Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with another cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a primary cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the primary cache. The victim cache is accessed using an independently randomized mapping. Subsequently, a request to access the first line results in a search of the victim cache and the primary cache. Based on the search, the first line is evicted from the victim cache, and reinserted in the primary cache. In another embodiment, reinsertion of the first line in the primary cache includes the first line and a third line being swapped between the primary cache and the victim cache.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a decode circuitry and store circuitry coupled to the decode circuitry. The decode circuitry is to decode a store hardening instruction to mitigate vulnerability to a speculative execution attack. The store circuitry is to be hardened in response to the store hardening instruction.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes a hybrid key generator and memory protection hardware. The hybrid key generator is to generate a hybrid key based on a public key and multiple process identifiers. Each of the process identifiers corresponds to one or more memory spaces in a memory. The memory protection hardware is to use the first hybrid key to protect to the memory spaces.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a single instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the single instruction.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and load circuitry coupled to the decode circuitry. The decode circuitry is to decode a load hardening instruction to mitigate vulnerability to a speculative execution attack. The load circuitry is to be hardened in response to the load hardening instruction.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a register hardening instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the register hardening instruction.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.

Abstract: Techniques and mechanisms for a victim cache to operate in conjunction with a skewed cache to help mitigate the risk of a side-channel attack. In an embodiment, a first line is evicted from a skewed cache, and moved to a victim cache, based on a message indicating that a second line is to be stored to the skewed cache. Subsequently, a request to access the first line results in a search of both the victim cache and sets of the skewed cache which have been mapped to an address corresponding to the first line. Based on the search, the first line is evicted from the victim cache, and reinserted in the skewed cache. In another embodiment, reinsertion of the first line in the skewed cache includes the first line and a third line being swapped between the skewed cache and the victim cache.

Abstract: In one embodiment, a processor includes: a decode circuit to decode a load instruction that is to load an operand to a destination register, the decode circuit to generate at least one fencing micro-operation (?op) associated with the destination register; and a scheduler circuit coupled to the decode circuit. The scheduler circuit is to prevent speculative execution of one or more instructions that consume the operand in response to the at least one fencing ?op. Other embodiments are described and claimed.

Abstract: A method comprises receiving an instruction to resume operations of an enclave in a cloud computing environment and generating a pseud-random time delay before resuming operations of the enclave in the cloud computing environment.

Abstract: An apparatus and method for non-speculative resource deallocation.

Abstract: Systems, apparatuses and methods provide for technology that determines that first data associated with a first security domain is to be stored in a first permutated cache set, where the first permuted cache set is identified based on a permutation function that permutes at least one of a plurality of first cache indexes. The technology further determines that second data associated with a second security domain is to be stored in a second permutated cache set, where the second permuted cache set is identified based on the permutation function. The second permutated cache set may intersect the first permutated cache set at one data cache line to cause an eviction of first data associated with the first security domain from the one data cache line and bypass eviction of data associated with the first security domain from at least one other data cache line of the first permuted cache set.