.
38. Pietraszek, T. and C. V. Berghe, “Defending Against Injection Attacks through Context-Sensitive String Evaluation”, in Proceedings of the Recent Advances in Intrusion Detection Symposium, Seattle, WA, September 2005.
39. Qin, F., C. Wang, Z. Li, H. Seop Kim, Y. Zhou, and Y. Wu, “LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks”, in Proceedings of the 39th the Intl. Symposium on Microarchitecture, Orlando, FL, December 2006.
40. Shacham H. “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)”, In 14th The ACM Conference on Computer and Communications Security (CCS), pp. 552-561, 2007.
41. Shioya, R., D. Kim, K. Horio, M. Goshima, and S. Sakai, Low-overhead Architecture for Security Tag, in Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable DComputing, PRDC '09, pages 135-142, Washington, DC, USA, 2009. IEEE Computer Society.
42. Suh, G. E., J. W. Lee, D. Zhang, and S. Devadas., “Secure Program Execution via Dynamic Information Flow Tracking”, in Proceedings of the 11th Intl. Conference on Architectural Support for Programming Languages and Operating Systems, Boston, MA, October 2004, In ACM Sigplan Notices, vol. 39, no. 11, pp. 85-96. ACM, 2004.
43. Sui, Y., and J. Xue. “SVF: Interprocedural Static Value-flow Analysis in LLVM”, in Proceedings of the 25th ACM International Conference on Compiler Construction, pp. 265-266, 2016.
44. Sullivan, G., “The Dover Architecture”, presentation at New England Security Day, Nov. 28, 2016
45. Vachharajani, N., M. J. Bridges, J. Chang, R. Rangan, G. Ottoni, J. A. Blome, G. A. Reis, M. Vachharajani, and D. I. August, “RIFLE: An Architectural Framework for User-Centric Information-Flow Security”, in Proceedings of the 37th Intl. Symposium on Microarchitecture, Portland, OR, December 2004.
46. Vasek, P. and K. Ghose, “A Comparison of Two Context Allocation Approaches for Fast Protected Calls”, in Proceedings of the IEEE Conference on High-Performance Computing (HiPC), December 1997, pp. 16-21.
47. Whaley, J., and M. S. Lam. “Cloning-based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams”, in ACM SIGPLAN Notices, vol. 39, no. 6, pp. 131-144, 2004.
48. Witchel, E., J. Cates, and K. Asanovic, “Mondrian Memory Protection”, in Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS X, Vol. 37, no. 10. pp. 304-316, New York, NY, USA, 2002. ACM.
49. Woodruff, J., R. N. Watson, D. Chisnall, S. W. Moore, J. Anderson, B. Davis, B. Laurie, P. G. Neumann, R. Norton and M. Roe, “The CHERI Capability Model: Revisiting RISC in an Age of Risk”, in Proceedings of the International Symposium on Computer Architecture (ISCA), pages 457-468, June 2014.
50. Wulf, W. A., S. P. Levin and S. P. Harbison, Hydra/Cmmp: An Experimental Computer System, McGraw-Hill, 1981.
51. Xu, W., S. Bhatkar, and R. Sekar, “Taint-enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks”, in Proceedings of the 15th USENIX Security Conference, Vancouver, Canada, August 2006.
52. Zhu, J., “Towards Scalable Flow and Context Sensitive Pointer Analysis”, in Proceedings of the 42nd annual Design Automation Conference, pp. 831-836, 2005.
53. Achermann, Reto, Chris Dalton, Paolo Faraboschi, Moritz Hoffmann, Dejan Milojicic, Geoffrey Ndu, Alexander Richardson, Timothy Roscoe, Adrian L. Shaw, and Robert NM Watson. “Separating Translation from Protection in Address Spaces with Dynamic Remapping.” In Proceedings of the 16th Workshop on Hot Topics in Operating Systems, pp. 118-124. ACM, 2017.
54. Aga, Shaizeen, and Satish Narayanasamy. “InvisiMem: Smart memory defenses for memory bus side channel.” In ACM SIGARCH Computer Architecture News, vol. 45, no. 2, pp. 94-106. ACM, 2017.
55. Arora, Divya, Srivaths Ravi, Anand Raghunathan, and Niraj K. Jha. “Secure embedded processing through hardware-assisted run-time monitoring.” In Design, Automation and Test in Europe, 2005. Proceedings, pp. 178-183. IEEE, 2005.
56. Belay, Adam, Andrea Bittau, Ali José Mashtizadeh, David Terei, David Mazières, and Christos Kozyrakis. “Dune: Safe User-level Access to Privileged CPU Features.” In Osdi, vol. 12, pp. 335-348. 2012.
57. Chen, Chun-Chung, Shih-Hao Hung, and Chen-Pang Lee. “Protection against Buffer Overflow Attacks via Dynamic Binary Translation.” In Reliable and Autonomous Computational Science, pp. 305-324. Springer, Basel, 2011.
58. Chien, Andrew A., and Jay H. Byun. “Safe and protected execution for the morph/AMRM reconfigurable processor.” In Field-Programmable Custom Computing Machines, 1999. FCCM'99. Proceedings. Seventh Annual IEEE Symposium on, pp. 209-221. IEEE, 1999.
59. Corliss, Marc L., E. Christopher Lewis, and Amir Roth. “DISE: A programmable macro engine for customizing applications.” In Computer Architecture, 2003. Proceedings. 30th Annual International Symposium on, pp. 362-373. IEEE, 2003.
60. Cox, Benjamin, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. “15th USENIX Security Symposium.”
61. Dagit, Jason, Simon Winwood, Jem Berkes, and Adam Wick. “Code re-use attacks and their mitigation.” (2017).
62. Ferraiuolo, Andrew, Mark Zhao, Andrew C. Myers, and G. Edward Suh. “HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security.” In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1583-1600. ACM, 2018.
63. Ferraiuolo, Andrew, Yuqi Zhao, G. Edward Suh, and Andrew C. Myers. HyperFlow: A Processor Architecture for Timing-Safe Information-Flow Security. 2018.
64. Fu, Jianming, Rui Jin, and Yan Lin. “FRProtector: Defeating Control Flow Hijacking Through Function-Level Randomization and Transfer Protection.” In International Conference on Security and Privacy in Communication Systems, pp. 659-672. Springer, Cham, 2017.
65. Gonzilez, Julian A. “Hardware Modifications to Prevent Code Reuse Attacks.” (2014).
66. Havet, Aurdlien, Rafael Pires, Pascal Felber, Marcelo Pasin, Romain Rouvoy, and Valerio Schiavoni. “SecureStreams: A Reactive Middleware Framework for Secure Data Stream Processing.” In Proceedings of the 11th ACM International Conference on Distributed and Event-based Systems, pp. 124-133. ACM, 2017.
67. Hoefler, Torsten, Salvatore Di Girolamo, Konstantin Taranov, Ryan E. Grant, and Ron Brightwell. “sPIN: High-performance streaming Processing in the Network.” In Proceedings of the International Conference for High Performance Computing, Networking, Storage and Analysis, p. 59. ACM, 2017.
68. Joannou, Alexandre, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert NM Watson et al. “Efficient Tagged Memory.” In Computer Design (ICCD), 2017 IEEE International Conference on, pp. 641-648. IEEE, 2017.
69. Jungwirth, Patrick, Phil Chan, Eric Imsand, and Hameed Badawy. “Security tag computation and propagation in OSFA.” In Cyber Sensing 2018, vol. 10630, p. 1063004. International Society for Optics and Photonics, 2018.
70. Jungwirth, Patrick, Philip Chan, Thomas Barnett, and Abdel-Hameed Badawy. “Cyber defense through hardware security.” In Disruptive Technologies in Information Sciences, vol. 10652, p. 106520P. International Society for Optics and Photonics, 2018.
71. Kannan, Hari, Michael Dalton, and Christos Kozyrakis. “Decoupling dynamic information flow tracking with a dedicated coprocessor.” In Dependable Systems & Networks, 2009. DSN'09. IEEE/IFIP International Conference on, pp. 105-114. IEEE, 2009.
72. Kim, Channoh, Jaehyeok Kim, Sungmin Kim, Dooyoung Kim, Namho Kim, Gitae Na, Young H. Oh, Hyeon Gyu Cho, and Jae W. Lee. “Typed Architectures: Architectural Support for Lightweight Scripting.” ACM SIGOPS Operating Systems Review 51, no. 2 (2017): 77-90.
73. Lentz, Matthew, Rijurekha Sen, Peter Druschel, and Bobby Bhattacharjee. “SeCloak: ARM Trustzone-based Mobile Peripheral Control.” (2018).
74. Lie, David, Chandramohan Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell, and Mark Horowitz. “Architectural support for copy and tamper resistant software.” ACM SIGPLAN Notices 35, no. 11 (2000): 168-177.
75. Liu, Tao, Hui Guo, Sri Parameswaran, and Sharon X. Hu. “iCETD: An improved tag generation design for memory data authentication in embedded processor systems.” Integration, the VLSI Journal 56 (2017): 96-104.
76. Liu, Tong, Gang Shi, Liwei Chen, Fei Zhang, Yaxuan Yang, and Jihu Zhang. “TMDFI: Tagged Memory Assisted for Fine-Grained Data-Flow Integrity Towards Embedded Systems Against Software Exploitation.” In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 545-550. IEEE, 2018.
77. Reddy, A L Narasimha, and Prithviraj Banerjee. “A fault secure dictionary machine.” In Data Engineering, 1987 IEEE Third International Conference on, pp. 104-110. IEEE, 1987.
78. Roessler, Nick, and André DeHon. “Protecting the stack with metadata policies and tagged hardware.” In 2018 IEEE Symposium on Security and Privacy (SP), pp. 478-495. IEEE, 2018.
79. Shioya, Ryota, Daewung Kim, Kazuo Horio, Masahiro Goshima, and Shuichi Sakai. “Low-overhead architecture for security tag.” IEICE TRANSACTIONS on Information and Systems 94, no. 1 (2011): 69-78.
80. Skorstengaard, Lau, Dominique Devriese, and Lars Birkedal. “Enforcing well-bracketed control flow and stack encapsulation using linear capabilities.” In PriSC 2018 Principles of Secure Compilation. 2018.
81. Sullivan, Gregory T., André DeHon, Steven Milburn, Eli Boling, Marco Ciaffi, Jothy Rosenberg, and Andrew Sutherland. “The Dover inherently secure processor.” In Technologies for Homeland Security (HST), 2017 IEEE International Symposium on, pp. 1-5. IEEE, 2017.
82. Tiwari, Mohit, Banit Agrawal, Shashidhar Mysore, Jonathan Valamehr, and Timothy Sherwood. “A small cache of large ranges: Hardware methods for efficiently searching, storing, and updating big dataflow tags.” In Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture, pp. 94-105. IEEE Computer Society, 2008.
83. Watson, Robert Nicholas, Peter G. Neumann, and Simon W. Moore. “Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA).” MIT Press, 2017.
84. Watson, Robert N M, Jonathan Woodruff, Michael Roe, Simon W. Moore, and Peter G. Neumann. Capability Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre Attacks. No. UCAM-CL-TR-916. University of Cambridge, Computer Laboratory, 2018.
85. Wilkerson, Christopher B. “System and method to bypass execution of instructions involving unreliable data during speculative execution.” U.S. Pat. No. 7,114,059, issued Sep. 26, 2006.
86. Wong, Ming Ming, Jawad Haj-Yahya, and Anupam Chattopadhyay. “SMARTS: secure memory assurance of RISC-V trusted SoC.” In Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, p. 6. ACM, 2018.
87. Woodruff, Jonathan David, A. Joannou, Robert Kovacsics, Simon William Moore, A. Bradbury, H. Xia, R. N. M. Robert et al. “Efficient Tagged Memory.” (2018).
88. Xia, Yubin, Yutao Liu, Haibo Chen, and Binyu Zang. “CFIMon: Detecting violation of control flow integrity using performance counters.” In Dependable Systems and Networks (DSN), 2012 42nd Annual IEEE/IFIP International Conference on, pp. 1-12. IEEE, 2012.
89. Yang, L. I., and Jun-wei LI. “A Technique Preventing Code Reuse Attacks Based on RISC Processor.” DEStech Transactions on Computer Science and Engineering CCNT (2018).
90. Yao, Zhihao, Saeed Mirzamohammadi, Ardalan Amiri Sani, and Mathias Payer. “Milkomeda: Safeguarding the Mobile GPU Interface Using WebGL Security Checks.” In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1455-1469. ACM, 2018.
91. Zeldovich, Nickolai, Hari Kannan, Michael Dalton, and Christos Kozyrakis. “Hardware Enforcement of Application Security Policies Using Tagged Memory.” In OSDI, vol. 8, pp. 225-240. 2008.
92. Zeldovich, Nickolai, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. “Making information flow explicit in HiStar.” In Proceedings of the 7th symposium on Operating systems design and implementation, pp. 263-278. USENIX Association, 2006.

Claims

1. A secure processor, comprising: a cache comprising a cache line comprising memory locations configured to store a plurality of instructions and a plurality of instruction tags, each instruction having an associated tag; a tag processing unit, configured to receive the instruction tag from the cache line, and to determine a restriction defined by the instruction tag before completion of execution of the instruction associated with the tag; and a logic execution unit configured to receive the instruction from the cache line, and subject to the determined restriction, at least one of execute the instruction, restrict access to at least one resource, and restrict a manipulation of data.
2. The secure processor according to claim 1, wherein the tag processing unit is configured to concurrently enforce the restriction with respect to access to at least one resource.
3. The secure processor according to claim 1, wherein the tag processing unit is configured to concurrently enforce the restriction with respect to manipulation of data.
4. The secure processor according to claim 1, wherein the logic execution unit comprises an instruction processing pipeline, configured to receive the instruction from the cache line, decode the instruction, and process data based on the instruction in the instruction processing pipeline; andthe tag processing unit is configured to determine the restriction concurrently with the decoding of the instruction, and before processing of the data.
5. The secure processor according to claim 1, further comprising a control transfer processing unit, configured to determine a control transfer restriction selectively dependent on the instruction tag and a validity of a control flow instruction defining at least an entry point of a control transfer, and enforce the control transfer restriction based on the determined validity of the control flow instruction, by interaction with the logic execution unit.
6. The secure processor according to claim 5, wherein the logic execution unit comprises an instruction processing pipeline, configured to receive the instruction from the cache line, decode the instruction, and process data based on the instruction in the instruction processing pipeline, subject to enforcement of the restriction by the tag processing unit, and validation of the control transfer instruction by the control transfer processing unit.
7. The secure processor according to claim 1, wherein the tag processing unit is further configured to ensure compliance with at least one rule, selected from the group consisting of data type rules, memory access rules, context-specific data usage rules, source-dependent data usage rules, data modification rules, source-dependent instruction execution rules, context-dependent instruction execution rules, instruction sequence modification rules, and control transfer instruction rules.
8. The secure processor according to claim 1, wherein the logic execution unit is configured to generate data and an associated data tag.
9. The secure processor according to claim 1, further comprising data tag processing unit, wherein the cache line is further configured to store data and an associated data tag, wherein the instruction tag is processed in conjunction with the data tag to restrict use of a memory address calculated using the data.
10. The secure processor according to claim 1, wherein the tag processing unit is further configured to enforce a restriction on use of the instruction, selected from the group consisting of use of an instruction to control flow to a legal path, to call a function, to return from a function call, to access a protected domain or module, to perform a legal operation based on the source data type, and to bound access to a fenced memory region.
11. The secure processor according to claim 1, wherein the tag processing unit is further configured to determine a tainted instruction or tainted data, and to restrict use of the tainted instruction or tainted data by the logic execution unit.
12. The secure processor according to claim 1, wherein the tag processing unit is responsive a privilege level or security level of the instruction according to a plurality of privilege levels or security levels, to respectively restrict access by the logic execution unit dependent on a respective privilege level or security level corresponding to the accompanying instruction tag.
13. The secure processor according to claim 1, further comprising an address translation unit configured to map logical memory spaces to physical memory pages, and retrieve the physical memory pages for storage in the cache dependent on logical memory pages.
14. The secure processor according to claim 13, wherein the address translation unit is further configured to maintain a privilege restriction on a memory page which restricts reading, writing, and execution with respect to the memory page, unless accessed by trusted hardware or according to the instruction and the instruction tag which indicates a sufficient access privilege.
15. The secure processor according to claim 1, wherein the logic execution unit and the tag processing unit are synchronized in processing of the instruction and enforcement of the instruction tag.
16. The secure processor according to claim 1, wherein the logic execution unit further comprises a logic execution pipeline, and the tag processing unit further comprises a tag processing pipeline, wherein the logic execution pipeline and the tag processing pipeline coordinate processing of the instruction and the instruction tag, wherein at least one of: the tag processing pipeline has a tag processing stage which relies on information provided by at least one stage of the logic execution pipeline; and the logic execution pipeline selectively processes instructions in dependence on a signal generated by a stage of the tag processing pipeline.
17. A secure microprocessor, comprising: a cache comprising a cache line, each cache line comprising memory locations configured to store an instruction, and a memory location for storing a tag accompanying each instruction, wherein the cache line is configured to store a plurality of instructions and a plurality of accompanying tags;a tag processing unit, configured to receive the accompanying tag from the cache line, concurrently enforce a specific restriction with respect to at least execution of the instruction, access to at least one resource, and manipulation of data, selectively dependent on the accompanying tag from the cache line; anda logic execution unit comprising an instruction processing pipeline, configured to receive the instruction from the cache line, decode the instruction, and process the data based on the instruction in the instruction processing pipeline, subject to enforcement of the specific restrictions by the tag processing unit.
18. The secure microprocessor according to claim 17, further comprising a control transfer processing unit, configured to validate each instruction comprising a control transfer instruction for a control flow execution and a control flow execution entry point, selectively dependent on at least the accompanying tag from the cache line, and the control transfer processing unit is configured to validate the control transfer instruction.
19. A secure microprocessor, comprising: a cache having a cache line, configured to store a plurality of instructions and a plurality of instruction tags, each instruction having an associated instruction tag, and a plurality of data and a plurality of data tags, and each datum having an associated data tag;the associated instruction tag for a respective instruction comprising information to enforce context-dependent behavior, and each data tag containing information indicating limitations on behavior of the logic unit with respect to the respective datum;a tag processing unit, configured to receive the associated instruction tag and the associated data tag from the cache line, and to define a signal to control the context-dependent behavior concurrent with execution of execution of the instruction; anda logic unit configured to receive and execute instructions from the cache line dependent on data, and the signal.
20. The secure microprocessor according to claim 19, wherein the logic execution unit comprises a logic execution pipeline, and the tag processing logic further comprises a tag processing pipeline, wherein the logic execution pipeline and the tag processing pipeline coordinate processing of the instruction and the instruction tag, wherein at least one of: the tag processing pipeline has a tag processing stage which relies on information provided by at least one stage of the logic execution pipeline; andthe logic execution pipeline selectively processes instructions in dependence on a signal generated by a stage of the tag processing pipeline.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a Continuation of U.S. patent application Ser. No. 16/684,233 filed Nov. 14, 2019, now U.S. Pat. No. 11,741,196, issued Aug. 29, 2023, which is a Non-provisional of, and claims benefit of priority under, U.S. Provisional Patent Application No. 62/767,908, filed Nov. 15, 2019, the entirety of which is expressly incorporated herein by reference.

