Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining current hardware performance data, including hardware performance counter data, for a hardware device executing a first process associated with pre-recorded hardware performance data representative of the first process' normal behavior, and determining whether a malicious process is affecting performance of the first process based on a determination of an extent of deviation of the obtained current hardware performance data corresponding to the first process from the pre-recorded hardware performance data representative of the normal behavior of the first process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media, and other implementations, including a method that includes computing for one or more inputs of a circuit associated metrics representative of degree of influence that values of each of the one or more inputs have on at least one output dependent on the one or more inputs, and determining based, at least in part, on the computed metrics associated with the one or more inputs of a more inputs whether the at least one output dependent on the one or more inputs is part of a potentially malicious implementation.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media, and other implementations, including a method that includes generating for a code segment of a first process an instruction dependency graph representative of behavior of the first process, obtaining respective one or more instruction dependency graphs representative of behaviors of code segments for one or more other processes, and determining, based on the first instruction dependency graph for the first process and the respective one or more instruction dependency graphs for the one or more other processes, a level of similarity between the first process and at least one of the one or more other processes.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes identifying a process to obtain timing information of a processor-based device, and in response to identifying the process to obtain the timing information, delaying delivery of the timing information for a time-delay period. In some embodiments, identifying the process to obtain the timing information may include identifying a request to obtain the timing information of the processor-based device. In some embodiments, identifying the process to obtain the timing information may include identifying a memory-access process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes causing at least one reset for one or more components of a cyber-physical system, the cyber-physical system including a mechanical apparatus with at least one of a mechanical input or a mechanical output, and at least one controller to control operations of at least one of the mechanical apparatus and inhibit computing-based attacks on the cyber-physical system. The method further includes determining, upon resumption of operation of the cyber-physical system following the at least one reset, a post-reset state of the one or more components of the cyber-physical system based, at least in part, on mechanical attributes of the mechanical apparatus following the at least one reset resulting from inertia of the mechanical apparatus during the at least one reset.

Abstract: Method for providing precise microprocessor performance counter readings including detecting a swap back to a monitored process executing in a microprocessor. In response to the detected swap back to the monitored process, if the value read from the performance counter does not exceed the defined overflow threshold, the value of the performance counter stored in the first memory location is restored to the performance counter. If the value read from the performance counter exceeds the defined overflow threshold, the performance counter is set to zero and the value of the performance counter stored in the first memory location is used to increment an overflow memory location. If the value read from the performance counter exceeds the defined overflow threshold, at least one performance counter reading instruction is detected and in response to the detected at least one performance counter reading instruction, setting the counter output register to zero.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes triggering a beacon circuit combined with a hardware-based protection module, included within a hardware device, the hardware-based protection module configured to provide protection against malicious implementations within the hardware device, with the beacon circuit being configured to provide a beacon output when triggered. The method further includes determining based on the beacon output provided by the triggered beacon circuit whether the hardware device includes at least one malicious implementation.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining hardware-based micro-architectural data, including hardware-based micro-architectural counter data, for a hardware device executing one or more processes, and determining based, at least in part, on the hardware-based micro-architectural data whether at least one of the one or more processes executing on the hardware device corresponds to a malicious process. In some embodiments, determining based on the hardware-based micro-architectural data whether the at least one of the one or more processes corresponds to a malicious process may include applying one or more machine-learning procedures to the hardware-based micro-architectural data to determine whether the at least one of the one or more processes corresponds to the malicious process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining current hardware performance data, including hardware performance counter data, for a hardware device executing a first process associated with pre-recorded hardware performance data representative of the first process' normal behavior, and determining whether a malicious process is affecting performance of the first process based on a determination of an extent of deviation of the obtained current hardware performance data corresponding to the first process from the pre-recorded hardware performance data representative of the normal behavior of the first process.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes receiving a block of information from non-processor memory at an interface between the non-processor memory and processor memory comprising two or more processor memory levels, determining whether the block of information received from the non-processor memory at the interface corresponds to encrypted instruction code, and decrypting the block of information at the interface between the non-processor memory and the processor memory for storage in one of the two or more levels of the processor memory in response to a determination that the received block of information corresponds to the encrypted instruction code. The block of information is stored at the one of the two or more levels of the processor memory without being decrypted when the received block of information is determined to correspond to data.

