Abstract: Systems, methods, apparatuses and computer-readable media for receiving data from one or more sensors associated with one or more home devices, such as appliances, home systems, etc. are presented. The data may be used to determine whether operation of the home device is within an acceptable range. If not, the user associated with the home device may receive an alert identifying a potential issue. One or more potential modifications to improve the home device may be identified and transmitted to the user. In some examples, an insurance incentive to implement the recommended modifications may also be transmitted to the user.

Abstract: Methods and apparatus for protecting trace data of a remote debug session for a computing system. In one embodiment, a method includes storing trace data received from one or more trace interfaces to a storage location of a target device, where the trace data is generated from execution at the target device, and where the trace data is protected from an unauthorized access. The method continues with transmitting the trace data to a debug host computer with encryption through a communication channel between the target device and the debug host computer.

Abstract: A secure communication path device includes a first secure communication validator providing a one-way communication path from a security domain by implementing a secure protocol parser, a second secure communication validator providing a one-way communication path from a second security domain by implementing a secure second protocol parser. Each validator including respective serial/de-serializer units providing a unidirectional communication path from their respective security domain. The device hardware segregating respective communications of the security domains within the secure communication path device.

Abstract: Methods and apparatus for protecting trace data of a remote debug session for a computing system. In one embodiment, a method includes storing trace data received from one or more trace interfaces to a storage location of a target device, where the trace data is generated from execution at the target device, and where the trace data is protected from an unauthorized access. The method continues with transmitting the trace data to a debug host computer with encryption through a communication channel between the target device and the debug host computer.

Abstract: A secure communication path device includes a first secure communication validator providing a one-way communication path from a security domain by implementing a secure protocol parser, a second secure communication validator providing a one-way communication path from a second security domain by implementing a secure second protocol parser. Each validator including respective serial/de-serializer units providing a unidirectional communication path from their respective security domain. The device hardware segregating respective communications of the security domains within the secure communication path device.

Abstract: A cyber-security improvement platform database may store electronic records including information, received from remote submitting devices, associated with vulnerability data for computing elements. Information associated with first vulnerability data for a first computing element may be retrieved from the database and verified. Information about the first vulnerability data may then be recorded in a secure, distributed transaction ledger, and a crypto-currency payment may be transferred in connection with the recorded information. Similarly, the electronic records may further include fix data for computing elements. In this case, first fix data associated with the first vulnerability data may be retrieved, verified, and applied in connection with the first computing element. Additional information, about the first fix data, may then be recorded in the transaction ledger and an additional crypto-currency payment may be transferred in connection with the recorded additional information.

Abstract: The example embodiments are directed to a system and method for secure provisioning of secrets into MPSoC devices using untrusted third-party systems. In one example, the method includes generating a random number sequence from a true random number generator to produce secret information, storing the secret information in an on-chip secure storage, encrypting, in a device and using public key encryption, the secret information to generate an encrypted message, and transmitting the encrypted message to a third-party system.

Abstract: According to some embodiments, a system may include a communication port to exchange information with a client device associated with an industrial control system. A network security server coupled to the communication port may include a computer processor adapted to provide a network security service for the client device. The computer processor may further be adapted to record security information about the client device via a blockchain verification process (e.g., by registering a validation result within a distributed ledger). The network security service might comprise, for example, an integrity attestation service providing software verification for the client device.

Abstract: The example embodiments are directed to a system and method for secure provisioning of secrets into MPSoC devices using untrusted third-party systems. In one example, the method includes generating a random number sequence from a true random number generator to produce secret information, storing the secret information in an on-chip secure storage, encrypting, in a device and using public key encryption, the secret information to generate an encrypted message, and transmitting the encrypted message to a third-party system.

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.

Abstract: According to some embodiments, a system may include a communication port to exchange information with a client device associated with an industrial control system. A network security server coupled to the communication port may include a computer processor adapted to provide a network security service for the client device. The computer processor may further be adapted to record security information about the client device via a blockchain verification process (e.g., by registering a validation result within a distributed ledger). The network security service might comprise, for example, an integrity attestation service providing software verification for the client device.

Abstract: According to some embodiments, an overall chain-of-trust may be established for an industrial control system. Secure hardware may be provided, including a hardware security module coupled to or integrated with a processor of the industrial control system to provide a hardware root-of-trust. Similarly, secure firmware associated with a secure boot mechanism such that the processor executes a trusted operating system, wherein the secure boot mechanism includes one or more of a measured boot, a trusted boot, and a protected boot. Objects may be accessed via secure data storage, and data may be exchanged via secure communications in accordance with information stored in the hardware security model.

Abstract: An apparatus for communicating between lock step is incorporated on two or more processors operating in a lock step mode. Each of the processors includes processor logic to execute a code sequence, and an identical code sequence is executed by the processor logic. The apparatus further includes a processor-specific resource referenced by the code sequence. A multiplexer is coupled to the processor-specific resource, and is controlled to read data based on the identification. Coupled to the processors is a lock step logic block operable to read and compare the output of each of the processors. The lock step logic determines if operation of the processors is in a lock step mode or in an independent processor mode. Such determination may be made by the lock step logic turning off, for example.

Abstract: An apparatus, and a corresponding method, are used for seeding differences in lock stepped processors, the apparatus implemented on two or more processors operating in a lock step mode. Each of the two or more processors comprise a processor-specific resource operable to seed the differences, a processor logic to execute a code sequence, in which an identical code sequence is executed by the processor logic of each of the two or more processors, and an output to provide a result of execution of the code sequence. The processor outputs, based on execution of the code sequence is provided to a lock step logic operable to read and compare the output of each of the two or more processors.

Abstract: An apparatus, operating on an advanced multi-core processor architecture, and a corresponding method, are used to enhance recovery from loss of lock step in a multi-processor computer system. The apparatus for recovery from loss of lock step includes multiple processor units operating in the computer system, each of the processor units having at least two processor units operating in lock step, and at least one idle processor unit operating in lock step; and a controller coupled to the two processor units operating in lock step and the idle processor unit. The controller includes mechanisms for copying an architected state of each of the two lock step processor units to the idle processor unit.

Abstract: The present invention is a method for implementing two architectures on a single chip. The method uses a fetch engine to retrieve instructions. If the instructions are macroinstructions, then it decodes the macroinstructions into microinstructions, and then bundles those microinstructions using a bundler, within an emulation engine. The bundles are issued in parallel and dispatched to the execution engine and contain pre-decode bits so that the execution engine treats them as microinstructions. Before being transferred to the execution engine, the instructions may be held in a buffer. The method also selects between bundled microinstructions from the emulation engine and native microinstructions coming directly from the fetch engine, by using a multiplexer or other means. Both native microinstructions and bundled microinstructions may be held in the buffer. The method also sends additional information to the execution engine.

Abstract: One embodiment of the present method and apparatus for providing access to a resource over a network includes receiving a series of packets from a sender, assessing a validity of the series of packets in accordance with expected contents of the packets and at least one expected time difference between the packets, and providing access to the resource if the series of packets is determined to be valid.

Abstract: Techniques are disclosed, for use in a computer system including a plurality of processing units coupled over a system fabric, to identify a lockstep error associated with a first packet to be transmitted over the system fabric; set a viral indicator in the first packet to indicate the lockstep error; and transmit the modified packet over the system fabric.

Abstract: A device is provided which includes a first microprocessor core to generate a first output signal; a second microprocessor core to generate a second output signal; a switching fabric having a first input/output port; and lockstep logic, coupled between the first input/output port of the switching fabric and the first and second microprocessor cores, to detect whether the first output signal differs from the second output signal.

Abstract: In one aspect of the present invention, a circuit is provided which implements an instruction set architecture defining a first instruction group, a second instruction group to enter a high-reliability mode of operation, and a third instruction group to enter a non-high-reliability mode of operation. The circuit includes means for causing the circuit to enter the high-reliability mode of operation in response to receiving the second instruction group; means for causing the circuit to enter the non-high-reliability mode of operation in response to receiving the third instruction group; first execution means for executing the first instruction group in the high-reliability mode of operation if the circuit is in the high-reliability mode of operation; and second execution means for executing the first instruction group in the non-high-reliability mode of operation if the circuit is in the non-high-reliability mode of operation.