US Referenced Citations (1866)

Number	Name	Date	Kind
3956615	Anderson et al.	May 1976	A
4599647	George et al.	Jul 1986	A
4872157	Hemmady et al.	Oct 1989	A
4872158	Richards	Oct 1989	A
4872159	Hemmady et al.	Oct 1989	A
4872160	Hemmady et al.	Oct 1989	A
4875206	Nichols et al.	Oct 1989	A
4893302	Hemmady et al.	Jan 1990	A
4894824	Hemmady et al.	Jan 1990	A
4896319	Lidinsky et al.	Jan 1990	A
4897874	Lidinsky et al.	Jan 1990	A
4899333	Roediger	Feb 1990	A
4922486	Lidinsky et al.	May 1990	A
4942574	Zelle	Jul 1990	A
4958341	Hemmady et al.	Sep 1990	A
4977582	Nichols et al.	Dec 1990	A
5204840	Mazur	Apr 1993	A
5603031	White et al.	Feb 1997	A
5729710	Magee et al.	Mar 1998	A
5742840	Hansen et al.	Apr 1998	A
5794060	Hansen et al.	Aug 1998	A
5794061	Hansen et al.	Aug 1998	A
5809321	Hansen et al.	Sep 1998	A
5812639	Bartholomew et al.	Sep 1998	A
5822603	Hansen et al.	Oct 1998	A
5862325	Reed et al.	Jan 1999	A
5864683	Boebert et al.	Jan 1999	A
5867494	Krishnaswamy et al.	Feb 1999	A
5867495	Elliott et al.	Feb 1999	A
5875296	Shi et al.	Feb 1999	A
5892900	Ginter et al.	Apr 1999	A
5909694	Gregor	Jun 1999	A
5910987	Ginter et al.	Jun 1999	A
5915019	Ginter et al.	Jun 1999	A
5917912	Ginter et al.	Jun 1999	A
5918228	Rich et al.	Jun 1999	A
5933816	Zeanah et al.	Aug 1999	A
5949876	Ginter et al.	Sep 1999	A
5974566	Ault et al.	Oct 1999	A
5982891	Ginter et al.	Nov 1999	A
5987506	Carter et al.	Nov 1999	A
5999525	Krishnaswamy et al.	Dec 1999	A
6006318	Hansen et al.	Dec 1999	A
6016393	White et al.	Jan 2000	A
6044205	Reed et al.	Mar 2000	A
6088659	Kelley et al.	Jul 2000	A
6088717	Reed et al.	Jul 2000	A
6199068	Carpenter	Mar 2001	B1
6237786	Ginter et al.	May 2001	B1
6253193	Ginter et al.	Jun 2001	B1
6289382	Bowman-Amuah	Sep 2001	B1
6332163	Bowman-Amuah	Dec 2001	B1
6335927	Elliott et al.	Jan 2002	B1
6339832	Bowman-Amuah	Jan 2002	B1
6341352	Child et al.	Jan 2002	B1
6345288	Reed et al.	Feb 2002	B1
6357010	Viets et al.	Mar 2002	B1
6363488	Ginter et al.	Mar 2002	B1
6385552	Snyder	May 2002	B1
6389402	Ginter et al.	May 2002	B1
6411309	Ly	Jun 2002	B1
6415246	Snyder	Jul 2002	B1
6427063	Cook et al.	Jul 2002	B1
6427140	Ginter et al.	Jul 2002	B1
6434568	Bowman-Amuah	Aug 2002	B1
6434628	Bowman-Amuah	Aug 2002	B1
6438594	Bowman-Amuah	Aug 2002	B1
6442748	Bowman-Amuah	Aug 2002	B1
6477580	Bowman-Amuah	Nov 2002	B1
6477665	Bowman-Amuah	Nov 2002	B1
6496850	Bowman-Amuah	Dec 2002	B1
6501832	Saylor et al.	Dec 2002	B1
6502102	Haswell et al.	Dec 2002	B1
6502213	Bowman-Amuah	Dec 2002	B1
6523027	Underwood	Feb 2003	B1
6529909	Bowman-Amuah	Mar 2003	B1
6529948	Bowman-Amuah	Mar 2003	B1
6539396	Bowman-Amuah	Mar 2003	B1
6542841	Snyder	Apr 2003	B1
6546546	Van Doorn	Apr 2003	B1
6549949	Bowman-Amuah	Apr 2003	B1
6550057	Bowman-Amuah	Apr 2003	B1
6571282	Bowman-Amuah	May 2003	B1
6578068	Bowman-Amuah	Jun 2003	B1
6594671	Aman et al.	Jul 2003	B1
6601192	Bowman-Amuah	Jul 2003	B1
6601233	Underwood	Jul 2003	B1
6601234	Bowman-Amuah	Jul 2003	B1
6606479	Cook et al.	Aug 2003	B2
6606660	Bowman-Amuah	Aug 2003	B1
6606744	Mikurak	Aug 2003	B1
6609128	Underwood	Aug 2003	B1
6615199	Bowman-Amuah	Sep 2003	B1
6615253	Bowman-Amuah	Sep 2003	B1
6633835	Moran et al.	Oct 2003	B1
6633878	Underwood	Oct 2003	B1
6636242	Bowman-Amuah	Oct 2003	B2
6640238	Bowman-Amuah	Oct 2003	B1
6640244	Bowman-Amuah	Oct 2003	B1
6640249	Bowman-Amuah	Oct 2003	B1
6640304	Ginter et al.	Oct 2003	B2
6640307	Viets et al.	Oct 2003	B2
6647400	Moran	Nov 2003	B1
6662231	Drosset et al.	Dec 2003	B1
6671818	Mikurak	Dec 2003	B1
6701514	Haswell et al.	Mar 2004	B1
6704873	Underwood	Mar 2004	B1
6707889	Saylor et al.	Mar 2004	B1
6715145	Bowman-Amuah	Mar 2004	B1
6718535	Underwood	Apr 2004	B1
6731625	Eastep et al.	May 2004	B1
6742015	Bowman-Amuah	May 2004	B1
6745286	Staub et al.	Jun 2004	B2
6754181	Elliott et al.	Jun 2004	B1
6754773	Ulrich et al.	Jun 2004	B2
6757710	Reed	Jun 2004	B2
6772332	Boebert et al.	Aug 2004	B1
6775792	Ulrich et al.	Aug 2004	B2
6779120	Valente et al.	Aug 2004	B1
6792086	Saylor et al.	Sep 2004	B1
6801940	Moran et al.	Oct 2004	B1
6826697	Moran	Nov 2004	B1
6842906	Bowman-Amuah	Jan 2005	B1
6857061	Liao	Feb 2005	B1
6862692	Ulrich et al.	Mar 2005	B2
6871295	Ulrich et al.	Mar 2005	B2
6888929	Saylor et al.	May 2005	B1
6895084	Saylor et al.	May 2005	B1
6907546	Haswell et al.	Jun 2005	B1
6909708	Krishnaswamy et al.	Jun 2005	B1
6948070	Ginter et al.	Sep 2005	B1
6976090	Ben-Shaul et al.	Dec 2005	B2
6986052	Mittal	Jan 2006	B1
6990547	Ulrich et al.	Jan 2006	B2
6990667	Ulrich et al.	Jan 2006	B2
6996843	Moran	Feb 2006	B1
7020697	Goodman et al.	Mar 2006	B1
7024692	Schanze et al.	Apr 2006	B1
7032114	Moran	Apr 2006	B1
7051212	Ginter et al.	May 2006	B2
7054927	Ulrich et al.	May 2006	B2
7062567	Benitez et al.	Jun 2006	B2
7065579	Traversat et al.	Jun 2006	B2
7065657	Moran	Jun 2006	B1
7069451	Ginter et al.	Jun 2006	B1
7076652	Ginter et al.	Jul 2006	B2
7085936	Moran	Aug 2006	B1
7095854	Ginter et al.	Aug 2006	B1
7100195	Underwood	Aug 2006	B1
7100199	Ginter et al.	Aug 2006	B2
7114059	Wilkerson	Sep 2006	B2
7120771	Dahan et al.	Oct 2006	B2
7120800	Ginter et al.	Oct 2006	B2
7124101	Mikurak	Oct 2006	B1
7124302	Ginter et al.	Oct 2006	B2
7124305	Margolus et al.	Oct 2006	B2
7130807	Mikurak	Oct 2006	B1
7130885	Chandra et al.	Oct 2006	B2
7133845	Ginter et al.	Nov 2006	B1
7136927	Traversat et al.	Nov 2006	B2
7145898	Elliott	Dec 2006	B1
7165107	Pouyoul et al.	Jan 2007	B2
7167920	Traversat et al.	Jan 2007	B2
7171689	Beavers	Jan 2007	B2
7181613	Boebert et al.	Feb 2007	B2
7188003	Ransom et al.	Mar 2007	B2
7194769	Lippmann et al.	Mar 2007	B2
7197565	Abdelaziz et al.	Mar 2007	B2
7203962	Moran	Apr 2007	B1
7206841	Traversat et al.	Apr 2007	B2
7206934	Pabla et al.	Apr 2007	B2
7213047	Yeager et al.	May 2007	B2
7219239	Njemanze et al.	May 2007	B1
7237081	Dahan et al.	Jun 2007	B2
7237123	Vine et al.	Jun 2007	B2
7246370	Valente et al.	Jul 2007	B2
7249344	Zeanah et al.	Jul 2007	B1
7254586	Chen et al.	Aug 2007	B2
7254608	Yeager et al.	Aug 2007	B2
7263560	Abdelaziz et al.	Aug 2007	B2
7275102	Yeager et al.	Sep 2007	B2
7287030	Margolus et al.	Oct 2007	B2
7289964	Bowman-Amuah	Oct 2007	B1
7289994	Nixon et al.	Oct 2007	B2
7299277	Moran et al.	Nov 2007	B1
7305697	Alao et al.	Dec 2007	B2
7328243	Yeager et al.	Feb 2008	B2
7334123	Gulick et al.	Feb 2008	B2
7337441	Felt et al.	Feb 2008	B2
7340469	Alghathbar et al.	Mar 2008	B1
7340500	Traversat et al.	Mar 2008	B2
7346922	Miliefsky	Mar 2008	B2
7350085	Johnson et al.	Mar 2008	B2
7356701	Margolus et al.	Apr 2008	B2
7356730	Ulrich et al.	Apr 2008	B2
7376969	Njemanze et al.	May 2008	B1
7395536	Verbeke et al.	Jul 2008	B2
7398283	Margolus et al.	Jul 2008	B2
7401152	Traversat et al.	Jul 2008	B2
7401153	Traversat et al.	Jul 2008	B2
7412462	Margolus et al.	Aug 2008	B2
7430670	Horning et al.	Sep 2008	B1
7431650	Kessman et al.	Oct 2008	B2
7437614	Haswell et al.	Oct 2008	B2
7451488	Cooper et al.	Nov 2008	B2
7457397	Saylor et al.	Nov 2008	B1
7457959	Margolus et al.	Nov 2008	B2
7464407	Nakae et al.	Dec 2008	B2
7467198	Goodman et al.	Dec 2008	B2
7478422	Valente et al.	Jan 2009	B2
7484008	Gelvin et al.	Jan 2009	B1
7484225	Hugly et al.	Jan 2009	B2
7484236	Alao et al.	Jan 2009	B2
7487509	Hugly et al.	Feb 2009	B2
7492873	Giroti et al.	Feb 2009	B2
7496750	Kumar et al.	Feb 2009	B2
7502752	Lemons et al.	Mar 2009	B1
7502807	Muthukrishnan et al.	Mar 2009	B2
7506173	Margolus et al.	Mar 2009	B2
7509431	Singhal et al.	Mar 2009	B2
7509639	Worley, Jr.	Mar 2009	B2
7523054	Tyson-Quah	Apr 2009	B2
7533141	Nadgir et al.	May 2009	B2
7533161	Hugly et al.	May 2009	B2
7533172	Traversat et al.	May 2009	B2
7543329	Viets et al.	Jun 2009	B2
7546334	Redlich et al.	Jun 2009	B2
7551567	Anthias et al.	Jun 2009	B2
7555706	Chapman et al.	Jun 2009	B2
7574523	Traversat et al.	Aug 2009	B2
7586871	Hamilton et al.	Sep 2009	B2
7587617	Margolus et al.	Sep 2009	B2
7603550	McGrath et al.	Oct 2009	B2
7606267	Ho et al.	Oct 2009	B2
7607169	Njemanze et al.	Oct 2009	B1
7630986	Herz et al.	Dec 2009	B1
7650638	Njemanze et al.	Jan 2010	B1
7657597	Arora et al.	Feb 2010	B2
7657931	Margolus et al.	Feb 2010	B2
7664879	Chan et al.	Feb 2010	B2
7669051	Redlich et al.	Feb 2010	B2
7669212	Alao et al.	Feb 2010	B2
7673345	Cheng et al.	Mar 2010	B2
7676539	Jhoney et al.	Mar 2010	B2
7683940	Fleming	Mar 2010	B2
7685096	Margolus et al.	Mar 2010	B2
7693185	Brown et al.	Apr 2010	B1
7693814	Margolus et al.	Apr 2010	B2
7698416	Potti et al.	Apr 2010	B2
7716077	Mikurak	May 2010	B1
7725934	Kumar et al.	May 2010	B2
7730299	Boebert et al.	Jun 2010	B2
7743421	Cosquer et al.	Jun 2010	B2
7747523	Cohen	Jun 2010	B2
7747797	Abraham et al.	Jun 2010	B2
7752255	Cohen et al.	Jul 2010	B2
7752459	Cowan et al.	Jul 2010	B2
7752466	Ginter et al.	Jul 2010	B2
7761910	Ransom et al.	Jul 2010	B2
7761917	Kumar	Jul 2010	B1
7761918	Gula et al.	Jul 2010	B2
7762470	Finn et al.	Jul 2010	B2
7774495	Pabla et al.	Aug 2010	B2
7779270	Horning et al.	Aug 2010	B2
7779394	Homing et al.	Aug 2010	B2
7783777	Pabla et al.	Aug 2010	B1
7788433	Henry et al.	Aug 2010	B2
7788722	Njemanze et al.	Aug 2010	B1
7797406	Patel et al.	Sep 2010	B2
7814554	Ragner	Oct 2010	B1
7822979	Mittal	Oct 2010	B2
7823135	Horning et al.	Oct 2010	B2
7827256	Phillips et al.	Nov 2010	B2
7827606	Rits et al.	Nov 2010	B2
7831823	Ginter et al.	Nov 2010	B2
7844835	Ginter et al.	Nov 2010	B2
7861299	Tidwell et al.	Dec 2010	B1
7869425	Elliott et al.	Jan 2011	B2
7878909	Kessman et al.	Feb 2011	B2
7890753	Dahan et al.	Feb 2011	B2
7891004	Gelvin et al.	Feb 2011	B1
7904187	Hoffberg et al.	Mar 2011	B2
7904569	Gelvin et al.	Mar 2011	B1
7917695	Ulrich et al.	Mar 2011	B2
7917749	Ginter et al.	Mar 2011	B2
7926113	Gula et al.	Apr 2011	B1
7933925	Sreedhar	Apr 2011	B2
7941396	Power et al.	May 2011	B2
7945958	Amarasinghe et al.	May 2011	B2
7949728	Rivette et al.	May 2011	B2
7957991	Mikurak	Jun 2011	B2
7958549	Nakae et al.	Jun 2011	B2
7961743	Alao et al.	Jun 2011	B2
7962582	Potti et al.	Jun 2011	B2
7962961	Griffin et al.	Jun 2011	B1
7966078	Hoffberg et al.	Jun 2011	B2
7966369	Briere et al.	Jun 2011	B1
7971018	Schwemmlein	Jun 2011	B2
7975051	Saint Clair et al.	Jul 2011	B2
7980948	Rowe et al.	Jul 2011	B2
7984509	Ginter et al.	Jul 2011	B2
7987003	Hoffberg et al.	Jul 2011	B2
7987272	Kumar et al.	Jul 2011	B2
7996556	Raghavan et al.	Aug 2011	B2
8001546	Felt et al.	Aug 2011	B2
8006087	Ginter et al.	Aug 2011	B2
8015570	Venkatraman et al.	Sep 2011	B2
8028341	Cheng et al.	Sep 2011	B2
8032409	Mikurak	Oct 2011	B1
8037202	Yeager et al.	Oct 2011	B2
8055732	Cohen et al.	Nov 2011	B2
8055797	Cohen et al.	Nov 2011	B2
8055913	Ginter et al.	Nov 2011	B2
8056130	Njemanze et al.	Nov 2011	B1
8065725	Zheng et al.	Nov 2011	B2
8074256	Valente et al.	Dec 2011	B2
8078788	Chang et al.	Dec 2011	B2
8079118	Gelvin et al.	Dec 2011	B2
8082304	Ho et al.	Dec 2011	B2
8086585	Brashers et al.	Dec 2011	B1
8086744	Abdullah et al.	Dec 2011	B2
8090839	Kumar et al.	Jan 2012	B2
8094647	Elliott et al.	Jan 2012	B2
8095984	McFarlane et al.	Jan 2012	B2
8108455	Yeager et al.	Jan 2012	B2
8112330	Grandcolas et al.	Feb 2012	B1
8112625	Ginter et al.	Feb 2012	B2
8117261	Briere et al.	Feb 2012	B2
8127359	Kelekar	Feb 2012	B2
8140786	Bunte et al.	Mar 2012	B2
8141155	Jeschke et al.	Mar 2012	B2
8141165	Ginter et al.	Mar 2012	B2
