Abstract: In one embodiment, the present invention includes a method for receiving incoming data in a processor and performing a checksum operation on the incoming data in the processor pursuant to a user-level instruction for the checksum operation. For example, a cyclic redundancy checksum may be computed in the processor itself responsive to the user-level instruction. Other embodiments are described and claimed.

Abstract: In one embodiment, a method for implementing a bit-length parameterizable cipher includes obtaining a bit-length parameter indicating a number of plaintext bits to encrypt. The method also includes obtaining a set of plaintext bits and a set of key bits, wherein lengths of the set of key bits and the set of plaintext bits are equal to the bit-length parameter. The method further includes performing a sequence of logical operations on the set of plaintext bits and on the set of key bits to yield a ciphertext. The sequence of logical operations includes a plurality of AND operations and a plurality of XOR operations, with each of the operations being performed on at least one plaintext bit and at least one key bit.

Abstract: A method comprising executing, by a core of a processor, a first instruction requesting access to a parameter associated with data for storage in a main memory coupled to the processor, the first instruction including a reference to the parameter, a reference to a wrapping key, and a reference to an encrypted encryption key, wherein execution of the first instruction comprises decrypting the encrypted encryption key using the wrapping key to generate a decrypted encryption key; requesting transfer of the data between the main memory and the processor core; and performing a cryptographic operation on the parameter using the decrypted encryption key.

Abstract: In one embodiment, a processor of a cryptographic computing system includes data cache units storing encrypted data and circuitry coupled to the data cache units. The circuitry accesses a sequence of cryptographic-based instructions to execute based on the encrypted data, decrypts the encrypted data based on a first pointer value, executes the cryptographic-based instruction using the decrypted data, encrypts a result of the execution of the cryptographic-based instruction based on a second pointer value, and stores the encrypted result in the data cache units. In some embodiments, the circuitry generates, for each cryptographic-based instruction, at least one encryption-based microoperation and at least one non-encryption-based microoperation. The circuitry also schedules the at least one encryption-based microoperation and the at least one non-encryption-based microoperation for execution based on timings of the encryption-based microoperation.

Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.

Abstract: In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

Abstract: Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Abstract: Systems and methods for memory isolation are provided. The methods include receiving a request to write a data line to a physical memory address, where the physical memory address includes a key identifier, selecting an encryption key from a key table based on the key identifier of the physical memory address, determining whether the data line is compressible, compressing the data line to generate a compressed line in response to determining that the data line is compressible, where the compressed line includes compression metadata and compressed data, adding encryption metadata to the compressed line, where the encryption metadata is indicative of the encryption key, encrypting a part of the compressed line with the encryption key to generate an encrypted line in response to adding the encryption metadata, and writing the encrypted line to a memory device at the physical memory address. Other embodiments are described and claimed.

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

Abstract: In one embodiment, the present invention includes a method for receiving incoming data in a processor and performing a checksum operation on the incoming data in the processor pursuant to a user-level instruction for the checksum operation. For example, a cyclic redundancy checksum may be computed in the processor itself responsive to the user-level instruction. Other embodiments are described and claimed.

Abstract: Embodiments of apparatus, method, and storage medium associated with multi-stage memory integrity for securing/protecting memory content are described herein. In some embodiments, an apparatus may include multiple stages having respective encryption engines to encrypt data in response to a write or restore operation; wherein the encryption engines are to successively encrypt the data in a plurality of encryption stages using a plurality of tweaks based on a plurality of selectors of different types {s1, s2, . . . }. In embodiments, the multiple stages may further comprise one or more decryption engines to partially, fully, or pseudo decrypt the plural encrypted data, in response to a read, move or copy operation; wherein the one or more decryption engines are to partially, fully, or pseudo decrypt the plural encrypted data in one or more decryption stages using one or more tweaks based on a subset of the selectors of different types {s1, s2, . . . }.

Abstract: Technologies for dynamic performance of image analysis are disclosed. When a camera captures one or more images, context data such as data indicative of motion of the camera is captured as well. The context data is used to determine an image analysis parameter for an image analysis procedure to be performed on the one or more images. The image analysis parameter may dictate which image analysis procedure is to be performed and/or provide input to the image analysis procedure.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Abstract: Methods, apparatus, and system to analyze a memory integrity violation and determine whether its cause was hardware or software based.

Abstract: Image de-noising is described using an equalized gradient space. In one example, a method of de-noising an image includes determining an intensity gradient magnitude for an image, determining blurring radii for a plurality of pixels of the image using the intensity gradient, and blurring the image at each of the plurality of pixels using the blurring radii.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.

Abstract: A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers.