Abstract: A system for security health monitoring and attestation of virtual machines in cloud computing systems is provided. The system includes a cloud server having a virtual machine and a hypervisor. The cloud server collects security measurement information and signs and hashes the security measurement information using a cryptography engine. The system also includes an attestation server for receiving the hashed security measurement information from the cloud server. The attestation server also verifies the signature and hash values, and interprets the security measurement information. The attestation server generates an attestation report based on the verification and interpretation of the security measurement information.

Abstract: A method, apparatus and system for anomaly detection in a processor based system includes training a deep learning sequence prediction model using observed baseline behavioral sequences of at least one processor behavior of the processor based system, predicting baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model, determining a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences, predicting test behavioral sequences from observed, test behavioral sequences using the sequence prediction model, determining a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences, and comparing the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system.

Abstract: Systems and methods for random fill caching and prefetching for secure cache memories are provided. The system dynamically de-correlates fetching a cache line to the processor from filling the cache with this cache line, due to a demand memory access, in order to provide greater security from information leakage due to cache side-channel attacks on cache memories. The system includes a random fill engine which includes a random number generator and an adjustable random fill window. Also provided is an adaptive random fill caching system which dynamically adapts the random fill window to a wide variety of computational workloads. Systems and methods for cache prefetching to improve system performance using adaptive random fill prefetching and random fill prefetching are also provided.

Abstract: Systems and methods for random fill caching and prefetching for secure cache memories are provided. The system dynamically de-correlates fetching a cache line to the processor from filling the cache with this cache line, due to a demand memory access, in order to provide greater security from information leakage due to cache side-channel attacks on cache memories. The system includes a random fill engine which includes a random number generator and an adjustable random fill window. Also provided is an adaptive random fill caching system which dynamically adapts the random fill window to a wide variety of computational workloads. Systems and methods for cache prefetching to improve system performance using adaptive random fill prefetching and random fill prefetching are also provided.

Abstract: A system for security health monitoring and attestation of virtual machines in cloud computing systems is provided. The system includes a cloud server having a virtual machine and a hypervisor. The cloud server collects security measurement information and signs and hashes the security measurement information using a cryptography engine. The system also includes an attestation server for receiving the hashed security measurement information from the cloud server. The attestation server also verifies the signature and hash values, and interprets the security measurement information. The attestation server generates an attestation report based on the verification and interpretation of the security measurement information.

Abstract: Disclosed is a system comprising a physical memory, a processor and a software component. The software component includes a policy/domain handler for receiving data and a policy associated with the data; a hypervisor; and a file management module. The file management module receives a request from a third-party application to interact with a data file containing the data; sends an authorization and tag request to the policy/domain handler to check if the user and application are permitted to access the data, and if permitted, to generate hardware tags for the data file; and sends a secure data request to the hypervisor to create a secure data compartment for the data file and the hardware tags. Based on the authorization and tag request, and the security policy associated with the data, the policy/domain handler generates the hardware tags for the data file.

Abstract: A method, apparatus and system for anomaly detection in a processor based system includes training a deep learning sequence prediction model using observed baseline behavioral sequences of at least one processor behavior of the processor based system, predicting baseline behavioral sequences from the observed baseline behavioral sequences using the sequence prediction model, determining a baseline reconstruction error distribution profile using the baseline behavioral sequences and the predicted baseline behavioral sequences, predicting test behavioral sequences from observed, test behavioral sequences using the sequence prediction model, determining a testing reconstruction error distribution profile using the observed test behavioral sequences and the predicted test behavioral sequences, and comparing the baseline reconstruction error distribution profile to the testing reconstruction error distribution profile to determine if an anomaly exists in a processor behavior of the processor based system.

Abstract: A system for security health monitoring and attestation of virtual machines in cloud computing systems is provided. The system includes a cloud server having a virtual machine and a hypervisor. The cloud server collects security measurement information and signs and hashes the security measurement information using a cryptography engine. The system also includes an attestation server for receiving the hashed security measurement information from the cloud server. The attestation server also verifies the signature and hash values, and interprets the security measurement information. The attestation server generates an attestation report based on the verification and interpretation of the security measurement information.

