CPC G06F 21/79 (2013.01) [G06F 12/14 (2013.01); G06F 21/75 (2013.01); G06F 21/76 (2013.01); G06F 21/6218 (2013.01)] | 23 Claims |
1. A device for multi-tenant cryptographic memory isolation, the device comprising:
storage that includes a key table;
interface circuitry to facilitate an interface to form an interconnect between memory hardware and a user of the memory hardware; and
processing circuitry to:
receive, on the interface:
a write request, by a tenant of several tenants, for the memory hardware from the user of the memory hardware; and
data corresponding to the write request;
extract a tenant identifier (ID) from the write request;
obtain a nonce for the tenant from the key table using the tenant ID as an index, the key table being writable to store new keyed-nonces; and
encrypt the data, creating encrypted data, using the nonce for storage in the memory hardware, wherein, to encrypt the data using the nonce, the processing circuitry is configured to:
combine the nonce with the tenant ID and physical address from the write request to create a tweak; and
encrypt the data using the tweak.
|