8160077	Traversat et al.	Apr 2012	B2
8161540	Mantripragada et al.	Apr 2012	B2
8176001	Mantripragada et al.	May 2012	B2
8176527	Njemanze et al.	May 2012	B1
8176563	Redlich et al.	May 2012	B2
8181021	Ginter et al.	May 2012	B2
8185651	Moran et al.	May 2012	B2
8191157	Ginter et al.	May 2012	B2
8191158	Ginter et al.	May 2012	B2
8194646	Elliott et al.	Jun 2012	B2
8196131	Von Behren et al.	Jun 2012	B1
8201216	Cha et al.	Jun 2012	B2
8201257	Andres et al.	Jun 2012	B1
8204992	Arora et al.	Jun 2012	B2
8209753	Wen et al.	Jun 2012	B2
8209763	Henry et al.	Jun 2012	B2
8214590	Ulrich et al.	Jul 2012	B2
8224930	Cohen et al.	Jul 2012	B2
8230507	Njemanze et al.	Jul 2012	B1
8234711	Kang et al.	Jul 2012	B2
8250552	Kandasamy et al.	Aug 2012	B2
8261359	Levine et al.	Sep 2012	B2
8266327	Kumar et al.	Sep 2012	B2
8271336	Mikurak	Sep 2012	B2
8281036	Cohen et al.	Oct 2012	B2
8286255	Grant et al.	Oct 2012	B2
8291238	Ginter et al.	Oct 2012	B2
8296848	Griffin et al.	Oct 2012	B1
8306228	Le Saint et al.	Nov 2012	B2
8312148	Anthias et al.	Nov 2012	B2
8316091	Hirvela et al.	Nov 2012	B2
8316448	Peinado et al.	Nov 2012	B2
8316449	Ginter et al.	Nov 2012	B2
8327328	Colton et al.	Dec 2012	B2
8332367	Bhattacherjee et al.	Dec 2012	B2
8346532	Chakra et al.	Jan 2013	B2
8347072	Mittal	Jan 2013	B2
8359397	Traversat et al.	Jan 2013	B2
8365021	Inoue et al.	Jan 2013	B2
8365278	Njemanze et al.	Jan 2013	B1
8365289	Russ et al.	Jan 2013	B2
8370641	Henry et al.	Feb 2013	B2
8375082	Mukherjee	Feb 2013	B2
8381192	Drewry et al.	Feb 2013	B1
8387022	Horning et al.	Feb 2013	B2
8392677	Bunte et al.	Mar 2013	B2
8392997	Chen et al.	Mar 2013	B2
8393969	Kessman et al.	Mar 2013	B2
8402557	Ginter et al.	Mar 2013	B2
8417866	Chang et al.	Apr 2013	B2
8422379	Xu et al.	Apr 2013	B2
8423953	Colton et al.	Apr 2013	B2
8434128	Kennedy	Apr 2013	B2
8438532	Fox et al.	May 2013	B2
8438643	Wiemer et al.	May 2013	B2
8458798	Williams et al.	Jun 2013	B2
8464077	Ginter et al.	Jun 2013	B2
8468244	Redlich et al.	Jun 2013	B2
8468606	Van De Weyer et al.	Jun 2013	B2
8474004	Leone	Jun 2013	B2
8484741	Chapman	Jul 2013	B1
8516118	Saint Clair et al.	Aug 2013	B2
8516594	Bennett et al.	Aug 2013	B2
8522348	Chen et al.	Aug 2013	B2
8522354	Henry et al.	Aug 2013	B2
8527406	Cohen	Sep 2013	B2
8527549	Cidon	Sep 2013	B2
8533843	Levi	Sep 2013	B2
8533851	Ginter et al.	Sep 2013	B2
8533854	Ginter et al.	Sep 2013	B2
8543506	Grandcolas et al.	Sep 2013	B2
8543607	Sreedhar	Sep 2013	B2
8543842	Ginter et al.	Sep 2013	B2
8543982	Zeanah et al.	Sep 2013	B2
8544098	Gustave et al.	Sep 2013	B2
8549171	Ramarao et al.	Oct 2013	B2
8549275	Mittal	Oct 2013	B2
8560366	Mikurak	Oct 2013	B2
8566839	Johnson et al.	Oct 2013	B2
8566928	Dagon et al.	Oct 2013	B2
8572173	Briere et al.	Oct 2013	B2
8572411	Ginter et al.	Oct 2013	B2
8572550	Fox et al.	Oct 2013	B2
8572750	Patel et al.	Oct 2013	B2
8578490	Moran	Nov 2013	B2
8583263	Hoffberg et al.	Nov 2013	B2
8595306	Hirvela et al.	Nov 2013	B2
8595845	Basavapatna et al.	Nov 2013	B2
8599277	Fleming	Dec 2013	B2
8601104	Cohen et al.	Dec 2013	B2
8601498	Laurich et al.	Dec 2013	B2
8601530	Cohen et al.	Dec 2013	B2
8601595	Gelvin et al.	Dec 2013	B2
8602089	Singh et al.	Dec 2013	B2
8607034	Henry et al.	Dec 2013	B2
8607067	Janse van Rensburg et al.	Dec 2013	B1
8607325	Kennedy	Dec 2013	B2
8607336	Cohen et al.	Dec 2013	B2
8611232	Xu et al.	Dec 2013	B2
8612936	Fox et al.	Dec 2013	B2
8613080	Wysopal et al.	Dec 2013	B2
8613083	Njemanze et al.	Dec 2013	B1
8615656	Weinstein et al.	Dec 2013	B2
8615799	Henry et al.	Dec 2013	B2
8627053	Mittal	Jan 2014	B2
8627402	Cohen et al.	Jan 2014	B2
8631248	Cowan et al.	Jan 2014	B2
8631387	Henderson	Jan 2014	B2
8631489	Antonakakis et al.	Jan 2014	B2
8639625	Ginter et al.	Jan 2014	B1
8640194	Inoue et al.	Jan 2014	B2
8640240	Sagoo et al.	Jan 2014	B2
8644516	Le Saint et al.	Feb 2014	B1
8645572	Alao et al.	Feb 2014	B2
8646059	von Behren et al.	Feb 2014	B1
8650637	Beresnevichiene et al.	Feb 2014	B2
8655939	Redlich et al.	Feb 2014	B2
8656497	Amarasinghe et al.	Feb 2014	B2
8660849	Gruber et al.	Feb 2014	B2
8660880	Chehade et al.	Feb 2014	B2
8670979	Gruber et al.	Mar 2014	B2
8677505	Redlich et al.	Mar 2014	B2
8677507	Ginter et al.	Mar 2014	B2
8683560	Brooker et al.	Mar 2014	B1
8688461	Richards et al.	Apr 2014	B1
8700772	Saint Clair	Apr 2014	B2
8706503	Cheyer et al.	Apr 2014	B2
8706914	Duchesneau	Apr 2014	B2
8706915	Duchesneau	Apr 2014	B2
8730946	Mantripragada et al.	May 2014	B2
8731942	Cheyer et al.	May 2014	B2
8732023	Mikurak	May 2014	B2
8738860	Griffin et al.	May 2014	B1
8738932	Lee et al.	May 2014	B2
8750841	Johnson et al.	Jun 2014	B2
8755392	Traversat et al.	Jun 2014	B2
8762188	Abercrombie et al.	Jun 2014	B2
8762687	Henry et al.	Jun 2014	B2
8769127	Selimis et al.	Jul 2014	B2
8769304	Kirsch	Jul 2014	B2
8776180	Kumar et al.	Jul 2014	B2
8782661	Ulrich et al.	Jul 2014	B2
8789192	LaBumbard	Jul 2014	B2
8789193	Kelekar	Jul 2014	B2
8793803	Henry et al.	Jul 2014	B2
8799000	Guzzoni et al.	Aug 2014	B2
8799403	Chan et al.	Aug 2014	B2
8807440	von Behren et al.	Aug 2014	B1
8813235	Sidagni	Aug 2014	B2
8819225	Wang et al.	Aug 2014	B2
8819420	McKeeman et al.	Aug 2014	B1
8819839	Henry et al.	Aug 2014	B2
8825830	Newton et al.	Sep 2014	B2
8826438	Perdisci et al.	Sep 2014	B2
8838924	Henry et al.	Sep 2014	B2
8844043	Williams et al.	Sep 2014	B2
8844045	Benefield	Sep 2014	B2
8850588	Kumar et al.	Sep 2014	B2
8856936	Datta Ray et al.	Oct 2014	B2
8868914	Teppler	Oct 2014	B2
8869110	Kaksonen	Oct 2014	B2
8874685	Hollis et al.	Oct 2014	B1
8887177	Johnson et al.	Nov 2014	B2
8892446	Cheyer et al.	Nov 2014	B2
8893283	Raz et al.	Nov 2014	B2
8900054	Patel	Dec 2014	B2
8903705	Douceur et al.	Dec 2014	B2
8903716	Chen et al.	Dec 2014	B2
8909779	Clair et al.	Dec 2014	B2
8909881	Bunte et al.	Dec 2014	B2
8910276	Henry et al.	Dec 2014	B2
8917159	McAllister et al.	Dec 2014	B2
8918884	Jajodia et al.	Dec 2014	B2
8918887	Taniguchi et al.	Dec 2014	B2
8925082	Ashley	Dec 2014	B2
8930191	Gruber et al.	Jan 2015	B2
8942986	Cheyer et al.	Jan 2015	B2
8943313	Glew et al.	Jan 2015	B2
8943513	Ulrich et al.	Jan 2015	B2
8949169	Shelton et al.	Feb 2015	B2
8966619	Ormazabal et al.	Feb 2015	B2
8966639	Roytman et al.	Feb 2015	B1
8978132	Henry et al.	Mar 2015	B2
8984579	Cohen et al.	Mar 2015	B2
8984643	Krisher et al.	Mar 2015	B1
8990948	Kumar et al.	Mar 2015	B2
8996449	Power et al.	Mar 2015	B2
9002014	Henry et al.	Apr 2015	B2
9003537	Raz et al.	Apr 2015	B2
9005031	Kessman et al.	Apr 2015	B2
9015301	Redlich et al.	Apr 2015	B2
9020885	Beartusk et al.	Apr 2015	B2
9027125	Kumar et al.	May 2015	B2
9032533	Bennett et al.	May 2015	B2
9043753	Fox et al.	May 2015	B2
9043919	Wyatt et al.	May 2015	B2
9043920	Gula et al.	May 2015	B2
9047293	Grafi et al.	Jun 2015	B2
9047483	Briere et al.	Jun 2015	B2
9047484	Briere et al.	Jun 2015	B2
9064099	Horning et al.	Jun 2015	B2
9064111	Aciicmez et al.	Jun 2015	B2
9069930	Hart	Jun 2015	B1
9069967	Wysopal et al.	Jun 2015	B2
9072965	Kessman et al.	Jul 2015	B2
9092616	Kumar et al.	Jul 2015	B2
9094448	Benefield	Jul 2015	B2
9111088	Ghai et al.	Aug 2015	B2
9113051	Scalisi	Aug 2015	B1
9117447	Gruber et al.	Aug 2015	B2
9118706	Bianco	Aug 2015	B2
9118713	Bisht et al.	Aug 2015	B2
9128728	Siman	Sep 2015	B2
9128801	Fox et al.	Sep 2015	B2
9129279	Zeanah et al.	Sep 2015	B1
9135778	Patel	Sep 2015	B2
9141378	Fox et al.	Sep 2015	B2
9141805	Giakouminakis et al.	Sep 2015	B2
9141806	Siman	Sep 2015	B2
9143392	Duchesneau	Sep 2015	B2
9158871	Neergaard	Oct 2015	B2
9158922	Liu	Oct 2015	B2
9160761	Lee et al.	Oct 2015	B2
9165133	La Fever et al.	Oct 2015	B2
9166994	Ward et al.	Oct 2015	B2
9177175	Margolus et al.	Nov 2015	B2
9178911	Cohen et al.	Nov 2015	B2
9185125	Varsanyi et al.	Nov 2015	B2
9215236	Kennedy	Dec 2015	B2
9224117	Chapman	Dec 2015	B2
9237062	Ermis et al.	Jan 2016	B2
9240943	Lu et al.	Jan 2016	B2
9241044	Shribman et al.	Jan 2016	B2
9251265	Briere et al.	Feb 2016	B2
9256746	Toback et al.	Feb 2016	B2
9268945	Williams et al.	Feb 2016	B2
9270695	Roytman et al.	Feb 2016	B2
9270697	Ghosh et al.	Feb 2016	B2
9276951	Choi et al.	Mar 2016	B2
9292695	Bassett	Mar 2016	B1
9298923	Salowey et al.	Mar 2016	B2
9305165	Snow et al.	Apr 2016	B2
9305183	Mittal	Apr 2016	B2
9306969	Dagon et al.	Apr 2016	B2
9306975	Cohen et al.	Apr 2016	B2
9311140	Raghu et al.	Apr 2016	B2
9311499	Redlich et al.	Apr 2016	B2
9311670	Hoffberg	Apr 2016	B2
9317692	Elder et al.	Apr 2016	B2
9317708	Lee et al.	Apr 2016	B2
9318108	Gruber et al.	Apr 2016	B2
9319425	Giokas	Apr 2016	B2
9323921	Hunt et al.	Apr 2016	B2
9323954	Mittal	Apr 2016	B2
9325729	Jajodia et al.	Apr 2016	B2
9329894	Raghu	May 2016	B2
9348652	Raghu	May 2016	B2
9356962	Ilieva et al.	May 2016	B2
9369330	Alao et al.	Jun 2016	B1
9369482	Borohovski et al.	Jun 2016	B2
9372995	Shigemoto et al.	Jun 2016	B2
9378044	Gaurav et al.	Jun 2016	B1
9380008	Ramarao et al.	Jun 2016	B2
9386124	Briere et al.	Jul 2016	B2
9389893	Raghu	Jul 2016	B2
9389933	Baumann et al.	Jul 2016	B2
9390151	Briere et al.	Jul 2016	B2
9390590	Kessman et al.	Jul 2016	B2
9391801	Raghu	Jul 2016	B2
9392007	Giokas	Jul 2016	B2
9396479	Briere et al.	Jul 2016	B2
9407645	Modi et al.	Aug 2016	B2
9411524	O'Hare et al.	Aug 2016	B2
9411965	Giakouminakis et al.	Aug 2016	B2
9413538	Baumann et al.	Aug 2016	B2
9418263	Butler et al.	Aug 2016	B2
9425965	Baumann et al.	Aug 2016	B2
9430256	Raghu	Aug 2016	B2
9443074	Janse Van Rensburg et al.	Sep 2016	B1
9449443	Libin et al.	Sep 2016	B2
9455975	Brooker et al.	Sep 2016	B2
9456004	Agrawal et al.	Sep 2016	B2
9467464	Gula et al.	Oct 2016	B2
9467465	Hibbert et al.	Oct 2016	B2
9473529	Ormazabal et al.	Oct 2016	B2
9479535	Cohen et al.	Oct 2016	B2
9495183	Bond et al.	Nov 2016	B2
9495468	Coyote et al.	Nov 2016	B2
9495714	Bush et al.	Nov 2016	B2
9503467	Lefebvre et al.	Nov 2016	B2
9507962	Mittal	Nov 2016	B2
9507963	Mittal	Nov 2016	B2
9514305	Acar et al.	Dec 2016	B2
9516058	Antonakakis et al.	Dec 2016	B2
9519911	Briere et al.	Dec 2016	B2
9529514	Saint Clair	Dec 2016	B2
9537841	Schutz et al.	Jan 2017	B2
9537876	Kelekar	Jan 2017	B2
9537884	Raugas et al.	Jan 2017	B1
9542577	Butler et al.	Jan 2017	B2
9544326	Hershey et al.	Jan 2017	B2
9547779	Mittal	Jan 2017	B2
9548050	Gruber et al.	Jan 2017	B2
9560147	Shaheen et al.	Jan 2017	B2
9563749	Wyatt et al.	Feb 2017	B2
9569612	Wilkerson et al.	Feb 2017	B2
9569729	Oehrle et al.	Feb 2017	B1
9575903	Glew et al.	Feb 2017	B2
9588803	Howell et al.	Mar 2017	B2
9591968	Gross et al.	Mar 2017	B2
9602529	Jones et al.	Mar 2017	B2
9613117	Meritt et al.	Apr 2017	B1
9614864	Nair et al.	Apr 2017	B2
9619261	Gaurav et al.	Apr 2017	B2
9619270	Ramasubramanian et al.	Apr 2017	B2
9619655	Bach et al.	Apr 2017	B2
9619672	Mittal	Apr 2017	B2
9628342	Newton et al.	Apr 2017	B2
9628343	Newton et al.	Apr 2017	B2
9628344	Newton et al.	Apr 2017	B2
9628345	Newton et al.	Apr 2017	B2
9628346	Crowder et al.	Apr 2017	B2
9628347	Varney et al.	Apr 2017	B2
9628501	Datta Ray et al.	Apr 2017	B2
9629545	Gross et al.	Apr 2017	B2
9629546	Gross et al.	Apr 2017	B2
9629547	Gross et al.	Apr 2017	B2
9633213	Swoboda	Apr 2017	B2
9634904	Varney et al.	Apr 2017	B2
9634905	Newton et al.	Apr 2017	B2
9634906	Varney et al.	Apr 2017	B2
9634907	Varney et al.	Apr 2017	B2
9634918	Lipstone et al.	Apr 2017	B2
