Abstract: The disclosed systems, structures, and methods are directed to a computer system including a PCIe protection controller as a part of a PCIe root complex that includes at least one root port. Each root port is configured to optionally connect to at least one endpoint device, and each endpoint device is designated as a secure endpoint device or a nonsecure endpoint device. The PCIe protection controller is configured to control outbound traffic to protect secure endpoint devices from access from any nonsecure components of the computer system. The PCIe protection controller may be further configured to control inbound traffic to prevent access to secure memory by nonsecure endpoint devices. The PCIe protection controller may be dynamically configured at runtime to designate endpoint devices as either secure or nonsecure.

Abstract: The disclosed systems, structures, and methods are directed to a computer system including a PCIe protection controller as a part of a PCIe root complex that includes at least one root port. Each root port is configured to optionally connect to at least one endpoint device, and each endpoint device is designated as a secure endpoint device or a nonsecure endpoint device. The PCIe protection controller is configured to control outbound traffic to protect secure endpoint devices from access from any nonsecure components of the computer system. The PCIe protection controller may be further configured to control inbound traffic to prevent access to secure memory by nonsecure endpoint devices. The PCIe protection controller may be dynamically configured at runtime to designate endpoint devices as either secure or nonsecure.

Abstract: A method for executing a machine learning (ML) application in a computing environment includes receiving a secret from a trusted execution environment (TEE) of a user computing device into a TEE of a server. The user computing device is authenticated by an identity and access management service. The TEE validates the secret against a time-limited token. The method further receives from a TEE of a model release tool a model encryption key bound to the ML application. The method receives into the TEE of the server, an ML model of the ML applications encrypted with the MEK. The method decrypts using the MEK the ML model. The method receives into the TEE of the server the ML application and a descriptor of the ML application encrypted by a cryptographic key derived from the secret. The method executes the ML application using the ML model and the descriptor.