Abstract: Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

Abstract: Disclosed are devices, systems, apparatus, methods, products, media, and other implementations, including a method that includes computing for one or more inputs of a circuit associated metrics representative of degree of influence that values of each of the one or more inputs have on at least one output dependent on the one or more inputs, and determining based, at least in part, on the computed metrics associated with the one or more inputs of a more inputs whether the at least one output dependent on the one or more inputs is part of a potentially malicious implementation.

Abstract: Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

Abstract: Systems and methods for detecting design-level attacks against a digital circuit which includes various functional units. A target unit is selected from among the functional units for monitoring and a predictor unit is arranged to receive events before they reach the target unit. A reactor unit is selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit. A monitor unit is arranged to receive predicted event messages from the predictor unit and actual event messages from the reactor unit. The monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.

Abstract: Methods for preventing activation of hardware backdoors installed in a digital circuit, the digital circuit comprising one or more hardware units to be protected. A timer is repeatedly initiated for a period less than a validation epoch, and the hardware units are reset upon expiration of the timer to prevent activation of a time-based backdoor. Data being sent to the hardware unit is encrypted in an encryption element to render it unrecognizable to a single-shot cheat code hardware backdoor present in the hardware unit. The instructions being sent to the hardware unit are reordered randomly or pseudo-randomly, with determined sequential restraints, using an reordering element, to render an activation instruction sequence embedded in the instructions unrecognizable to a sequence cheat code hardware backdoor present in the hardware unit.

Abstract: Disclosed are devices, systems, apparatus, methods, products, and other implementations, including a method that includes identifying a process to obtain timing information of a processor-based device, and in response to identifying the process to obtain the timing information, delaying delivery of the timing information for a time-delay period. In some embodiments, identifying the process to obtain the timing information may include identifying a request to obtain the timing information of the processor-based device. In some embodiments, identifying the process to obtain the timing information may include identifying a memory-access process.

Abstract: Method for providing precise microprocessor performance counter readings including detecting a swap back to a monitored process executing in a microprocessor. In response to the detected swap back to the monitored process, if the value read from the performance counter does not exceed the defined overflow threshold, the value of the performance counter stored in the first memory location is restored to the performance counter. If the value read from the performance counter exceeds the defined overflow threshold, the performance counter is set to zero and the value of the performance counter stored in the first memory location is used to increment an overflow memory location. If the value read from the performance counter exceeds the defined overflow threshold, at least one performance counter reading instruction is detected and in response to the detected at least one performance counter reading instruction, setting the counter output register to zero.

Abstract: Method for providing precise microprocessor performance counter readings including detecting a swap back to a monitored process executing in a microprocessor. In response to the detected swap back to the monitored process, if the value read from the performance counter does not exceed the defined overflow threshold, the value of the performance counter stored in the first memory location is restored to the performance counter. If the value read from the performance counter exceeds the defined overflow threshold, the performance counter is set to zero and the value of the performance counter stored in the first memory location is used to increment an overflow memory location. If the value read from the performance counter exceeds the defined overflow threshold, at least one performance counter reading instruction is detected and in response to the detected at least one performance counter reading instruction, setting the counter output register to zero.

Abstract: A method and processor for providing full load/store queue functionality to an unordered load/store queue for a processor with out-of-order execution. Load and store instructions are inserted in a load/store queue in execution order. Each entry in the load/store queue includes an identification corresponding to a program order. Conflict detection in such an unordered load/store queue may be performed by searching a first CAM for all addresses that are the same or overlap with the address of the load or store instruction to be executed. A further search may be performed in a second CAM to identify those entries that are associated with younger or older instructions with respect to the sequence number of the load or store instruction to be executed. The output results of the Address CAM and Age CAM are logically ANDed.

Abstract: Systems and methods for detecting design-level attacks against a digital circuit which includes various functional units. A target unit is selected from among the functional units for monitoring and a predictor unit is arranged to receive events before they reach the target unit. A reactor unit is selected from among the functional units of the digital circuit which are arranged to receive events after they pass through the target unit. A monitor unit is arranged to receive predicted event messages from the predictor unit and actual event messages from the reactor unit. The monitor unit is configured to indicate an alarm based on a comparison of the predicted event messages received from the predictor unit and the actual event messages received from the reactor unit.