9635033	Nguyen-Tuong et al.	Apr 2017	B2
9636018	Gross et al.	May 2017	B2
9639703	Liu	May 2017	B2
9641401	Varney et al.	May 2017	B2
9641402	Newton et al.	May 2017	B2
9642527	Gross et al.	May 2017	B2
9642528	Gross et al.	May 2017	B2
9647899	Varney et al.	May 2017	B2
9647900	Crowder et al.	May 2017	B2
9647901	Newton et al.	May 2017	B2
9648036	Seiver et al.	May 2017	B2
9654353	Newton et al.	May 2017	B2
9654354	Newton et al.	May 2017	B2
9654355	Varney et al.	May 2017	B2
9654356	Varney et al.	May 2017	B2
9660874	Lipstone et al.	May 2017	B2
9660875	Crowder et al.	May 2017	B2
9660876	Lipstone et al.	May 2017	B2
9661046	Varney et al.	May 2017	B2
9665721	Artes et al.	May 2017	B2
9667506	Varney et al.	May 2017	B2
9672071	Gerganov	Jun 2017	B2
9672074	Gaurav et al.	Jun 2017	B2
9680699	Cohen et al.	Jun 2017	B2
9680861	Ward et al.	Jun 2017	B2
9686148	Varney et al.	Jun 2017	B2
9686291	Antonakakis et al.	Jun 2017	B2
9690583	Gschwind et al.	Jun 2017	B2
9692778	Mohanty	Jun 2017	B1
9692779	Maeng et al.	Jun 2017	B2
9703890	Kakaraddi et al.	Jul 2017	B2
9705754	Crowder et al.	Jul 2017	B2
9710682	Butler et al.	Jul 2017	B2
9713425	Gross et al.	Jul 2017	B2
9716721	Hovor et al.	Jul 2017	B2
9720403	Power et al.	Aug 2017	B2
9722803	Ellingson et al.	Aug 2017	B1
9722882	Varney et al.	Aug 2017	B2
9722883	Varney et al.	Aug 2017	B2
9722884	Newton et al.	Aug 2017	B2
9726460	Hershey et al.	Aug 2017	B2
9727736	McClintock et al.	Aug 2017	B1
9729568	Lefebvre et al.	Aug 2017	B2
9734169	Redlich et al.	Aug 2017	B2
9742435	Poghosyan et al.	Aug 2017	B1
9742866	Shribman et al.	Aug 2017	B2
9743834	Gross et al.	Aug 2017	B2
9749190	Newton et al.	Aug 2017	B2
9749191	Varney et al.	Aug 2017	B2
9749192	Varney et al.	Aug 2017	B2
9750409	Gross et al.	Sep 2017	B2
9750410	Gross et al.	Sep 2017	B2
9750411	Gross et al.	Sep 2017	B2
9750412	Gross et al.	Sep 2017	B2
9754446	Kessman et al.	Sep 2017	B2
9755914	Newton et al.	Sep 2017	B2
9756118	Taheri et al.	Sep 2017	B2
9756549	Perdomo	Sep 2017	B2
9757032	Gross et al.	Sep 2017	B2
9762617	Modi et al.	Sep 2017	B2
9762659	Koska et al.	Sep 2017	B2
9772971	Smith	Sep 2017	B2
9775517	Gross et al.	Oct 2017	B2
9775518	Gross et al.	Oct 2017	B2
9779191	Hershey et al.	Oct 2017	B1
9779253	Mahaffey et al.	Oct 2017	B2
9781148	Mahaffey et al.	Oct 2017	B2
9781212	Briere et al.	Oct 2017	B2
9782073	Gross et al.	Oct 2017	B2
9782074	Gross et al.	Oct 2017	B2
9784260	Lee et al.	Oct 2017	B2
9785440	DeHon	Oct 2017	B2
9785799	Sreedhar	Oct 2017	B2
9787551	Newton et al.	Oct 2017	B2
9788049	Lockett et al.	Oct 2017	B2
9788723	Gross et al.	Oct 2017	B2
9792438	Heldt-Sheller et al.	Oct 2017	B2
9795297	Gross et al.	Oct 2017	B2
9801543	Gross et al.	Oct 2017	B2
9817978	Marsh et al.	Nov 2017	B2
9819554	Varney et al.	Nov 2017	B2
9825981	Roytman et al.	Nov 2017	B2
9825982	Htay	Nov 2017	B1
9826045	Straub et al.	Nov 2017	B2
9836546	Briere et al.	Dec 2017	B2
9838479	Briere et al.	Dec 2017	B2
9842065	Banginwar et al.	Dec 2017	B2
9846780	Tonn et al.	Dec 2017	B2
9847917	Varney et al.	Dec 2017	B2
9851953	Straub et al.	Dec 2017	B2
9851968	Straub	Dec 2017	B2
9854973	Crawley et al.	Jan 2018	B2
9858174	Straub et al.	Jan 2018	B2
9858452	Butler et al.	Jan 2018	B2
9860265	Gula et al.	Jan 2018	B2
9866426	Shelton et al.	Jan 2018	B2
9871815	Ouchn	Jan 2018	B2
9872620	Gross et al.	Jan 2018	B2
9881271	Chapman	Jan 2018	B2
9882798	Padala et al.	Jan 2018	B2
9886303	Koller Jemio et al.	Feb 2018	B2
9886581	Olson et al.	Feb 2018	B2
9886582	Hovor et al.	Feb 2018	B2
9887885	Varney et al.	Feb 2018	B2
9887886	Rahaman	Feb 2018	B2
9888091	Saint Clair	Feb 2018	B2
9888849	Gross et al.	Feb 2018	B2
9888850	Gross et al.	Feb 2018	B2
9888851	Gross et al.	Feb 2018	B2
9888852	Gross et al.	Feb 2018	B2
9894088	Ward et al.	Feb 2018	B2
9895061	Gross et al.	Feb 2018	B2
9895062	Gross et al.	Feb 2018	B2
9898739	Monastyrsky et al.	Feb 2018	B2
9900339	Bach et al.	Feb 2018	B2
9912683	Cam	Mar 2018	B2
9916092	Saha et al.	Mar 2018	B2
9916601	Mahadevan et al.	Mar 2018	B2
9922345	Mikurak	Mar 2018	B2
9923916	McClintock et al.	Mar 2018	B1
9923917	Fausto et al.	Mar 2018	B2
9928369	Grieco et al.	Mar 2018	B2
9928379	Hoffer	Mar 2018	B1
9930065	Nelms et al.	Mar 2018	B2
9931035	Gross et al.	Apr 2018	B2
9934380	Dalcher et al.	Apr 2018	B2
9935975	Wilkerson et al.	Apr 2018	B2
9946565	Strandzhev et al.	Apr 2018	B2
9953193	Butler et al.	Apr 2018	B2
9959100	Straub	May 2018	B2
9965619	Brandt et al.	May 2018	B2
9965627	Ray et al.	May 2018	B2
9967264	Harris et al.	May 2018	B2
9967282	Thomas et al.	May 2018	B2
9967283	Ray et al.	May 2018	B2
9971574	Mathew et al.	May 2018	B2
9971909	Mittal	May 2018	B2
9974438	Gross et al.	May 2018	B2
9984248	Ray et al.	May 2018	B2
9989043	Lee et al.	Jun 2018	B2
9992228	Ray et al.	Jun 2018	B2
9996697	Mahaffey et al.	Jun 2018	B2
9997036	Scalisi	Jun 2018	B2
RE47053	Drosset et al.	Sep 2018	E
20020010798	Ben-Shaul et al.	Jan 2002	A1
20020038296	Margolus et al.	Mar 2002	A1
20020048369	Ginter et al.	Apr 2002	A1
20020064149	Elliott et al.	May 2002	A1
20020095454	Reed et al.	Jul 2002	A1
20020108121	Alao et al.	Aug 2002	A1
20020111948	Nixon et al.	Aug 2002	A1
20020112171	Ginter et al.	Aug 2002	A1
20020138582	Chandra et al.	Sep 2002	A1
20020138848	Alao et al.	Sep 2002	A1
20020143855	Traversat et al.	Oct 2002	A1
20020143944	Traversat et al.	Oct 2002	A1
20020144153	Richard et al.	Oct 2002	A1
20020147645	Alao et al.	Oct 2002	A1
20020147771	Traversat et al.	Oct 2002	A1
20020147810	Traversat et al.	Oct 2002	A1
20020152156	Tyson-Quah	Oct 2002	A1
20020152299	Traversat et al.	Oct 2002	A1
20020156893	Pouyoul et al.	Oct 2002	A1
20020161908	Benitez et al.	Oct 2002	A1
20020168621	Cook et al.	Nov 2002	A1
20020184310	Traversat et al.	Dec 2002	A1
20020184357	Traversat et al.	Dec 2002	A1
20020184358	Traversat et al.	Dec 2002	A1
20020188657	Traversat et al.	Dec 2002	A1
20020194389	Worley, Jr.	Dec 2002	A1
20030002521	Traversat et al.	Jan 2003	A1
20030041141	Abdelaziz et al.	Feb 2003	A1
20030051026	Carter et al.	Mar 2003	A1
20030058277	Bowman-Amuah	Mar 2003	A1
20030088784	Ginter et al.	May 2003	A1
20030097331	Cohen	May 2003	A1
20030105721	Ginter et al.	Jun 2003	A1
20030140205	Dahan et al.	Jul 2003	A1
20030140244	Dahan et al.	Jul 2003	A1
20030140245	Dahan et al.	Jul 2003	A1
20030163431	Ginter et al.	Aug 2003	A1
20030163718	Johnson et al.	Aug 2003	A1
20030167406	Beavers	Sep 2003	A1
20030177187	Levine et al.	Sep 2003	A1
20030182572	Cowan et al.	Sep 2003	A1
20030191719	Ginter et al.	Oct 2003	A1
20040003278	Chen et al.	Jan 2004	A1
20040021679	Chapman et al.	Feb 2004	A1
20040030743	Hugly et al.	Feb 2004	A1
20040030794	Hugly et al.	Feb 2004	A1
20040031038	Hugly et al.	Feb 2004	A1
20040044727	Abdelaziz et al.	Mar 2004	A1
20040054630	Ginter et al.	Mar 2004	A1
20040064351	Mikurak	Apr 2004	A1
20040064512	Arora et al.	Apr 2004	A1
20040064568	Arora et al.	Apr 2004	A1
20040064693	Pabla et al.	Apr 2004	A1
20040088347	Yeager et al.	May 2004	A1
20040088348	Yeager et al.	May 2004	A1
20040088369	Yeager et al.	May 2004	A1
20040088646	Yeager et al.	May 2004	A1
20040098306	Fitzpatrick et al.	May 2004	A1
20040098447	Verbeke et al.	May 2004	A1
20040103305	Ginter et al.	May 2004	A1
20040133640	Yeager et al.	Jul 2004	A1
20040133793	Ginter et al.	Jul 2004	A1
20040139098	Margolus et al.	Jul 2004	A1
20040139303	Margolus et al.	Jul 2004	A1
20040143578	Margolus et al.	Jul 2004	A1
20040143730	Wen et al.	Jul 2004	A1
20040143743	Margolus et al.	Jul 2004	A1
20040143744	Margolus et al.	Jul 2004	A1
20040143745	Margolus et al.	Jul 2004	A1
20040148326	Nadgir et al.	Jul 2004	A1
20040162808	Margolus et al.	Aug 2004	A1
20040162871	Pabla et al.	Aug 2004	A1
20040172557	Nakae et al.	Sep 2004	A1
20040177243	Worley	Sep 2004	A1
20040193329	Ransom et al.	Sep 2004	A1
20040218762	Le Saint et al.	Nov 2004	A1
20040230791	Boebert et al.	Nov 2004	A1
20040236660	Thomas et al.	Nov 2004	A1
20040250112	Valente et al.	Dec 2004	A1
20040255140	Margolus et al.	Dec 2004	A1
20050004978	Reed et al.	Jan 2005	A1
20050005169	Kelekar	Jan 2005	A1
20050010821	Cooper et al.	Jan 2005	A1
20050038565	Power et al.	Feb 2005	A1
20050086300	Yeager et al.	Apr 2005	A1
20050108057	Cohen et al.	May 2005	A1
20050108091	Sotak et al.	May 2005	A1
20050108153	Thomas et al.	May 2005	A1
20050131903	Margolus et al.	Jun 2005	A1
20050131904	Margolus et al.	Jun 2005	A1
20050131905	Margolus et al.	Jun 2005	A1
20050131961	Margolus et al.	Jun 2005	A1
20050132070	Redlich et al.	Jun 2005	A1
20050138109	Redlich et al.	Jun 2005	A1
20050138110	Redlich et al.	Jun 2005	A1
20050138413	Lippmann et al.	Jun 2005	A1
20050144437	Ransom et al.	Jun 2005	A1
20050177716	Ginter et al.	Aug 2005	A1
20050183072	Horning et al.	Aug 2005	A1
20050187963	Markin	Aug 2005	A1
20050193269	Haswell et al.	Sep 2005	A1
20050204348	Horning et al.	Sep 2005	A1
20050210275	Homing et al.	Sep 2005	A1
20050229255	Gula et al.	Oct 2005	A1
20050262006	Beartusk et al.	Nov 2005	A1
20050262007	Beartusk et al.	Nov 2005	A1
20050262075	Beartusk et al.	Nov 2005	A1
20050262092	Beartusk et al.	Nov 2005	A1
20050262093	Beartusk et al.	Nov 2005	A1
20050262094	Beartusk et al.	Nov 2005	A1
20050262095	Beartusk et al.	Nov 2005	A1
20050262185	Beartusk et al.	Nov 2005	A1
20050273382	Beartusk et al.	Dec 2005	A1
20050273714	Beartusk et al.	Dec 2005	A1
20050278294	Beartusk et al.	Dec 2005	A1
20060004690	Beartusk et al.	Jan 2006	A1
20060010125	Beartusk et al.	Jan 2006	A1
20060010205	Beartusk et al.	Jan 2006	A1
20060015749	Mittal	Jan 2006	A1
20060031234	Beartusk et al.	Feb 2006	A1
20060031497	Beartusk et al.	Feb 2006	A1
20060036755	Abdullah et al.	Feb 2006	A1
20060059253	Goodman et al.	Mar 2006	A1
20060069912	Zheng et al.	Mar 2006	A1
20060069926	Ginter et al.	Mar 2006	A1
20060106941	Singhal et al.	May 2006	A1
20060114832	Hamilton et al.	Jun 2006	A1
20060123010	Landry et al.	Jun 2006	A1
20060123226	Kumar et al.	Jun 2006	A1
20060123425	Ramarao et al.	Jun 2006	A1
20060123467	Kumar et al.	Jun 2006	A1
20060123477	Raghavan et al.	Jun 2006	A1
20060123479	Kumar et al.	Jun 2006	A1
20060129650	Ho et al.	Jun 2006	A1
20060129689	Ho et al.	Jun 2006	A1
20060146879	Anthias et al.	Jul 2006	A1
20060155398	Hoffberg et al.	Jul 2006	A1
20060155862	Kathi et al.	Jul 2006	A1
20060167975	Chan et al.	Jul 2006	A1
20060168334	Potti et al.	Jul 2006	A1
20060174326	Ginter et al.	Aug 2006	A1
20060178918	Mikurak	Aug 2006	A1
20060200253	Hoffberg et al.	Sep 2006	A1
20060200259	Hoffberg et al.	Sep 2006	A1
20060208066	Finn et al.	Sep 2006	A1
20060212722	Ginter et al.	Sep 2006	A1
20060224903	Ginter et al.	Oct 2006	A1
20060225135	Cheng et al.	Oct 2006	A1
20060259726	Nardini et al.	Nov 2006	A1
20060259828	Swoboda	Nov 2006	A1
20060265324	Leclerc et al.	Nov 2006	A1
20060265751	Cosquer et al.	Nov 2006	A1
20070005786	Kumar et al.	Jan 2007	A1
20070005801	Kumar et al.	Jan 2007	A1
20070006294	Hunter	Jan 2007	A1
20070011281	Jhoney et al.	Jan 2007	A1
20070028001	Phillips et al.	Feb 2007	A1
20070061594	Ginter et al.	Mar 2007	A1
20070061874	Coppola et al.	Mar 2007	A1
20070061885	Hammes et al.	Mar 2007	A1
20070064943	Ginter et al.	Mar 2007	A1
20070067846	McFarlane et al.	Mar 2007	A1
20070067847	Wiemer et al.	Mar 2007	A1
20070067848	Gustave et al.	Mar 2007	A1
20070097885	Traversat et al.	May 2007	A1
20070100834	Landry et al.	May 2007	A1
20070132733	Ram	Jun 2007	A1
20070156919	Potti et al.	Jul 2007	A1
20070162890	Meier et al.	Jul 2007	A1
20070169199	Quinnell et al.	Jul 2007	A1
20070177615	Miliefsky	Aug 2007	A1
20070192866	Sagoo et al.	Aug 2007	A1
20070192867	Miliefsky	Aug 2007	A1
20070199074	Vine et al.	Aug 2007	A1
20070226789	Boebert et al.	Sep 2007	A1
20070226807	Ginter et al.	Sep 2007	A1
20070234069	Ginter et al.	Oct 2007	A1
20070234070	Horning et al.	Oct 2007	A1
20070245403	Ginter et al.	Oct 2007	A1
20070250808	Zeanah et al.	Oct 2007	A1
20070250937	Ginter et al.	Oct 2007	A1
20070260838	Schwemmlein	Nov 2007	A1
20070261125	Ginter et al.	Nov 2007	A1
20070265064	Kessman et al.	Nov 2007	A1
20070266429	Ginter et al.	Nov 2007	A1
20070277031	Ginter et al.	Nov 2007	A1
20070282951	Selimis et al.	Dec 2007	A1
20070288610	Saint Clair et al.	Dec 2007	A1
20080005062	Gupta et al.	Jan 2008	A1
20080005135	Muthukrishnan et al.	Jan 2008	A1
20080005784	Miliefsky	Jan 2008	A1
20080005794	Inoue et al.	Jan 2008	A1
20080022137	Ginter et al.	Jan 2008	A1
20080025230	Patel et al.	Jan 2008	A1
20080034227	Ginter et al.	Feb 2008	A1
20080034230	Ginter et al.	Feb 2008	A1
20080034231	Ginter et al.	Feb 2008	A1
20080034406	Ginter et al.	Feb 2008	A1
20080052541	Ginter et al.	Feb 2008	A1
20080060077	Cowan et al.	Mar 2008	A1
20080064501	Patel	Mar 2008	A1
20080068381	Cohen et al.	Mar 2008	A1
20080071793	Cohen et al.	Mar 2008	A1
20080071826	Cohen et al.	Mar 2008	A1
20080071871	Cohen et al.	Mar 2008	A1
20080071888	Cohen et al.	Mar 2008	A1
20080071889	Cohen et al.	Mar 2008	A1
20080071891	Cohen et al.	Mar 2008	A1
20080071896	Cohen et al.	Mar 2008	A1
20080071898	Cohen et al.	Mar 2008	A1
20080072032	Cohen et al.	Mar 2008	A1
20080072241	Cohen et al.	Mar 2008	A1
20080072277	Cohen et al.	Mar 2008	A1
20080072278	Cohen et al.	Mar 2008	A1
20080075099	Alao et al.	Mar 2008	A1
20080082568	Miller et al.	Apr 2008	A1
20080089521	Le Saint et al.	Apr 2008	A1
20080092237	Yoon et al.	Apr 2008	A1
20080095339	Elliott et al.	Apr 2008	A1
20080109289	Vivadelli et al.	May 2008	A1
20080126349	Venkatraman et al.	May 2008	A1
20080126798	Ginter et al.	May 2008	A1
20080126803	Ginter et al.	May 2008	A1
20080127293	Cohen et al.	May 2008	A1
20080127304	Ginter et al.	May 2008	A1
20080127349	Ormazabal et al.	May 2008	A1
20080146344	Rowe et al.	Jun 2008	A1
20080148056	Ginter et al.	Jun 2008	A1
20080168135	Redlich et al.	Jul 2008	A1
20080172739	Nakae et al.	Jul 2008	A1
20080189250	Cha et al.	Aug 2008	A1
20080209505	Ghai et al.	Aug 2008	A1
20080222724	Ormazabal et al.	Sep 2008	A1
20080222734	Redlich et al.	Sep 2008	A1
20080229037	Bunte et al.	Sep 2008	A1
20080256638	Russ et al.	Oct 2008	A1
20080270104	Stratton et al.	Oct 2008	A1
20080271018	Gross et al.	Oct 2008	A1
20080271019	Stratton et al.	Oct 2008	A1
20080271025	Gross et al.	Oct 2008	A1
20080281666	Kessman et al.	Nov 2008	A1
20080282339	Nakae et al.	Nov 2008	A1
20080313739	Martin	Dec 2008	A1
20080314570	Singh et al.	Dec 2008	A1
20090007269	Bianco	Jan 2009	A1
20090028135	Mantripragada et al.	Jan 2009	A1
20090043652	Ginter et al.	Feb 2009	A1
20090048978	Ginter et al.	Feb 2009	A1
20090077666	Chen et al.	Mar 2009	A1
20090083372	Teppler	Mar 2009	A1
20090083374	Saint Clair	Mar 2009	A1
20090099885	Sung et al.	Apr 2009	A1
20090100077	Jung et al.	Apr 2009	A1
20090103524	Mantripragada et al.	Apr 2009	A1
20090106318	Mantripragada et al.	Apr 2009	A1
20090109959	Elliott et al.	Apr 2009	A1
20090113550	Costa et al.	Apr 2009	A1
20090119541	Inoue et al.	May 2009	A1
20090124374	Patel	May 2009	A1
20090124375	Patel	May 2009	A1
20090125387	Mak et al.	May 2009	A1
20090132805	Ginter et al.	May 2009	A1
20090132815	Ginter et al.	May 2009	A1
20090138393	Lemons et al.	May 2009	A1
20090178102	Alghathbar et al.	Jul 2009	A1
20090178144	Redlich et al.	Jul 2009	A1
20090182919	Chang et al.	Jul 2009	A1
20090199259	Alao et al.	Aug 2009	A1
20090204591	Kaksonen	Aug 2009	A1
20090216910	Duchesneau	Aug 2009	A1
20090254572	Redlich et al.	Oct 2009	A1
20090254971	Herz et al.	Oct 2009	A1
20090254993	Leone	Oct 2009	A1
20090280906	Larsen et al.	Nov 2009	A1
20090280907	Larsen et al.	Nov 2009	A1
20090281864	Abercrombie et al.	Nov 2009	A1
20090290712	Henry et al.	Nov 2009	A1
20090292847	Henry et al.	Nov 2009	A1
20090292853	Henry et al.	Nov 2009	A1
20090292893	Henry et al.	Nov 2009	A1
20090292894	Henry et al.	Nov 2009	A1
20090292901	Henry et al.	Nov 2009	A1
20090292902	Henry et al.	Nov 2009	A1
20090292903	Henry et al.	Nov 2009	A1
20090292904	Henry et al.	Nov 2009	A1
20090292929	Henry et al.	Nov 2009	A1
20090292931	Henry et al.	Nov 2009	A1
20090293100	Kang et al.	Nov 2009	A1
20090293129	Henry et al.	Nov 2009	A1
20090293130	Henry et al.	Nov 2009	A1
20090293132	Henry et al.	Nov 2009	A1
20100010968	Redlich et al.	Jan 2010	A1
20100011000	Chakra et al.	Jan 2010	A1
20100037324	Grant et al.	Feb 2010	A1
20100042824	Lee et al.	Feb 2010	A1
20100050266	Cheng et al.	Feb 2010	A1
20100063892	Keronen et al.	Mar 2010	A1
20100091676	Moran et al.	Apr 2010	A1
20100094945	Chan et al.	Apr 2010	A1
20100095235	Bennett et al.	Apr 2010	A1
20100095381	Levi	Apr 2010	A1
20100131357	Steelberg et al.	May 2010	A1
20100136943	Hirvela et al.	Jun 2010	A1
20100154066	Hammes et al.	Jun 2010	A1
20100185855	Margolus et al.	Jul 2010	A1
20100192228	Levi	Jul 2010	A1
20100228996	Ginter et al.	Sep 2010	A1
20100235285	Hoffberg	Sep 2010	A1
20100250497	Redlich et al.	Sep 2010	A1
20100250935	Ginter et al.	Sep 2010	A1
20100257614	Ginter et al.	Oct 2010	A1
20100262952	Colton et al.	Oct 2010	A1
20100265179	Ram	Oct 2010	A1
20100275040	Ginter et al.	Oct 2010	A1
20100275263	Bennett et al.	Oct 2010	A1
20100280948	Cohen	Nov 2010	A1
20100281273	Lee et al.	Nov 2010	A1
20100289627	McAllister et al.	Nov 2010	A1
20100306552	Vine et al.	Dec 2010	A1
20100306851	Zhou	Dec 2010	A1
20100313013	Ginter et al.	Dec 2010	A1
20100332672	Abdullah et al.	Dec 2010	A1
20110022520	Ginter et al.	Jan 2011	A1
20110022846	Ginter et al.	Jan 2011	A1
20110029644	Gelvin et al.	Feb 2011	A1
20110030057	Chen et al.	Feb 2011	A1
20110035733	Horning et al.	Feb 2011	A1
20110047369	Cohen et al.	Feb 2011	A1
20110047376	Mittal	Feb 2011	A1
20110060809	Cohen et al.	Mar 2011	A1
20110093700	Mittal	Apr 2011	A1
20110093954	Lee et al.	Apr 2011	A1
20110105223	Kessman et al.	May 2011	A1
20110125548	Aharon et al.	May 2011	A1
20110131402	Mittal	Jun 2011	A1
20110131548	Colton et al.	Jun 2011	A1
20110138469	Ye et al.	Jun 2011	A1
20110138471	Van De Weyer et al.	Jun 2011	A1
20110141877	Xu et al.	Jun 2011	A1
20110145602	Ginter et al.	Jun 2011	A1
20110167110	Hoffberg et al.	Jul 2011	A1
20110173693	Wysopal et al.	Jul 2011	A1
20110173695	Ginter et al.	Jul 2011	A1
20110191854	Giakouminakis et al.	Aug 2011	A1
20110197285	Ginter et al.	Aug 2011	A1
20110208867	Anthias et al.	Aug 2011	A1
20110209193	Kennedy	Aug 2011	A1
20110209194	Kennedy	Aug 2011	A1
20110209195	Kennedy	Aug 2011	A1
20110209196	Kennedy	Aug 2011	A1
20110213485	Power et al.	Sep 2011	A1
20110216701	Patel et al.	Sep 2011	A1
20110219066	Saint Clair et al.	Sep 2011	A1
20110231936	Williams et al.	Sep 2011	A1
20110251868	Mikurak	Oct 2011	A1
20110258258	Briere et al.	Oct 2011	A1
20110296164	Boebert et al.	Dec 2011	A1
20110296440	Laurich et al.	Dec 2011	A1
20120066412	Chang et al.	Mar 2012	A1
20120072968	Wysopal et al.	Mar 2012	A1
20120078794	Grandcolas et al.	Mar 2012	A1
20120079149	Gelvin et al.	Mar 2012	A1
20120089410	Mikurak	Apr 2012	A1
20120166642	Saint Clair et al.	Jun 2012	A1
20120173628	Briere et al.	Jul 2012	A1
20120179656	Bunte et al.	Jul 2012	A1
20120185945	Andres et al.	Jul 2012	A1
20120191860	Traversat et al.	Jul 2012	A1
20120203590	Deb et al.	Aug 2012	A1
20120204261	Mantripragada et al.	Aug 2012	A1
20120222123	Williams et al.	Aug 2012	A1
20120232679	Abercrombie et al.	Sep 2012	A1
20120233237	Roa et al.	Sep 2012	A1
20120239753	Beartusk et al.	Sep 2012	A1
20120240236	Wyatt et al.	Sep 2012	A1
20120246103	Mantripragada et al.	Sep 2012	A1
20120254842	Henderson	Oct 2012	A1
20120259722	Mikurak	Oct 2012	A1
20120260306	Njemanze et al.	Oct 2012	A1
20120272205	Fox et al.	Oct 2012	A1
20120284221	Shelton et al.	Nov 2012	A1
20120304299	Kelekar	Nov 2012	A1
20120304300	LaBumbard	Nov 2012	A1
20120311534	Fox et al.	Dec 2012	A1
20120311715	Tal et al.	Dec 2012	A1
20120323717	Kirsch	Dec 2012	A1
20120323786	Kirsch	Dec 2012	A1
20120324242	Kirsch	Dec 2012	A1
20130031364	Glew et al.	Jan 2013	A1
20130035058	Hirvela et al.	Feb 2013	A1
20130036314	Glew et al.	Feb 2013	A1
20130036448	Aciicmez et al.	Feb 2013	A1
20130055394	Beresnevichiene et al.	Feb 2013	A1
20130074038	Fox et al.	Mar 2013	A1
20130074188	Giakouminakis et al.	Mar 2013	A1
20130086688	Patel et al.	Apr 2013	A1
20130091578	Bisht et al.	Apr 2013	A1
20130097664	Herz et al.	Apr 2013	A1
20130125204	La Fever et al.	May 2013	A1
20130167240	Kelekar	Jun 2013	A1
20130179405	Bunte et al.	Jul 2013	A1
20130179685	Weinstein et al.	Jul 2013	A1
20130182561	Xu et al.	Jul 2013	A1
20130188646	Lu et al.	Jul 2013	A1
20130191808	Fox et al.	Jul 2013	A1
20130191919	Basavapatna et al.	Jul 2013	A1
20130198846	Chapman	Aug 2013	A1
20130212118	King et al.	Aug 2013	A1
20130215116	Siddique et al.	Aug 2013	A1
20130227698	Taniguchi et al.	Aug 2013	A1
20130232343	Horning et al.	Sep 2013	A1
20130247206	Hugard et al.	Sep 2013	A1
20130268253	Neergaard	Oct 2013	A1
20130297375	Chapman	Nov 2013	A1
20130298192	Kumar et al.	Nov 2013	A1
20130298230	Kumar et al.	Nov 2013	A1
20130298242	Kumar et al.	Nov 2013	A1
20130298243	Kumar et al.	Nov 2013	A1
20130298244	Kumar et al.	Nov 2013	A1
20130298251	Mittal	Nov 2013	A1
20130304742	Roman et al.	Nov 2013	A1
20130304761	Redlich et al.	Nov 2013	A1
20130304820	Vasquez et al.	Nov 2013	A1
20130305158	Vasquez et al.	Nov 2013	A1
20130306276	Duchesneau	Nov 2013	A1
20130326469	Fox et al.	Dec 2013	A1
20140006482	Raghu et al.	Jan 2014	A1
20140006580	Raghu	Jan 2014	A1
20140006581	Raghu	Jan 2014	A1
20140007241	Gula et al.	Jan 2014	A1
20140019204	Briere et al.	Jan 2014	A1
20140025573	Keronen et al.	Jan 2014	A1
20140032505	Grafi et al.	Jan 2014	A1
20140032690	Ramarao et al.	Jan 2014	A1
20140047545	Sidagni	Feb 2014	A1
20140059683	Ashley	Feb 2014	A1
20140068267	Le Saint et al.	Mar 2014	A1
20140075414	Fox et al.	Mar 2014	A1
20140082733	Benefield	Mar 2014	A1
20140108726	Laurich et al.	Apr 2014	A1
20140109167	Alao et al.	Apr 2014	A1
20140129457	Peeler	May 2014	A1
20140137257	Martinez et al.	May 2014	A1
20140143754	Henderson	May 2014	A1
20140143889	Ginter et al.	May 2014	A1
20140157145	Bush et al.	Jun 2014	A1
20140165204	Williams et al.	Jun 2014	A1
20140172495	Schneck et al.	Jun 2014	A1
20140172944	Newton et al.	Jun 2014	A1
20140172951	Varney et al.	Jun 2014	A1
20140172952	Varney et al.	Jun 2014	A1
20140172956	Varney et al.	Jun 2014	A1
20140172970	Newton et al.	Jun 2014	A1
20140173023	Varney et al.	Jun 2014	A1
20140173029	Varney et al.	Jun 2014	A1
20140173030	Varney et al.	Jun 2014	A1
20140173038	Newton et al.	Jun 2014	A1
20140173039	Newton et al.	Jun 2014	A1
20140173040	Newton et al.	Jun 2014	A1
20140173041	Newton et al.	Jun 2014	A1
20140173042	Newton et al.	Jun 2014	A1
20140173043	Varney et al.	Jun 2014	A1
20140173044	Varney et al.	Jun 2014	A1
20140173045	Crowder et al.	Jun 2014	A1
20140173046	Crowder et al.	Jun 2014	A1
20140173047	Crowder et al.	Jun 2014	A1
20140173048	Crowder et al.	Jun 2014	A1
20140173052	Newton et al.	Jun 2014	A1
20140173053	Varney et al.	Jun 2014	A1
20140173054	Varney et al.	Jun 2014	A1
20140173061	Lipstone et al.	Jun 2014	A1
20140173062	Lipstone et al.	Jun 2014	A1
20140173064	Newton et al.	Jun 2014	A1
20140173066	Newton et al.	Jun 2014	A1
20140173067	Newton et al.	Jun 2014	A1
20140173077	Newton et al.	Jun 2014	A1
20140173079	Newton et al.	Jun 2014	A1
20140173087	Varney et al.	Jun 2014	A1
20140173088	Varney et al.	Jun 2014	A1
20140173091	Lipstone et al.	Jun 2014	A1
20140173097	Newton et al.	Jun 2014	A1
20140173115	Varney et al.	Jun 2014	A1
20140173131	Newton et al.	Jun 2014	A1
20140173132	Varney et al.	Jun 2014	A1
20140173135	Varney et al.	Jun 2014	A1
20140173731	Mantripragada et al.	Jun 2014	A1
20140173737	Toback et al.	Jun 2014	A1
20140181975	Spernow et al.	Jun 2014	A1
20140181976	Snow et al.	Jun 2014	A1
20140189787	Cohen et al.	Jul 2014	A1
20140189873	Elder et al.	Jul 2014	A1
20140196130	Brooker et al.	Jul 2014	A1
20140196154	Swoboda	Jul 2014	A1
20140201838	Varsanyi et al.	Jul 2014	A1
20140201843	Hibbert et al.	Jul 2014	A1
20140215614	Beskrovny et al.	Jul 2014	A1
20140215629	Raz et al.	Jul 2014	A1
20140218389	Bennett et al.	Aug 2014	A1
20140221069	Kessman et al.	Aug 2014	A1
20140222610	Mikurak	Aug 2014	A1
20140222946	Lipstone et al.	Aug 2014	A1
20140222977	Varney et al.	Aug 2014	A1
20140222984	Varney et al.	Aug 2014	A1
20140223002	Varney et al.	Aug 2014	A1
20140223003	Varney et al.	Aug 2014	A1
20140223015	Varney et al.	Aug 2014	A1
20140223016	Varney et al.	Aug 2014	A1
20140223017	Lipstone et al.	Aug 2014	A1
20140223018	Varney et al.	Aug 2014	A1
20140237545	Mylavarapu et al.	Aug 2014	A1
20140245376	Hibbert et al.	Aug 2014	A1
20140278594	Vivadelli et al.	Sep 2014	A1
20140283083	Gula et al.	Sep 2014	A1
20140317315	Duchesneau	Oct 2014	A1
20140317507	Saint Clair	Oct 2014	A1
20140317677	Vaidya et al.	Oct 2014	A1
20140337321	Coyote et al.	Nov 2014	A1
20140337461	Lipstone et al.	Nov 2014	A1
20140337472	Newton et al.	Nov 2014	A1
20140337971	Casassa Mont et al.	Nov 2014	A1
20140337974	Joshi et al.	Nov 2014	A1
20140344391	Varney et al.	Nov 2014	A1
20140344399	Lipstone et al.	Nov 2014	A1
20140344400	Varney et al.	Nov 2014	A1
20140344401	Varney et al.	Nov 2014	A1
20140344413	Lipstone et al.	Nov 2014	A1
20140344425	Varney et al.	Nov 2014	A1
20140344452	Lipstone et al.	Nov 2014	A1
20140344453	Varney et al.	Nov 2014	A1
20140359776	Liu	Dec 2014	A1
20140366145	Benefield	Dec 2014	A1
20140373160	Shigemoto et al.	Dec 2014	A1
20150006408	Mak et al.	Jan 2015	A1
20150006582	Briere et al.	Jan 2015	A1
20150033340	Giokas	Jan 2015	A1
20150040220	Mantripragada et al.	Feb 2015	A1
20150040228	Lee et al.	Feb 2015	A1
20150052517	Raghu et al.	Feb 2015	A1
20150052521	Raghu	Feb 2015	A1
20150052523	Raghu	Feb 2015	A1
20150052524	Raghu	Feb 2015	A1
20150052525	Raghu	Feb 2015	A1
20150058214	Cohen	Feb 2015	A1
20150058993	Choi et al.	Feb 2015	A1
20150058997	Lee et al.	Feb 2015	A1
20150067323	Salowey et al.	Mar 2015	A1
20150067762	Belenky et al.	Mar 2015	A1
20150067819	Shribman et al.	Mar 2015	A1
20150074670	Gerganov	Mar 2015	A1
20150074743	Ilieva et al.	Mar 2015	A1
20150080081	Kessman et al.	Mar 2015	A1
20150088733	Monastyrsky et al.	Mar 2015	A1
20150088754	Kirsch	Mar 2015	A1
20150106873	Marsh et al.	Apr 2015	A1
20150113288	Mittal	Apr 2015	A1
20150113289	Mittal	Apr 2015	A1
20150121087	Mittal	Apr 2015	A1
20150121090	Mittal	Apr 2015	A1
20150128274	Giokas	May 2015	A1
20150149491	Redlich et al.	May 2015	A1
20150154423	Mittal	Jun 2015	A1
20150154424	Mittal	Jun 2015	A1
20150156206	Redlich et al.	Jun 2015	A1
20150163097	Lipstone et al.	Jun 2015	A1
20150172307	Borohovski et al.	Jun 2015	A1
20150180724	Varney et al.	Jun 2015	A1
20150180725	Varney et al.	Jun 2015	A1
20150180971	Varney et al.	Jun 2015	A1
20150199405	Redlich et al.	Jul 2015	A1
20150199410	Redlich et al.	Jul 2015	A1
20150200967	Redlich et al.	Jul 2015	A1
20150207695	Varney et al.	Jul 2015	A1
20150213358	Shelton et al.	Jul 2015	A1
20150220734	Nalluri et al.	Aug 2015	A1
20150222655	Gula et al.	Aug 2015	A1
20150235164	Key	Aug 2015	A1
20150237062	Roytman et al.	Aug 2015	A1
20150237065	Roytman et al.	Aug 2015	A1
20150241139	McGinnis	Aug 2015	A1
20150242637	Tonn et al.	Aug 2015	A1
20150244734	Olson et al.	Aug 2015	A1
20150244735	Kumar et al.	Aug 2015	A1
20150256629	Shaheen et al.	Sep 2015	A1
20150264626	Perdomo	Sep 2015	A1
20150264627	Perdomo	Sep 2015	A1
20150269617	Mikurak	Sep 2015	A1
20150278363	Briere et al.	Oct 2015	A1
20150278491	Horning et al.	Oct 2015	A1
20150287284	Kessman et al.	Oct 2015	A1
20150288712	Jones et al.	Oct 2015	A1
20150295948	Hassell et al.	Oct 2015	A1
20150301515	Houmb	Oct 2015	A1
20150302182	Wyatt et al.	Oct 2015	A1
20150304337	Nguyen-Tuong et al.	Oct 2015	A1
20150310217	Artes et al.	Oct 2015	A1
20150312116	Taheri et al.	Oct 2015	A1
20150347542	Sullivan et al.	Dec 2015	A1
20150358359	Ghai et al.	Dec 2015	A1
20150370799	Kushmerick et al.	Dec 2015	A1
20150370885	Kushmerick et al.	Dec 2015	A1
20150372855	Kushmerick et al.	Dec 2015	A1
20150378354	Power et al.	Dec 2015	A1
20150378762	Saladi et al.	Dec 2015	A1
20150379272	Liu	Dec 2015	A1
20150381402	Alao et al.	Dec 2015	A1
20160006735	La Fever et al.	Jan 2016	A1
20160012236	Giakouminakis et al.	Jan 2016	A1
20160020959	Rahaman	Jan 2016	A1
20160034682	Fiske	Feb 2016	A1
20160048709	Butler et al.	Feb 2016	A1
20160048712	Butler et al.	Feb 2016	A1
20160057164	Maeng et al.	Feb 2016	A1
20160063248	Spernow et al.	Mar 2016	A1
20160063249	Spernow et al.	Mar 2016	A1
20160063250	Spernow et al.	Mar 2016	A1
20160063251	Spernow et al.	Mar 2016	A1
20160063252	Spernow et al.	Mar 2016	A1
20160065598	Modi et al.	Mar 2016	A1
20160072835	Roytman et al.	Mar 2016	A1
20160078225	Ray et al.	Mar 2016	A1
20160078377	Chapman	Mar 2016	A1
20160080399	Harris et al.	Mar 2016	A1
20160080417	Thomas et al.	Mar 2016	A1
20160080418	Ray et al.	Mar 2016	A1
20160080419	Schiappa et al.	Mar 2016	A1
20160080420	Ray et al.	Mar 2016	A1
20160092176	Straub et al.	Mar 2016	A1
20160092179	Straub	Mar 2016	A1
20160092180	Straub	Mar 2016	A1
20160092339	Straub et al.	Mar 2016	A1
20160092348	Straub et al.	Mar 2016	A1
20160098564	Wysopal et al.	Apr 2016	A1
20160099963	Mahaffey et al.	Apr 2016	A1
20160103896	Briere et al.	Apr 2016	A1
20160105455	Nair et al.	Apr 2016	A1
20160105530	Shribman et al.	Apr 2016	A1
20160105533	Briere et al.	Apr 2016	A1
20160110434	Kakaraddi et al.	Apr 2016	A1
20160110467	Hern	Apr 2016	A1
20160110545	Acar et al.	Apr 2016	A1
20160113490	Gross et al.	Apr 2016	A1
20160113491	Gross et al.	Apr 2016	A1
20160113492	Gross et al.	Apr 2016	A1
20160113493	Gross et al.	Apr 2016	A1
20160113494	Gross et al.	Apr 2016	A1
20160113496	Gross et al.	Apr 2016	A1
20160113497	Gross et al.	Apr 2016	A1
20160113498	Gross et al.	Apr 2016	A1
20160113499	Gross et al.	Apr 2016	A1
20160113500	Gross et al.	Apr 2016	A1
20160113508	Gross et al.	Apr 2016	A1
20160113509	Gross et al.	Apr 2016	A1
20160113510	Gross et al.	Apr 2016	A1
20160113511	Gross et al.	Apr 2016	A1
20160113512	Gross et al.	Apr 2016	A1
20160113513	Gross et al.	Apr 2016	A1
20160113514	Gross et al.	Apr 2016	A1
20160113515	Gross et al.	Apr 2016	A1
20160113521	Gross et al.	Apr 2016	A1
20160113522	Gross et al.	Apr 2016	A1
20160113523	Gross et al.	Apr 2016	A1
20160113524	Gross et al.	Apr 2016	A1
20160113525	Gross et al.	Apr 2016	A1
20160113590	Gross et al.	Apr 2016	A1
20160116339	Crawley et al.	Apr 2016	A1
20160116340	Gross et al.	Apr 2016	A1
20160116341	Gross et al.	Apr 2016	A1
20160116342	Gross et al.	Apr 2016	A1
20160116349	Gross et al.	Apr 2016	A1
20160116350	Gross et al.	Apr 2016	A1
20160116351	Gross et al.	Apr 2016	A1
20160117462	Gross et al.	Apr 2016	A1
20160117697	Briere et al.	Apr 2016	A1
20160117813	Gross et al.	Apr 2016	A1
20160119373	Fausto et al.	Apr 2016	A1
20160124722	Mathew et al.	May 2016	A1
20160125488	Saha et al.	May 2016	A1
20160156941	Alao et al.	Jun 2016	A9
20160180080	Heldt-Sheller et al.	Jun 2016	A1
20160180090	Dalcher et al.	Jun 2016	A1
20160188882	Mahrous et al.	Jun 2016	A1
20160189118	Cohen	Jun 2016	A2
20160191465	Thomas et al.	Jun 2016	A1
20160191476	Schutz et al.	Jun 2016	A1
20160205122	Bassett	Jul 2016	A1
20160210427	Mynhier et al.	Jul 2016	A1
20160210602	Siddique et al.	Jul 2016	A1
20160212153	Livshits et al.	Jul 2016	A1
20160218933	Porras et al.	Jul 2016	A1
20160219048	Porras et al.	Jul 2016	A1
20160219078	Porras et al.	Jul 2016	A1
20160224367	Raghu et al.	Aug 2016	A1
20160224951	Hoffberg	Aug 2016	A1
20160232358	Grieco et al.	Aug 2016	A1
20160234065	Cohen et al.	Aug 2016	A1
20160246736	Lee et al.	Aug 2016	A1
20160248631	Duchesneau	Aug 2016	A1
20160248794	Cam	Aug 2016	A1
20160248796	Choi et al.	Aug 2016	A1
20160253590	Hershey et al.	Sep 2016	A1
20160259944	Okihara	Sep 2016	A1
20160261640	Modi et al.	Sep 2016	A1
20160266897	Henderson	Sep 2016	A1
20160269435	Hershey et al.	Sep 2016	A1
20160269475	Raghu	Sep 2016	A1
20160275101	Hinterbichler et al.	Sep 2016	A1
20160277268	Brown et al.	Sep 2016	A1
20160307217	Briere et al.	Oct 2016	A1
20160314327	Butler et al.	Oct 2016	A1
20160314651	Kessman et al.	Oct 2016	A1
20160315779	Chan et al.	Oct 2016	A1
20160321480	Hamlin et al.	Nov 2016	A1
20160337226	Padala et al.	Nov 2016	A1
20160337426	Shribman et al.	Nov 2016	A1
20160337484	Tola	Nov 2016	A1
20160350143	Uliel et al.	Dec 2016	A1
20160352745	Ilieva et al.	Dec 2016	A1
20160359872	Yadav et al.	Dec 2016	A1
20160363921	Martindale et al.	Dec 2016	A1
20160364341	Banginwar et al.	Dec 2016	A1
20160366174	Chernin et al.	Dec 2016	A1
20160371109	Palavalli et al.	Dec 2016	A1
20160373293	Kushmerick et al.	Dec 2016	A1
20160378439	Straub et al.	Dec 2016	A1
20160378519	Gaurav et al.	Dec 2016	A1
20160378530	An et al.	Dec 2016	A1
20160378994	Hibbert et al.	Dec 2016	A1
20160379237	Shapsa et al.	Dec 2016	A1
20160380862	Shapsa et al.	Dec 2016	A1
20170003991	Strandzhev et al.	Jan 2017	A1
20170005861	Strandzhev et al.	Jan 2017	A1
20170005873	Strandzhev et al.	Jan 2017	A1
20170005878	Strandzhev et al.	Jan 2017	A1
20170012958	Brooker et al.	Jan 2017	A1
20170019402	Kulkarni	Jan 2017	A1
20170026401	Polyakov	Jan 2017	A1
20170034023	Nickolov et al.	Feb 2017	A1
20170034089	Ludwig et al.	Feb 2017	A1
20170034200	Costin et al.	Feb 2017	A1
20170039372	Koval et al.	Feb 2017	A1
20170046134	Straub	Feb 2017	A1
20170046235	Straub et al.	Feb 2017	A1
20170046519	Cam	Feb 2017	A1
20170048215	Straub	Feb 2017	A1
20170048252	Straub et al.	Feb 2017	A1
20170048319	Straub	Feb 2017	A1
20170048339	Straub	Feb 2017	A1
20170048495	Scalisi	Feb 2017	A1
20170053115	Healy et al.	Feb 2017	A1
20170061133	Trabelsi	Mar 2017	A1
20170061174	Butler et al.	Mar 2017	A1
20170078093	Schutz et al.	Mar 2017	A1
20170078322	Seiver et al.	Mar 2017	A1
20170078393	Briere et al.	Mar 2017	A1
20170091465	Swoboda	Mar 2017	A9
20170093669	Nortman	Mar 2017	A1
20170093910	Gukal et al.	Mar 2017	A1
20170103215	Mahaffey et al.	Apr 2017	A1
20170109212	Gaurav et al.	Apr 2017	A1
20170126838	Saint Clair	May 2017	A1
