Trusted packet processing for multi-domain separatization and security

Assignee

• Intel Corporation · US

Inventors

• Kapil Sood · Beaverton, US
• Somnath Chakrabarti · Portland, US
• Wei Shen · Danville, US
• Carlos V. Rozas · Portland, US
• Mona Vij · Hillsboro, US
• Vincent R. Scarlata · Beaverton, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L41/5041
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Methods and apparatus for implemented trusted packet processing for multi-domain separatization and security. Secure enclaves are created in system memory of a compute platform configured to support a virtualized execution environment including a plurality of virtual machines (VMs) or containers, each secure enclave occupying a respective protected portion of the system memory, wherein software code external from a secure enclave cannot access code or data within a secure enclave, and software code in a secure enclave can access code and data both within the secure enclave and external to the secure enclave. Software code for implementing packet processing operations is installed in the secure enclaves. The software in the secure enclaves is then executed to perform the packet processing operations. Various configurations of secure enclaves and software code may be implemented, including configurations supporting service chains both within a VM or contain or across multiple VMs or containers, as well a parallel packet processing operations.