Abstract: Provided is a compound of Formula (I): wherein the variable groups are defined herein.

Abstract: Provided are systems and methods for generating a resultant dynamic dataset are provided. The method comprises receiving a first data stream of a first data layer associated with locations included as part of an external environment, receiving a second data stream of a second data layer, generating a first dynamic dataset from the first data stream as corresponding to the locations and a second dynamic dataset from the second data stream as corresponding to the locations, generating an output corresponding to a resultant dynamic dataset that is based on the first dynamic dataset and the second dynamic dataset, the generating of the output including associating at least one value from the first dynamic dataset and at least one value from the second dynamic dataset with at least one of the locations, and providing the output corresponding to the resultant dynamic dataset, the providing including displaying, storing, processing, and/or transmitting.

Abstract: The present disclosure relates to cell cultured adipose tissue. In one embodiment, the cultured adipose tissue is produced by culturing adipose cells in a culture media in vitro, harvesting the adipose cells after a desired amount of adipose cells are produced, and aggregating the harvested adipose cells to provide the cultured adipose tissue. In some embodiments, aggregating the harvested adipose cells comprises mixing the harvested adipose cells with a hydrogel or binder in a three-dimensional (3D) mold. In other embodiments, aggregating the harvested adipose cells comprises cross-linking the harvested adipose cells in a 3D mold. The cultured adipose tissue have a defined 3D shape and a size on the macroscale. In some embodiments, the cultured adipose tissue may be a food product.

Abstract: A processor includes a virtual machine manager (VMM) configured to map a guest process address space identifier (PASID) associated with a virtual machine (VM) to a host PASID associated with a host machine of the VM. The processor further includes a processor core configured to maintain, responsive to the guest PASID being mapped to the host PASID, an entry in a PASID reverse mapping table (PMP) including one or more security attributes associated with the host PASID.

Abstract: There is set forth herein obtaining data traffic monitoring data, the data traffic monitoring data being in dependence on monitoring of traffic received by a container of a protected computing environment; obtaining data traffic monitoring data, the data traffic monitoring data being in dependence on monitoring of traffic received by a processing resource of a computing environment; obtaining a state of the processing resource and provisioning a utility processing resource to include the state of the processing resource; and configuring the computing environment to route data traffic to the utility processing resource.

Abstract: A processor configured to execute one or more virtual machines (VMs) includes an input-output memory management unit (IOMMU) configured to handle memory-mapped input-output (MMIO) requests and direct memory access (DMA) requests from a processor core of the processor or one or more input/output (I/O) devices. In response to receiving an MMIO or DMA request, the IOMMU is configured to determine a VM associated with the request. The IOMMU then checks a security indicator field of an address space identifier (ASID) mask table to determine if the VM was previously the target of an attack by a malicious entity. In response to the VM previously being a target of an attack, the IOMMU denies the received MMIO or DMA request.

Abstract: A processor includes a security processor and an input-output memory management unit (IOMMU). The security processor is configured to maintain device control information in a secure data structure and prevent a hypervisor from accessing the secure data structure. The IOMMU is configured to process at least one device request targeting a virtual machine from an input/output device based on the secure data structure.

Abstract: Flexible elongate devices and methods include an articulable body portion and a control structure attached with one or more pull wires that control articulation of the articulable body portion. The control structure includes a metallic material that defines a sealing surface functionalized by a primer. A polymer material disposed onto the sealing surface of the control structure creates a seal between the control structure and polymer material. Flexible elongate devices and methods also include a control structure and a pull wire configured to control articulation of the flexible elongate device. The control structure includes a plurality of control segments stacked along a longitudinal axis, where each of the control segments define a pull wire aperture, where pull wire apertures of adjacent control segments are offset relative to one another, such that a portion of the pull wire extending through the pull wire apertures has a non-linear shape.

Abstract: Systems and devices for cooling and dispensing a beverage fluid are disclosed herein. One beverage dispensing system includes a beverage tower comprising a tower body, a shank, and a faucet. In some implementations, a coolant line is routed proximal to a beverage supply line through the tower body, through the shank, and into the faucet. In these and other implementations, the faucet includes a removable nozzle having a supplemental portion of the coolant line. In these and still other implementations, the faucet include a removable nozzle having a second coolant line. The coolant line and the second coolant line are configured to transport a coolant medium proximal to a beverage fluid in the beverage supply line to maintain or adjust the temperature of the beverage fluid. Many other features are described herein.

Abstract: Provided is a compound of Formula (I): wherein the variable groups are defined herein.

Abstract: A processing system includes a memory configured to store encrypted information representing state and control information for a guest virtual machine. The processing system further includes a processor configured to selectively reserve exclusive use of a set of performance monitoring counters by the guest virtual machine during execution of the guest virtual machine based on a state of a first control field accessed from the encrypted information for the guest virtual machine. The processor further is configured to permit or deny use of the set of performance monitoring counters by the guest virtual machine based on a state of a second control field set by a hypervisor and accessed from the decryption of the encrypted information for the guest virtual machine accessed from the memory.

Abstract: A processor supports programmable control, by a trusted layer of a virtual machine (VM), of the interception of events at the processor. The trusted layer of the VM programs security control information (e.g., a control register or other control structure) that designates particular events that are to be intercepted when triggered by another layer of the VM. In response to detecting a designated event, system hardware intercepts the event, rather than executing the event. The VM is thereby able to protect confidential information and program behavior without relying on a hypervisor, thus improving overall system security.

Abstract: A processor supports managing DMA accesses, in secure fashion, at an IOMMU. The IOMMU is configured to ensure that, for a given DMA request issued by an I/O device and associated with a particular executing VM, the device is bound to the VM according to a specified security registration process, and the request is targeted to a region of memory that has been assigned to the VM. The IOMMU thus prevents a malicious entity from accessing confidential information of a VM via DMA requests.

Abstract: A computing device comprises a processor, a table walker, and a memory storing a segmented reverse map table in multiple non-contiguous portions of the memory. The table walker is configured to translate a virtual memory address specified by a memory access request to a physical memory address associated with the virtual memory address; and provide a requester associated with the memory access request with access to the associated physical memory address in response to an indication at the reverse map table that the requester is authorized to access the associated physical memory address.

Abstract: Techniques for implementing programmable control by a guest virtual machine (VM) of interrupts at a processing system using a guest owned backing page are disclosed. The VM programs a guest owned backing page (e.g., a data structure in memory) that designates particular interrupts that are to be blocked. In response to detecting a designated interrupt, system hardware or software blocks the interrupt, rather than executing an interrupt handler to process the interrupt. The VM is thereby able to protect confidential information and program behavior with less risk of a malicious hypervisor failing to protect the VM from, e.g., unexpected or unwanted interrupts, thereby improving overall system security and predictability.

Abstract: A processor manages memory-mapped input/output (MMIO) accesses, in secure fashion, at an input/output memory management unit (IOMMU). The processor is configured to ensure that, for a given MMIO request issued by a processor core and associated with a particular executing VM, the request is targeted to a MMIO address that has been assigned to the VM by a security module (e.g., a security co-processor). The processor thus prevents a malicious entity from accessing confidential information of a VM via MMIO requests.

Abstract: A security module of a processor manages the lifecycle of devices interfaces of input/output (I/O) devices within a virtualization environment in a secure and trusted manner. For example, the security module is configured to bind a device interface of an I/O device interface to a virtual machine (VM). Responsive to the device interface being bound, the security module is configured to attest at least one of the device interface and the I/O device. Responsive to the at least one of the device interface or the I/O device being attested, the security module is configured to configure an input-output memory management unit (IOMMU) and memory resources associated with the VM.

Abstract: An electronic device includes a memory and controller circuitry. The controller circuitry, responsive to a read request to read encrypted data stored in the memory, acquires, from metadata stored with the encrypted data in the memory, an ownership identifier identifying a type of writing entity that stored the encrypted data in the memory. The controller circuitry uses the ownership identifier to control whether, when responding to the read request, data decrypted from the encrypted data is returned or substitute data is returned instead of data decrypted from the encrypted data.

Abstract: A processing system receives graph object data and graph object metadata. The processing system stores the graph object metadata inline with the graph object data. The graph object metadata indicates access permissions for corresponding graph objects. Because the graph object metadata is stored inline with the graph object data, the graph object metadata is more easily retrieved and fewer system resources are consumed to determine access permissions of a requester as compared to a system where graph object metadata is stored separately from the graph object data.

Abstract: A processing system executing a virtual machine (VM) in a confidential computing environment selectively randomizes the values of registers before the register values are encrypted to ciphertext and written to a secure region of memory upon the VM exiting execution at a processor of the processing system. When the VM later resumes executing at the processor, the processor de-randomizes the register values. By randomizing the register values, the processor obfuscates the register values from a hypervisor or physical attack, thereby protecting against side channel attacks on the encrypted ciphertext.