20170142138	Williams et al.	May 2017	A1
20170147681	Tankersley et al.	May 2017	A1
20170149786	Alon et al.	May 2017	A1
20170149816	Kelekar	May 2017	A1
20170161023	Khazanchi et al.	Jun 2017	A1
20170161043	Khazanchi et al.	Jun 2017	A1
20170161044	Singh et al.	Jun 2017	A1
20170161057	Khazanchi et al.	Jun 2017	A1
20170161101	Khazanchi et al.	Jun 2017	A1
20170163492	Khazanchi et al.	Jun 2017	A1
20170163518	Dube et al.	Jun 2017	A1
20170163732	Saraf et al.	Jun 2017	A1
20170168714	Saha et al.	Jun 2017	A1
20170169217	Rahaman et al.	Jun 2017	A1
20170171236	Ouchn	Jun 2017	A1
20170177367	DeHon	Jun 2017	A1
20170177368	DeHon et al.	Jun 2017	A1
20170178193	Jagannath et al.	Jun 2017	A1
20170180411	Nair et al.	Jun 2017	A1
20170193239	Chari et al.	Jul 2017	A1
20170195361	Liu	Jul 2017	A1
20170206381	Swoboda	Jul 2017	A1
20170208084	Steelman et al.	Jul 2017	A1
20170208085	Steelman et al.	Jul 2017	A1
20170208093	Williams et al.	Jul 2017	A1
20170213002	Jha et al.	Jul 2017	A1
20170214708	Gukal et al.	Jul 2017	A1
20170214710	Seiver et al.	Jul 2017	A1
20170214737	Agarwal et al.	Jul 2017	A1
20170214738	Agarwal et al.	Jul 2017	A1
20170220404	Polar Seminario	Aug 2017	A1
20170223052	Stutz	Aug 2017	A1
20170228466	Briere et al.	Aug 2017	A1
20170230179	Mannan et al.	Aug 2017	A1
20170230460	Briere et al.	Aug 2017	A1
20170235966	Ray et al.	Aug 2017	A1
20170235967	Ray et al.	Aug 2017	A1
20170242717	Gaurav et al.	Aug 2017	A1
20170243009	Sejpal et al.	Aug 2017	A1
20170250998	Miliefsky et al.	Aug 2017	A1
20170255890	Palavalli et al.	Sep 2017	A1
20170262655	Runkis et al.	Sep 2017	A1
20170270323	Butler et al.	Sep 2017	A1
20170280109	Scalisi	Sep 2017	A1
20170286690	Chari et al.	Oct 2017	A1
20170289187	Noel et al.	Oct 2017	A1
20170293501	Barapatre et al.	Oct 2017	A1
20170293563	DeHon et al.	Oct 2017	A1
20170295181	Parimi et al.	Oct 2017	A1
20170295197	Parimi et al.	Oct 2017	A1
20170300911	Alnajem	Oct 2017	A1
20170302458	Berger et al.	Oct 2017	A1
20170302635	Humphries et al.	Oct 2017	A1
20170302653	Ortner et al.	Oct 2017	A1
20170302696	Schutz et al.	Oct 2017	A1
20170310556	Knowles et al.	Oct 2017	A1
20170310686	Ray et al.	Oct 2017	A1
20170310692	Ackerman et al.	Oct 2017	A1
20170310693	Howard et al.	Oct 2017	A1
20170310703	Ackerman et al.	Oct 2017	A1
20170310708	Schiappa et al.	Oct 2017	A1
20170316213	McClintock et al.	Nov 2017	A1
20170318048	Htay	Nov 2017	A1
20170324763	Vasudevan et al.	Nov 2017	A1
20170324766	Gonzalez Granadillo et al.	Nov 2017	A1
20170329975	Artes et al.	Nov 2017	A1
20170331682	Cohen et al.	Nov 2017	A1
20170346847	Borohovski et al.	Nov 2017	A1
20170353313	Goldman	Dec 2017	A1
20170353482	Sommer	Dec 2017	A1
20170353534	Taheri et al.	Dec 2017	A1
20170357814	Mahaffey et al.	Dec 2017	A1
20170359306	Thomas et al.	Dec 2017	A1
20170359370	Humphries et al.	Dec 2017	A1
20170364844	Saraf	Dec 2017	A1
20170371636	Palavalli et al.	Dec 2017	A1
20170371872	McBride	Dec 2017	A1
20170372070	Burdett et al.	Dec 2017	A1
20170372384	Yaros et al.	Dec 2017	A1
20170373937	Hovhannisyan et al.	Dec 2017	A1
20180004503	OlmstedThompson	Jan 2018	A1
20180004937	Shannon	Jan 2018	A1
20180007014	Neal	Jan 2018	A1
20180011708	DeHon	Jan 2018	A1
20180014241	Perdomo	Jan 2018	A1
20180024901	Tankersley et al.	Jan 2018	A1
20180032733	Surdu	Feb 2018	A1
20180032736	Inagaki et al.	Feb 2018	A1
20180034840	Marquardt et al.	Feb 2018	A1
20180040074	Raghu et al.	Feb 2018	A1
20180041539	Htay	Feb 2018	A1
20180041588	Straub et al.	Feb 2018	A1
20180045189	Lee et al.	Feb 2018	A1
20180046823	Durham et al.	Feb 2018	A1
20180048668	Gupta et al.	Feb 2018	A1
20180060106	Madtha et al.	Mar 2018	A1
20180060216	Kasi et al.	Mar 2018	A1
20180060361	Beveridge	Mar 2018	A1
20180060867	Hagan et al.	Mar 2018	A1
20180060894	Beveridge et al.	Mar 2018	A1
20180062928	Beveridge et al.	Mar 2018	A1
20180063017	Beveridge	Mar 2018	A1
20180063026	Beveridge et al.	Mar 2018	A1
20180063171	Yamada et al.	Mar 2018	A1
20180063172	Yamada et al.	Mar 2018	A1
20180063177	Yamada et al.	Mar 2018	A1
20180063235	Beveridge et al.	Mar 2018	A1
20180074029	DeVries et al.	Mar 2018	A1
20180074030	DeVries et al.	Mar 2018	A1
20180075249	Ray et al.	Mar 2018	A1
20180075253	Auh	Mar 2018	A1
20180075262	Auh	Mar 2018	A1
20180077156	Ellingson et al.	Mar 2018	A1
20180077188	Mandyam et al.	Mar 2018	A1
20180077193	Roytman et al.	Mar 2018	A1
20180077195	Gathala et al.	Mar 2018	A1
20180089431	Nalluri et al.	Mar 2018	A1
20180091539	Marquardt et al.	Mar 2018	A1
20180091590	Olteanu et al.	Mar 2018	A1
20180095610	Wieder et al.	Apr 2018	A1
20180095731	Brown et al.	Apr 2018	A1
20180096609	de la Cruz et al.	Apr 2018	A1
20180097687	Brown	Apr 2018	A1
20180103054	Cran et al.	Apr 2018	A1
20180107525	Govindaraju et al.	Apr 2018	A1
20180113817	Banginwar et al.	Apr 2018	A1
20180121420	Onusko	May 2018	A1
20180136951	Palavalli et al.	May 2018	A1
20180136970	Nandagopal et al.	May 2018	A1
20180145828	Coon et al.	May 2018	A1
20180152292	Coon et al.	May 2018	A1
20180157544	Brown et al.	Jun 2018	A1
20180159953	Saint Clair	Jun 2018	A1
20180165142	Harutyunyan et al.	Jun 2018	A1
20180165173	Lin et al.	Jun 2018	A1
20180165203	Boswell et al.	Jun 2018	A1
20180165693	Jain et al.	Jun 2018	A1
20180204029	Butler et al.	Jul 2018	A1
20180210742	Costa	Jul 2018	A1
20180211034	Costa	Jul 2018	A1
20180211035	Costa	Jul 2018	A1
20180211054	Costa	Jul 2018	A1
20180211067	Costa	Jul 2018	A1
20180212760	Costa	Jul 2018	A1
20180212770	Costa	Jul 2018	A1
20180212939	Costa	Jul 2018	A1
20180212966	Costa	Jul 2018	A1
20180212971	Costa	Jul 2018	A1
20180219970	Shribman et al.	Aug 2018	A1
20180225230	Litichever et al.	Aug 2018	A1
20180235468	Khachaturian et al.	Aug 2018	A1
20180235478	Khachaturian et al.	Aug 2018	A1
20180247082	Durham et al.	Aug 2018	A1
20180260251	Beveridge et al.	Sep 2018	A1
20180260564	Porteboeuf	Sep 2018	A1
20180262388	Johnson et al.	Sep 2018	A1
20180276378	Ray et al.	Sep 2018	A1
20180277241	Hamlin et al.	Sep 2018	A1
20180278631	Harris et al.	Sep 2018	A1
20180278649	Thomas et al.	Sep 2018	A1
20180278650	Ray et al.	Sep 2018	A1
20180293389	Mahaffey et al.	Oct 2018	A1
20180303342	Khachaturian et al.	Oct 2018	A1
20180316715	Liu et al.	Nov 2018	A1
20180316761	Briere et al.	Nov 2018	A1
20180317780	Khachaturian et al.	Nov 2018	A1
20180324220	Ray et al.	Nov 2018	A1
20180329738	Kasha et al.	Nov 2018	A1
20180336031	DeHon et al.	Nov 2018	A1
20180336032	DeHon et al.	Nov 2018	A1
20180336033	DeHon et al.	Nov 2018	A1
20180336286	Shah	Nov 2018	A1
20180341490	DeHon et al.	Nov 2018	A1
20180349221	Harutyunyan et al.	Dec 2018	A1
20180349614	Ionescu et al.	Dec 2018	A1
20180351780	Atanasov	Dec 2018	A1
20180351781	Movsisyan et al.	Dec 2018	A1
20180351838	Lui	Dec 2018	A1
20180359250	Lerner	Dec 2018	A1
20180365044	Movsisyan et al.	Dec 2018	A1
20180365298	Poghosyan et al.	Dec 2018	A1
20180365301	Poghosyan et al.	Dec 2018	A1
20180367299	Schutz et al.	Dec 2018	A1
20180367434	Kushmerick et al.	Dec 2018	A1
20180373895	Durham et al.	Dec 2018	A9
20190007521	Lipstone et al.	Jan 2019	A1
20190012150	Dimitrov et al.	Jan 2019	A1
20190012857	Noonan	Jan 2019	A1
20190026206	Harutyunyan et al.	Jan 2019	A1
20190026236	Barnes	Jan 2019	A1
20190026459	Harutyunyan et al.	Jan 2019	A1
20190026464	Nalluri et al.	Jan 2019	A1
20190028438	Thomas et al.	Jan 2019	A1
20190034464	Nozhchev et al.	Jan 2019	A1
20190034664	Barnes et al.	Jan 2019	A1
20190036766	Popov	Jan 2019	A1
20190036901	Brooker et al.	Jan 2019	A1
20190037047	Shribman et al.	Jan 2019	A1
20190042764	Durham et al.	Feb 2019	A1
20190042798	Mittal	Feb 2019	A1
20190042799	Durham et al.	Feb 2019	A1
20190044823	Soundararajan et al.	Feb 2019	A1
20190046056	Khachaturian et al.	Feb 2019	A1
20190046121	Khachaturian et al.	Feb 2019	A1
20190068750	Shribman et al.	Feb 2019	A1
20190072531	DeVries et al.	Mar 2019	A1
20190080078	Teal	Mar 2019	A1
20190080102	Teal	Mar 2019	A1
20190081867	Lipstone et al.	Mar 2019	A1
20190081873	Kraft	Mar 2019	A1
20190081928	Teal	Mar 2019	A1
20190081959	Yadav et al.	Mar 2019	A1
20190081962	Teal	Mar 2019	A1
20190081976	Kraft	Mar 2019	A1
20190081983	Teal	Mar 2019	A1
20190087359	Litichever et al.	Mar 2019	A1
20190089720	Aditham et al.	Mar 2019	A1
20190108342	Conikee et al.	Apr 2019	A1
20190109772	Lipstone et al.	Apr 2019	A1
20190114450	Butler et al.	Apr 2019	A1
20190116242	Shribman et al.	Apr 2019	A1
20190116243	Shribman et al.	Apr 2019	A1
20190116244	Shribman et al.	Apr 2019	A1
20190123904	Ackerman et al.	Apr 2019	A1
20190124042	Thomas et al.	Apr 2019	A1
20190124047	Thomas et al.	Apr 2019	A1
20190124097	Thomas et al.	Apr 2019	A1
20190124098	Thomas et al.	Apr 2019	A1
20190124112	Thomas et al.	Apr 2019	A1
20190132214	Porras et al.	May 2019	A1
20190132417	Shribman et al.	May 2019	A1
20190138419	Poghosyan et al.	May 2019	A1
20190138420	Harutyunyan et al.	May 2019	A1
20190149574	Thomas et al.	May 2019	A1
20190149580	Ray et al.	May 2019	A1
20190154439	Binder	May 2019	A1
20190155953	Brown et al.	May 2019	A1
20190163355	Govindaraju et al.	May 2019	A1
20190163404	Pedersen et al.	May 2019	A1
20190163550	Harutyunyan et al.	May 2019	A1
20190163616	Govindaraju	May 2019	A1
20190166125	Bender et al.	May 2019	A1
20190171438	Franchitti	Jun 2019	A1
20190171457	DeHon et al.	Jun 2019	A1
20190171476	Lee et al.	Jun 2019	A1
20190190929	Thomas et al.	Jun 2019	A1
20190190936	Thomas et al.	Jun 2019	A1
20190199824	Shribman et al.	Jun 2019	A1
20190205773	Ackerman et al.	Jul 2019	A1
20190208034	Shribman et al.	Jul 2019	A1
20190208035	Shribman et al.	Jul 2019	A1
20190208036	Shribman et al.	Jul 2019	A1
20190213322	Dehon et al.	Jul 2019	A1
20190220625	Durham et al.	Jul 2019	A1
20190222619	Shribman et al.	Jul 2019	A1
20190222673	Shribman et al.	Jul 2019	A1
20190222674	Shribman et al.	Jul 2019	A1
20190227781	Ramasamy et al.	Jul 2019	A1
20190227793	Ramasamy	Jul 2019	A1
20190227951	Durham et al.	Jul 2019	A1
20190228172	Ray et al.	Jul 2019	A1
20190229983	Govindaraju et al.	Jul 2019	A1
20190230077	Lerner	Jul 2019	A1
20190236825	Straub	Aug 2019	A1
20190238589	Stutz	Aug 2019	A1
20190245894	Epple et al.	Aug 2019	A1
20190251267	Wysopal et al.	Aug 2019	A1
20190253399	Humphries et al.	Aug 2019	A1
20190260799	Chen et al.	Aug 2019	A1
20190268149	Kariv et al.	Aug 2019	A1
20190268150	Kariv et al.	Aug 2019	A1
20190268302	McDonald	Aug 2019	A1
20190268303	Schiappa et al.	Aug 2019	A1
20190268316	Kurian	Aug 2019	A1
20190294592	Hinterbichler et al.	Sep 2019	A1
20190294613	Sullivan et al.	Sep 2019	A1
20190294809	Strickland	Sep 2019	A1
20190296967	Yang et al.	Sep 2019	A1
20190297093	Kurian	Sep 2019	A1
20190303586	Mahaffey et al.	Oct 2019	A1
20190311134	Mahaffey et al.	Oct 2019	A1
20190313907	Khachaturian et al.	Oct 2019	A1
20190317816	Chandran et al.	Oct 2019	A1
20190317817	Brown et al.	Oct 2019	A1
20190317826	Jain et al.	Oct 2019	A1
20190317829	Brown et al.	Oct 2019	A1
20190340048	Brown	Nov 2019	A1
20190340057	Brown et al.	Nov 2019	A1
20190340481	Locke et al.	Nov 2019	A1
20190349449	Shribman et al.	Nov 2019	A1
20190350469	Khachaturian et al.	Nov 2019	A1
20190350470	Khachaturian et al.	Nov 2019	A1
20190372938	Pasdar	Dec 2019	A1
20190373045	Raghu	Dec 2019	A1
20190377570	Govindaraju et al.	Dec 2019	A1
20190384604	Dehon et al.	Dec 2019	A1
20190386957	Leon	Dec 2019	A1

