Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

Abstract: Technologies for secure I/O include a compute device having a processor, a memory, an input/output (I/O) device, and a filter logic. The filter logic is configured to receive a first key identifier from the processor, wherein the first key identifier is indicative of a shared memory range includes a shared key identifier range to be used for untrusted I/O devices and receive a transaction from the I/O device, wherein the transaction includes a second key identifier and a trust device ID indicator associated with the I/O device. The filter logic is further configured to determine whether the transaction is asserted with the trust device ID indicator indicative of whether the I/O device is assigned to a trust domain and determine, in response to a determination that the transaction is not asserted with the trust device ID indicator, whether the second key identifier matches the first key identifier.

Abstract: In one embodiment, an application executing on a host node allocates a memory address of a remote node. The application selects, based at least in part on device capability information for the host and remote nodes, one of the host node or the remote node to encrypt application data, and configures the selected node to encrypt the application data based on a key and a pointer to the memory address of the remote node.

Abstract: Systems, methods, and apparatuses for implementing input/output extensions for trust domains are described. In one example, a hardware processor includes a hardware processor core comprising a trust domain manager to manage one or more hardware isolated virtual machines as a respective trust domain with a region of protected memory, and input/output memory management unit (IOMMU) circuitry coupled between the hardware processor core and an input/output device, wherein the IOMMU circuitry is to, for a request from the input/output device for a direct memory access of a protected memory of a trust domain, allow the direct memory access in response to a field in the request being set to indicate the input/output device is in a trusted computing base of the trust domain.

Abstract: Embodiments of methods and apparatuses for restricted speculative execution are disclosed. In an embodiment, a processor includes configuration storage, an execution circuit, and a controller. The configuration storage is to store an indicator to enable a restricted speculative execution mode of operation of the processor, wherein the processor is to restrict speculative execution when operating in restricted speculative execution mode. The execution circuit is to perform speculative execution. The controller to restrict speculative execution by the execution circuit when the restricted speculative execution mode is enabled.

Abstract: Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

Abstract: Apparatus and method for role-based register protection. For example, one embodiment of an apparatus comprises: one or more processor cores to execute instructions and process data, the one or more processor cores to execute one or more security instructions to protect a virtual machine or trusted application from a virtual machine monitor (VMM) or operating system (OS); an interconnect fabric to couple the one or more processor cores to a device; and security hardware logic to determine whether to allow a read or write transaction directed to a protected register to proceed over the interconnect fabric, the security hardware logic to evaluate one or more security attributes associated with an initiator of the transaction to make the determination.

Abstract: Systems, methods, and apparatuses relating to performing an attachment of an input-output memory management unit (IOMMU) to a device, and a verification of the attachment. In one embodiment, a protocol and IOMMU extensions are used by a secure arbitration mode (SEAM) module and/or circuitry to determine if the IOMMU that is attached to the device requested to be mapped to a trusted domain.

Abstract: Systems, apparatuses, methods, and computer-readable media are provided for device interface management. A device includes a device interface, a virtual machine (VM) includes a device driver, both to facilitate assignment of the device to the VM, access of the device by the VM, or removal of the device from being assigned to the VM. The VM is managed by a hypervisor of a computing platform coupled to the device by a computer bus. The device interface includes logic in support of a device management protocol to place the device interface in an unlocked state, a locked state to prevent changes to be made to the device interface, or an operational state to enable access to device registers of the device by the VM or direct memory access to memory address spaces of the VM, or an error state. Other embodiments may be described and/or claimed.

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modem data central processor units (CPUs).

Abstract: An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.

Abstract: A processor, a system, a machine readable medium, and a method.

Abstract: An apparatus to facilitate security of a shared memory resource is disclosed. The apparatus includes a memory device to store memory data, wherein the memory device comprises a plurality of private memory pages associated with one or more trusted domains and a cryptographic engine to encrypt and decrypt the memory data, including a key encryption table having a key identifier associated with each trusted domain to access a private memory page, wherein a first key identifier is generated to perform direct memory access (DMA) transfers for each of a plurality of input/output (I/O) devices.

Abstract: The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed for anomalous memory access pattern detection for translational lookaside buffers. An example apparatus includes a communication interface to retrieve a first eviction data set from a translational lookaside buffer associated with a central processing unit; a machine learning engine to: generate an anomaly detection model based upon at least one of a second eviction data set not including an anomaly and a third eviction data set including the anomaly; and determine whether the anomaly is present in the first eviction data set based on the anomaly detection model; and an alert generator to at least one of modify a bit value or terminate memory access operations when the anomaly is determined to be present.

Abstract: Technologies for secure device configuration and management include a computing device having an I/O device. A trusted agent of the computing device is trusted by a virtual machine monitor of the computing device. The trusted agent securely commands the I/O device to enter a trusted I/O mode, securely commands the I/O device to set a global lock on configuration registers, receives configuration data from the I/O device, and provides the configuration data to a trusted execution environment. In the trusted I/O mode, the I/O device rejects a configuration command if a configuration register associated with the configuration command is locked and the configuration command is not received from the trusted agent. The trusted agent may provide attestation information to the trusted execution environment. The trusted execution environment may verify the configuration data and the attestation information. Other embodiments are described and claimed.

Abstract: Examples include an apparatus which accesses secure pages in a trust domain using secure lookups in first and second sets of page tables. For example, one embodiment of the processor comprises: a decoder to decode a plurality of instructions including instructions related to a trusted domain; execution circuitry to execute a first one or more of the instructions to establish a first trusted domain using a first trusted domain key, the trusted domain key to be used to encrypt memory pages within the first trusted domain; and the execution circuitry to execute a second one or more of the instructions to associate a first process address space identifier (PASID) with the first trusted domain, the first PASID to uniquely identify a first execution context associated with the first trusted domain.

Abstract: Detailed herein are embodiments utilizing a cryptographically authenticated address bus (CAAB) protection that uses an intelligent memory design to prevent attacks on the address bus without detection and eliminate the memory bus as an observability surface for an attacker to do access pattern analysis. Embodiments detailed herein describe an intelligent memory module which has cryptographic capabilities. In some embodiments, a memory controller and an intelligent memory module exchange a key and using this key, the address (on the address bus) is encrypted and integrity protected using authenticated counter mode encryption. The memory controller on receiving a read or a write request encrypts the address (e.g., using pre-generated encrypted counters to minimize cryptographic overheads). A message authentication code (MAC) also gets generated along with the encrypted address to be able to detect modification to the encrypted address.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and branch circuitry coupled to the decode circuitry. The decode circuitry is to decode a branch hardening instruction to mitigate vulnerability to a speculative execution attack. The branch circuitry is to be hardened in response to the branch hardening instruction.

Abstract: Embodiments for dynamically mitigating speculation vulnerabilities are disclosed. In an embodiment, an apparatus includes decode circuitry and execution circuitry coupled to the decode circuitry. The decode circuitry is to decode a register hardening instruction to mitigate vulnerability to a speculative execution attack. The execution circuitry is to be hardened in response to the register hardening instruction.