System, Apparatus And Method For Integrity Protecting Tenant Workloads In A Multi-Tenant Computing Environment

Organization Name

Intel Corporation

Inventor(s)

Siddhartha Chhabra of Portland OR (US)

David M. Durham of Beaverton OR (US)

System, Apparatus And Method For Integrity Protecting Tenant Workloads In A Multi-Tenant Computing Environment - A simplified explanation of the abstract

This abstract first appeared for US patent application 18528124 titled 'System, Apparatus And Method For Integrity Protecting Tenant Workloads In A Multi-Tenant Computing Environment

Simplified Explanation

The abstract describes a multi-tenant computing system with a memory execution circuit that can operate in different modes to handle encrypted data from different tenants securely.

• The system includes a processor with multiple cores for tenant agents to execute, a configuration storage, and a memory execution circuit.
• The configuration storage contains a first configuration register to store information about the memory execution circuit, including a mode identifier.
• In one mode of operation, the memory execution circuit receives encrypted data from a tenant, generates an integrity value for the data, and sends both to memory without revealing the integrity value to the system's software.

Potential Applications

This technology could be applied in cloud computing environments where multiple tenants share resources but need to keep their data secure and isolated.

Problems Solved

1. Secure handling of encrypted data from multiple tenants in a shared computing environment. 2. Ensuring data integrity without exposing sensitive information to the system's software.

Benefits

1. Enhanced security for multi-tenant computing systems. 2. Efficient and isolated data processing for different tenants. 3. Improved data integrity verification mechanisms.

Potential Commercial Applications

"Secure Multi-Tenant Computing System for Cloud Environments"

Possible Prior Art

There may be prior art related to secure data handling in multi-tenant computing systems, but specific examples are not provided in the abstract.

Unanswered Questions

How does the system handle potential conflicts between different tenants' data access requirements?

The abstract does not detail how the system resolves conflicts that may arise when different tenants have varying data access needs.

What encryption algorithms or methods are supported by the memory execution circuit?

The abstract does not specify the encryption techniques compatible with the memory execution circuit.

Original Abstract Submitted

In one embodiment, a multi-tenant computing system includes a processor including a plurality of cores on which agents of tenants of the multi-tenant computing system are to execute, a configuration storage, and a memory execution circuit. The configuration storage includes a first configuration register to store configuration information associated with the memory execution circuit. The first configuration register is to store a mode identifier to identify a mode of operation of the memory execution circuit. The memory execution circuit, in a first mode of operation, is to receive encrypted data of a first tenant, the encrypted data encrypted by the first tenant, generate an integrity value for the encrypted data, and send the encrypted data and the integrity value to a memory, the integrity value not visible to the software of the multi-tenant computing system. Other embodiments are described and claimed.