Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: A processing system comprising one or more chips, each comprising a plurality of tiles is described. Each tile comprises a respective processing unit and memory, the memory storing a codelet. The processing system has at least one encryption unit configured to encrypt and decrypt data transferred between the tiles and a trusted computing entity via an external computing device. The codelets are configured to instruct the tiles to transfer the encrypted data by reading from and writing to a plurality of memory regions at the external memory such that a plurality of streams of encrypted data are formed, each stream using an individual one of the memory regions at the external computing device.

Abstract: In various examples there is a computer-implemented method of database construction. The method comprises storing a knowledge graph comprising nodes connected by edges, each node representing a topic. Accessing a topic type hierarchy comprising a plurality of types of topics, the topic type hierarchy having been computed from a corpus of text documents. One or more text documents are accessed and the method involves labelling a plurality of the nodes with one or more labels, each label denoting a topic type from the topic type hierarchy, by, using a deep language model; or for an individual one of the nodes representing a given topic, searching the accessed text documents for matches to at least one template, the template being a sequence of words and containing the given topic and a placeholder for a topic type; and storing the knowledge graph comprising the plurality of labelled nodes.

Abstract: In various examples there is a computer-implemented method of database construction. The method comprises storing a knowledge graph comprising nodes connected by edges, each node representing a topic. Accessing a topic type hierarchy comprising a plurality of types of topics, the topic type hierarchy having been computed from a corpus of text documents. One or more text documents are accessed and the method involves labelling a plurality of the nodes with one or more labels, each label denoting a topic type from the topic type hierarchy, by, using a deep language model; or for an individual one of the nodes representing a given topic, searching the accessed text documents for matches to at least one template, the template being a sequence of words and containing the given topic and a placeholder for a topic type; and storing the knowledge graph comprising the plurality of labelled nodes.

Abstract: A computer system has a separation mechanism which enforces separation between at least two execution environments such that one execution environment is a gatekeeper which interposes on all communications of the other execution environment. The computer system has an attestation mechanism which enables the gatekeeper to attest to properties of the at least two execution environments. A first one of the execution environments runs application specific code which may contain security vulnerabilities. The gatekeeper is configured to enforce an input output policy on the first execution environment by interposing on all communication to and from the first execution environment by forwarding, modifying or dropping individual ones of the communications according to the policy. The gatekeeper provides evidence of attestation both for the application specific code and the policy.

Abstract: A neural network training apparatus is described which has a network of worker nodes each having a memory storing a subgraph of a neural network to be trained. The apparatus has a control node connected to the network of worker nodes. The control node is configured to send training data instances into the network to trigger parallelized message passing operations which implement a training algorithm which trains the neural network. At least some of the message passing operations asynchronously update parameters of individual subgraphs of the neural network at the individual worker nodes.

Abstract: A neural network training apparatus is described which has a network of worker nodes each having a memory storing a subgraph of a neural network to be trained. The apparatus has a control node connected to the network of worker nodes. The control node is configured to send training data instances into the network to trigger parallelized message passing operations which implement a training algorithm which trains the neural network. At least some of the message passing operations asynchronously update parameters of individual subgraphs of the neural network at the individual worker nodes.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: A computer system has a separation mechanism which enforces separation between at least two execution environments such that one execution environment is a gatekeeper which interposes on all communications of the other execution environment. The computer system has an attestation mechanism which enables the gatekeeper to attest to properties of the at least two execution environments. A first one of the execution environments runs application specific code which may contain security vulnerabilities. The gatekeeper is configured to enforce an input output policy on the first execution environment by interposing on all communication to and from the first execution environment by forwarding, modifying or dropping individual ones of the communications according to the policy. The gatekeeper provides evidence of attestation both for the application specific code and the policy.

Abstract: A peripheral device, for use with a host, comprises one or more compute elements a security module and at least one encryption unit. The security module is configured to form a trusted execution environment on the peripheral device for processing sensitive data using sensitive code. The sensitive data and sensitive code are provided by a trusted computing entity which is in communication with the host computing device. The at least one encryption unit is configured to encrypt and decrypt data transferred between the trusted execution environment and the trusted computing entity via the host computing device. The security module is configured to compute and send an attestation to the trusted computing entity to attest that the sensitive code is in the trusted execution environment.

Abstract: In various examples there is a knowledge base construction and/or maintenance system for use with a probabilistic knowledge base. The system has a probabilistic generative model comprising a process for generating text or other formatted data from the knowledge base. The system has an inference component configured to generate inference results, by carrying out inference using inference algorithms, run on the probabilistic generative model, in either a forward direction whereby text or other formatted data is generated, or a reverse direction whereby text or other formatted data is observed and at least one unobserved variable of the probabilistic generative model is inferred. The inference component is configured to update the knowledge base using at least some of the inference results.

Abstract: A neural network training apparatus is described which has a network of worker nodes each having a memory storing a subgraph of a neural network to be trained. The apparatus has a control node connected to the network of worker nodes. The control node is configured to send training data instances into the network to trigger parallelized message passing operations which implement a training algorithm which trains the neural network. At least some of the message passing operations asynchronously update parameters of individual subgraphs of the neural network at the individual worker nodes.