Abstract: Disclosed is a system comprising a physical memory, a processor and a software component. The software component includes a policy/domain handler for receiving data and a policy associated with the data; a hypervisor; and a file management module. The file management module receives a request from a third-party application to interact with a data file containing the data; sends an authorization and tag request to the policy/domain handler to check if the user and application are permitted to access the data, and if permitted, to generate hardware tags for the data file; and sends a secure data request to the hypervisor to create a secure data compartment for the data file and the hardware tags. Based on the authorization and tag request, and the security policy associated with the data, the policy/domain handler generates the hardware tags for the data file.

Abstract: Disclosed is a system comprising a physical memory, a processor and a software component. The software component includes a policy/domain handler for receiving data and a policy associated with the data; a hypervisor; and a file management module. The file management module receives a request from a third-party application to interact with a data file containing the data; sends an authorization and tag request to the policy/domain handler to check if the user and application are permitted to access the data, and if permitted, to generate hardware tags for the data file; and sends a secure data request to the hypervisor to create a secure data compartment for the data file and the hardware tags. Based on the authorization and tag request, and the security policy associated with the data, the policy/domain handler generates the hardware tags for the data file.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value.

Abstract: A cache memory having enhanced performance and security feature is provided. The cache memory includes a data array storing a plurality of data elements, a tag array storing a plurality of tags corresponding to the plurality of data elements, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the data elements, as well as enhanced performance. The address decoder receives a context identifier and a plurality of index bits of an address passed to the cache memory, and determines whether a matching value in a line number register exists. The line number registers allow for dynamic memory-to-cache mapping, and their contents can be modified as desired. Methods for accessing and replacing data in a cache memory are also provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value.

Abstract: A method and system capable of implicitly authenticating users based on information gathered from one or more sensors, which may be located in one or more devices, and an authentication model trained via a machine learning technique. Data is collected, manipulated, and assessed with the authentication model in order to determine if the user is authentic. A wide variety of sensors may be utilized, including sensors in smartphones, smartwatches, other wearable devices, and other sensors accessible via an internet of things (IoT) system. The method and system can include continuously testing the user's behavior patterns and environment characteristics, and allowing authentication without interrupting the user's other interactions with a given device or requiring explicit user input. The method and system may also involve the authentication model being retrained, or adaptively updated to include temporal changes in the user's patterns.

Abstract: A system for security health monitoring and attestation of virtual machines in cloud computing systems is provided. The system includes a cloud server having a virtual machine and a hypervisor. The cloud server collects security measurement information and signs and hashes the security measurement information using a cryptography engine. The system also includes an attestation server for receiving the hashed security measurement information from the cloud server. The attestation server also verifies the signature and hash values, and interprets the security measurement information. The attestation server generates an attestation report based on the verification and interpretation of the security measurement information.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event.

Abstract: Systems and methods for random fill caching and prefetching for secure cache memories are provided. The system dynamically de-correlates fetching a cache line to the processor from filling the cache with this cache line, due to a demand memory access, in order to provide greater security from information leakage due to cache side-channel attacks on cache memories. The system includes a random fill engine which includes a random number generator and an adjustable random fill window. Also provided is an adaptive random fill caching system which dynamically adapts the random fill window to a wide variety of computational workloads. Systems and methods for cache prefetching to improve system performance using adaptive random fill prefetching and random fill prefetching are also provided.

Abstract: A trust system and method is disclosed for use in computing devices, particularly portable devices, in which a central Authority shares secrets and sensitive data with users of the respective devices. The central Authority maintains control over how and when shared secrets and data are used. In one embodiment, the secrets and data are protected by hardware-rooted encryption and cryptographic hashing, and can be stored securely in untrusted storage. The problem of transient trust and revocation of data is reduced to that of secure key management and keeping a runtime check of the integrity of the secure storage areas containing these keys (and other secrets). These hardware-protected keys and other secrets can further protect the confidentiality and/or integrity of any amount of other information of arbitrary size (e.g., files, programs, data) by the use of strong encryption and/or keyed-hashing, respectively.

Abstract: A cache memory having enhanced performance and security feature is provided. The cache memory includes a data array storing a plurality of data elements, a tag array storing a plurality of tags corresponding to the plurality of data elements, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the data elements, as well as enhanced performance. The address decoder receives a context identifier and a plurality of index bits of an address passed to the cache memory, and determines whether a matching value in a line number register exists. The line number registers allow for dynamic memory-to-cache mapping, and their contents can be modified as desired. Methods for accessing and replacing data in a cache memory are also provided, wherein a plurality of index bits and a plurality of tag bits at the cache memory are received.