Abstract: A torsion balance is provided which includes a twisting wire and a reflector. The twisting wire is a suspended carbon nanotube. The reflector is hung on the twisting wire. The reflector further includes a film, a first reflecting layer, and a second reflecting layer; and the film includes a first surface and a second surface opposite to the first surface, and the first reflecting layer is located on the first surface and the second reflecting layer is located on the second surface.

Abstract: A system may use memory tagging for side-channel defense, memory safety, and sandboxing to reduce the likelihood of successful attacks. The system may include memory tagging circuitry to address existing and potential hardware and software architectures security vulnerabilities. The memory tagging circuitry may prevent memory pointers from being overwritten, prevent memory pointer manipulation (e.g., by adding values), and increase the granularity of memory tagging to include byte-level tagging in cache. The memory tagging circuitry may sandbox untrusted code by tagging portions of memory to indicate when the tagged portions of memory include contain a protected pointer. The memory tagging circuitry provides security features while enabling CPUs to continue using and benefiting from speculatively performing operations.

Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.

Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine if an access request (e.g., a read or write request) to a memory location would result in an integrity failure and, if so determined, read previous data from the memory location, set an indicator to indicate the integrity failure, and store the previous data together with the indicator and previous authentication information. Other embodiments are disclosed and claimed.

Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.

Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.

Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.

Abstract: An embodiment of a semiconductor package apparatus may include technology to identify a first encrypted memory alias corresponding to a first portion of memory based on a verification indicator, where the first portion is decryptable and readable by both a privileged component and an unprivileged component, and identify a second encrypted memory alias corresponding to a second portion of memory based on the verification indicator, where the second portion is accessible by only the unprivileged component. Other embodiments are disclosed and claimed.

Abstract: An embodiment of a semiconductor package apparatus may include technology to determine if an access request (e.g., a read or write request) to a memory location would result in an integrity failure and, if so determined, read previous data from the memory location, set an indicator to indicate the integrity failure, and store the previous data together with the indicator and previous authentication information. Other embodiments are disclosed and claimed.

Abstract: A system may use memory tagging for side-channel defense, memory safety, and sandboxing to reduce the likelihood of successful attacks. The system may include memory tagging circuitry to address existing and potential hardware and software architectures security vulnerabilities. The memory tagging circuitry may prevent memory pointers from being overwritten, prevent memory pointer manipulation (e.g., by adding values), and increase the granularity of memory tagging to include byte-level tagging in cache. The memory tagging circuitry may sandbox untrusted code by tagging portions of memory to indicate when the tagged portions of memory include contain a protected pointer. The memory tagging circuitry provides security features while enabling CPUs to continue using and benefiting from speculatively performing operations.

Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.

Abstract: Embodiments of the present disclosure may be configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices may facilitate driver development without use of physical devices or hardware prototypes. In various embodiments, advanced validation of a device-driver combination may be permitted that would be difficult to achieve even with a physical device. Certain embodiments also may detect inconsistencies between virtual and physical devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with physical devices.

Abstract: Embodiments of the present disclosure may be configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices may facilitate driver development without use of physical devices or hardware prototypes. In various embodiments, advanced validation of a device-driver combination may be permitted that would be difficult to achieve even with a physical device. Certain embodiments also may detect inconsistencies between virtual and physical devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with physical devices.

Abstract: Embodiments of the present disclosure may be configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices may facilitate driver development without use of physical devices or hardware prototypes. In various embodiments, advanced validation of a device-driver combination may be permitted that would be difficult to achieve even with a physical device. Certain embodiments also may detect inconsistencies between virtual and physical devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with physical devices.

Abstract: Embodiments of the present disclosure may be configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices may facilitate driver development without use of physical devices or hardware prototypes. In various embodiments, advanced validation of a device-driver combination may be permitted that would be difficult to achieve even with a physical device. Certain embodiments also may detect inconsistencies between virtual and physical devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with physical devices.

Abstract: Certain embodiments of the present invention are configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices facilitate driver development without use of real devices or hardware prototypes. The present invention also may be configured to permit advanced validation of a device-driver combination that would be difficult to achieve even with a real device. Certain embodiments also may detect inconsistencies between virtual and real devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with real devices.

Abstract: Certain embodiments of the present invention are configured to permit development and validation of a device driver or a device application program by using improved virtual devices. Such improved virtual devices facilitate driver development without use of real devices or hardware prototypes. The present invention also may be configured to permit advanced validation of a device-driver combination that would be difficult to achieve even with a real device. Certain embodiments also may detect inconsistencies between virtual and real devices, which may be used to improve drivers and device application programs and increase compatibility of such drivers and device application programs with real devices.