Non-Patent Literature Citations (111)

Entry
U.S. Appl. No. 10/013,668, filed Jul. 3, 2018, Straub.
U.S. Appl. No. 10/013,705, filed Jul. 3, 2018, Mikurak.
U.S. Appl. No. 10/015,169, filed Jul. 3, 2018, Kennedy.
U.S. Appl. No. 10/015,720, filed Jul. 3, 2018, Perdomo.
U.S. Appl. No. 10/021,446, filed Jul. 10, 2018, Barton et al..
U.S. Appl. No. 10/025,638, filed Jul. 17, 2018, Raghu.
U.S. Appl. No. 10/031,505, filed Jul. 24, 2018, Martindale et al..
U.S. Appl. No. 10/031,768, filed Jul. 24, 2018, Strandzhev et al..
U.S. Appl. No. 10/042,628, filed Aug. 7, 2018, OlmstedThompson.
U.S. Appl. No. 10/044,747, filed Aug. 7, 2018, Liu.
U.S. Appl. No. 10/050,868, filed Aug. 14, 2018, Porras et al.
U.S. Appl. No. 10/061,566, filed Aug. 28, 2018, Brown et al.
U.S. Appl. No. 10/063,373, filed Aug. 28, 2018, Schutz et al.
U.S. Appl. No. 10/073,679, filed Sep. 11, 2018, Straub et al.
U.S. Appl. No. 10/079,878, filed Sep. 18, 2018, Ulrich et al.
U.S. Appl. No. 10/089,651, filed Oct. 2, 2018, Mahadevan et al.
U.S. Appl. No. 10/095,543, filed Oct. 9, 2018, Griffin et al.
U.S. Appl. No. 10/097,531, filed Oct. 9, 2018, Brooker et al.
U.S. Appl. No. 10/114,950, filed Oct. 30, 2018, Nalluri et al.
U.S. Appl. No. 10/120,668, filed Nov. 6, 2018, Palavalli et al.
U.S. Appl. No. 10/120,928, filed Nov. 6, 2018, Kushmerick et al.
U.S. Appl. No. 10/122,687, filed Nov. 6, 2018, Thomas et al.
U.S. Appl. No. 10/135,697, filed Nov. 20, 2018, Varney et al.
U.S. Appl. No. 10/142,191, filed Nov. 27, 2018, Varney et al.
U.S. Appl. No. 10/142,353, filed Nov. 27, 2018, Yadav et al.
U.S. Appl. No. 10/147,110, filed Dec. 4, 2018, Shapsa et al.
U.S. Appl. No. 10/154,021, filed Dec. 11, 2018, Lerner.
U.S. Appl. No. 10/157,044, filed Dec. 18, 2018, Khazanchi et al.
U.S. Appl. No. 10/182,073, filed Jan. 15, 2019, Redlich et al.
U.S. Appl. No. 10/185,584, filed Jan. 22, 2019, Lee et al.
U.S. Appl. No. 10/185,670, filed Jan. 22, 2019, Litichever et al.
U.S. Appl. No. 10/204,244, filed Feb. 12, 2019, Butler et al.
U.S. Appl. No. 10/205,627, filed Feb. 12, 2019, Kushmerick et al.
U.S. Appl. No. 10/205,637, filed Feb. 12, 2019, Porras et al.
U.S. Appl. No. 10/212,023, filed Feb. 19, 2019, Brown.
U.S. Appl. No. 10/212,045, filed Feb. 19, 2019, Strandzhev et al.
U.S. Appl. No. 10/216,615, filed Feb. 26, 2019, Klemenz.
U.S. Appl. No. 10/216,921, filed Feb. 26, 2019, Janse Van Rensburg et al.
U.S. Appl. No. 10/225,142, filed Mar. 5, 2019, Strandzhev et al.
U.S. Appl. No. 10/225,286, filed Mar. 5, 2019, Ray et al.
U.S. Appl. No. 10/230,532, filed Mar. 12, 2019, Chan et al.
U.S. Appl. No. 10/235,176, filed Mar. 19, 2019, DeHon et al.
U.S. Appl. No. 10/235,439, filed Mar. 19, 2019, Sullivan et al.
U.S. Appl. No. 10/235,810, filed Mar. 19, 2019, Morrison.
U.S. Appl. No. 10/237,059, filed Mar. 19, 2019, Sethumadhavan et al.
U.S. Appl. No. 10/243,815, filed Mar. 26, 2019, Shapsa et al.
U.S. Appl. No. 10/243,990, filed Mar. 26, 2019, Chen et al.
U.S. Appl. No. 10/248,119, filed Apr. 2, 2019, Kentley-Klay et al.
U.S. Appl. No. 10/250,639, filed Apr. 2, 2019, Redlich et al.
U.S. Appl. No. 10/250,640, filed Apr. 2, 2019, Redlich et al.
U.S. Appl. No. 10/250,641, filed Apr. 2, 2019, Porras et al.
U.S. Appl. No. 10/255,292, filed Apr. 9, 2019, Hinterbichler et al.
U.S. Appl. No. 10/255,414, filed Apr. 9, 2019, Horning et al.
U.S. Appl. No. 10/257,261, filed Apr. 9, 2019, Raghu.
U.S. Appl. No. 10/261,794, filed Apr. 16, 2019, DeHon.
U.S. Appl. No. 10/261,809, filed Apr. 16, 2019, Meritt et al.
U.S. Appl. No. 10/261,815, filed Apr. 16, 2019, Gaurav et al.
U.S. Appl. No. 10/263,966, filed Apr. 16, 2019, Humphries et al.
U.S. Appl. No. 10/268,534, filed Apr. 23, 2019, Brown et al.
U.S. Appl. No. 10/275,600, filed Apr. 30, 2019, Wysopal et al.
U.S. Appl. No. 10/276,170, filed Apr. 30, 2019, Gruber et al.
U.S. Appl. No. 10/277,477, filed Apr. 30, 2019, Nortman.
U.S. Appl. No. 10/277,711, filed Apr. 30, 2019, Shribman et al.
U.S. Appl. No. 10/282,223, filed May 7, 2019, Uliel et al.
U.S. Appl. No. 10/284,598, filed May 7, 2019, Stutz.
U.S. Appl. No. 10/290,133, filed May 14, 2019, Straub.
U.S. Appl. No. 10/296,327, filed May 21, 2019, Govindaraju et al.
U.S. Appl. No. 10/296,338, filed May 21, 2019, Boswell et al.
U.S. Appl. No. 10/303,899, filed May 28, 2019, Durham et al.
U.S. Appl. No. 10/305,758, filed May 28, 2019, Bhide et al.
U.S. Appl. No. 10/320,891, filed Jun. 11, 2019, Agarwal et al.
U.S. Appl. No. 10/326,769, filed Jun. 18, 2019, Ilieva et al.
U.S. Appl. No. 10/332,132, filed Jun. 25, 2019, Briere et al.
U.S. Appl. No. 10/334,050, filed Jun. 25, 2019, Kentley-Klay et al.
U.S. Appl. No. 10/338,913, filed Jul. 2, 2019, Franchitti.
U.S. Appl. No. 10/360,168, filed Jul. 23, 2019, Griffin et al.
U.S. Appl. No. 10/367,912, filed Jul. 30, 2019, Saint Clair.
U.S. Appl. No. 10/372,945, filed Aug. 6, 2019, Costa.
U.S. Appl. No. 10/382,459, filed Aug. 13, 2019, Harris et al.
U.S. Appl. No. 10/387,332, filed Aug. 20, 2019, Metcalf et al.
U.S. Appl. No. 10/402,253, filed Sep. 3, 2019, Harutyunyan et al.
U.S. Appl. No. 10/417,108, filed Sep. 17, 2019, Tankersley et al.
U.S. Appl. No. 10/417,432, filed Sep. 17, 2019, Mahaffey et al.
U.S. Appl. No. 10/417,626, filed Sep. 17, 2019, Locke et al.
U.S. Appl. No. 10/419,514, filed Sep. 17, 2019, Straub et al.
U.S. Appl. No. 10/430,263, filed Oct. 1, 2019, Polar Seminario.
U.S. Appl. No. 10/440,146, filed Oct. 8, 2019, Shribman et al.
U.S. Appl. No. 10/445,536, filed Oct. 15, 2019, Butler et al.
U.S. Appl. No. 10/445,668, filed Oct. 15, 2019, Oehrle et al.
U.S. Appl. No. 10/446,037, filed Oct. 15, 2019, Kentley-Klay et al.
U.S. Appl. No. 10/447,809, filed Oct. 15, 2019, Shribman et al.
U.S. Appl. No. 10/452,426, filed Oct. 22, 2019, Nandagopal et al.
U.S. Appl. No. 10/452,497, filed Oct. 22, 2019, Straub et al.
U.S. Appl. No. 10/452,665, filed Oct. 22, 2019, Poghosyan et al.
U.S. Appl. No. 10/454,801, filed Oct. 22, 2019, Lui.
U.S. Appl. No. 10/454,903, filed Oct. 22, 2019, Neal.
U.S. Appl. No. 10/469,614, filed Nov. 5, 2019, Shribman et al.
U.S. Appl. No. 10/469,615, filed Nov. 5, 2019, Shribman et al.
U.S. Appl. No. 10/485,431, filed Nov. 26, 2019, Khachaturian et al.
U.S. Appl. No. 10/492,684, filed Dec. 3, 2019, Khachaturian et al.
U.S. Appl. No. 10/498,707, filed Dec. 3, 2019, Kurian.
U.S. Appl. No. 10/503,630, filed Dec. 10, 2019, Kasi et al.
U.S. Appl. No. 10/503,822, filed Dec. 10, 2019, Spencer et al.
U.S. Appl. No. 10/503,933, filed Dec. 10, 2019, Auh.
U.S. Appl. No. 10/505,825, filed Dec. 10, 2019, Bettaiah et al.
U.S. Appl. No. 10/506,926, filed Dec. 17, 2019, Khachaturian et al.
U.S. Appl. No. 10/509,910, filed Dec. 17, 2019, Mahaffey et al.
U.S. Appl. No. 10/509,911, filed Dec. 17, 2019, Mahaffey et al.
U.S. Appl. No. 10/515,096, filed Dec. 24, 2019, Choudhary et al.
U.S. Appl. No. 10/516,531, filed Dec. 24, 2019, Schutz et al.
U.S. Appl. No. 10/516,533, filed Dec. 24, 2019, Mannan et al.

Related Publications (1)

	Number	Date	Country
	20230401294 A1	Dec 2023	US

Provisional Applications (1)

	Number	Date	Country
	62767908	Nov 2018	US

Continuations (1)

	Number	Date	Country
Parent	16684233	Nov 2019	US
Child	18238079		US

Secure processor for detecting and preventing exploits of software vulnerability

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

Agents

CPC

Field of Search

CPC

International Classifications

Term Extension

Abstract