Abstract: A legacy virtual machine (a virtual machine not operating in a secure environment) can be converted to a confidential virtual machine (a virtual that operates in a secure environment) on the fly, with little downtime experienced by the legacy virtual machine (VM) owner. A legacy VM operating either on a legacy platform (a platform not having confidential computing capabilities) or a confidential computing-capable platform can be converted to a confidential VM (CVM). The legacy VM can be migrated to another computing device as part of the conversion or be converted into a CVM that executes on the same computing device on which the legacy VM was running. A trusted security module can be responsible for starting a VM-to-CVM conversion session, validating the state of legacy virtual machine to be converted, provision a CVM with the state of the legacy virtual machine, and end a VM-to-CVM conversion session.

Abstract: A method is described and includes acquiring sensor data produced by sensors of a plurality of vehicles traversing an area including a location of a user, wherein the vehicles traversing the area comprise a subset of a fleet of vehicles for providing rideshare services; processing the acquired sensor data to determine a category of the user; selecting a vehicle from the fleet of vehicles based on the category of the user, wherein the selected vehicle comprises at least one accommodation corresponding to the category of the user; and dispatching the selected vehicle to a pick-up location designated by the user.

Abstract: An AV may detect degraded states of other AVs. For instance, the AV may use its sensors to detect one or more other vehicles in the local area. The AV may determine whether any of these vehicles is a peer of the AV based on features of these vehicles captured by its sensors. Alternatively, the AV may determine if any vehicle is a peer based on encrypted communication with the vehicle. The AV may also determine whether any peer AV has a state that deviates from an expected or desirable state. The AV may communicate with an online system and request the online system to provide information for identifying the vehicle or detecting degraded states. The AV may also report degradations in peer AVs to the online system. The online system may recover the degraded AV or dispatch another AV to complete a task assigned to the degraded AV.

Abstract: A computer-aided method of comparing legal requirements, including: comparing a first legal requirement from a first jurisdiction to a second legal requirement from a second jurisdiction, including applying a natural language processing (NLP) algorithm to the first and second legal requirements; computing a distance between the first and second legal requirements; determining from the distance that the second legal requirement belongs to a same subject matter category as the first legal requirement; and providing a user interface (UI) to display the first and second legal requirements to a user, with the computed distance.

Abstract: Systems, methods, and apparatuses to support instructions for a hardware assisted heterogeneous instruction set architecture dispatcher are described.

Abstract: A method and system for security protection for firmware of an accelerator by leveraging Virtualization-Based Security (VBS). A memory space is allocated for firmware of an accelerator from a Kernel Data Protection (KDP)-protected region of a system memory. The KDP-protected region is a specific area of the system memory that is protected by KDP. The firmware of the accelerator is placed in the KDP-protected region. A device memory management unit (MMU) page table corresponding to the memory space allocation for the firmware of the accelerator may be generated and placed in the KDP-protected region. A device driver of the accelerator sets attributes of page table entries of the device MMU page table appropriately, and accesses to the system memory may be controlled based on the attributes of the page table entries of the device MMU page table.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: Systems and methods for obtaining passenger feedback during an autonomous vehicle (AV) ride are provided. Feedback can be obtained in different forms during the passenger's ride. For instance, the passenger may opt-in to shadow the AV as it performs various driving behaviors. Input devices such as a tablet or joystick may be activated in the autonomous vehicle. A heuristic scene is selected and presented on the tablet, and the passenger can use the joystick to perform the maneuver as the AV is performing the same. The passenger's driving behavior does not alter the operation of the AV. Alternatively, the scene is different from the AV's route and the driving behaviors are not synced. Further, the passenger can be prompted to provide a response after specific maneuvers are performed by the AV. Feedback data is obtained and recorded from each passenger and then evaluated and compared to the AV's driving behaviors.

Abstract: Various technologies described herein pertain to reserving seats in an autonomous vehicle. The autonomous vehicle includes a plurality of seats that can be occupied by passengers when riding in the autonomous vehicle. The autonomous vehicle is configured to assign a particular seat from the plurality of seats in the autonomous vehicle to a passenger based on information pertaining to the passenger and information pertaining to a ride-sharing trip. The autonomous vehicle is to transport at least the passenger and a differing passenger during at least a portion of the ride-sharing trip. Moreover, the passenger and the differing passenger independently request rides in the autonomous vehicle. The autonomous vehicle is further configured to output, to the passenger, an indication of the particular seat assigned to the passenger.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: A method for halting malware includes: monitoring plural file system events with a system driver to detect an occurrence of a file system event having a predetermined file type and log event type; triggering a listening engine for file system event stream data of a file associated with the detection of the file system event, the file system event stream data indicating data manipulation associated with the file due to execution of a process; obtaining one or more feature values for each of plural different feature combinations of plural features of the file based on the file system event stream data; inputting one or more feature values into a data analytics model to predict a target label value based on the one or more feature values of the plural different feature combinations and agnostic to the process; and performing a predetermined operation based on the target label value.

Abstract: An autonomous vehicle (AV) described herein is configured to receive a pull over location specified by a passenger, and is further configured to refine the pull over location based upon one or more factors, where the factors include computer-readable content from a profile of the passenger, sensor data output by sensor systems of the AV, observed or predicted weather conditions, observed or predicted traffic, and/or observations recently generated by other AVs that belong to the same fleet as the AV.

Abstract: Methods and apparatus to set guest physical address mapping attributes for a trusted domain In one embodiment, the method includes executing a first one or more of instructions to establish a trusted domain and executing a second one or more of the instructions to add a first memory page to the trusted domain, where the first memory page is private to the trusted domain and a first set of page attributes is set for the first memory page based on the second one or more of the instructions, where the first set of page attributes indicates how the first memory page is mapped in a secure extended page table. The method further includes storing the first set of page attributes for the first memory page in the secure extended page table at a storage location responsive to executing the second one or more of the instructions.

Abstract: A method is described and includes acquiring sensor data produced by sensors of a plurality of vehicles traversing an area including a location of a user, wherein the vehicles traversing the area comprise a subset of a fleet of vehicles for providing rideshare services; processing the acquired sensor data to determine a category of the user; selecting a vehicle from the fleet of vehicles based on the category of the user, wherein the selected vehicle comprises at least one accommodation corresponding to the category of the user; and dispatching the selected vehicle to a pick-up location designated by the user.

Abstract: A method is described and includes acquiring sensor data produced by sensors of a plurality of vehicles traversing an area including a location of a user, wherein the vehicles traversing the area comprise a subset of a fleet of vehicles for providing rideshare services; processing the acquired sensor data to determine a category of the user; selecting a vehicle from the fleet of vehicles based on the category of the user, wherein the selected vehicle comprises at least one accommodation corresponding to the category of the user; and dispatching the selected vehicle to a pick-up location designated by the user.

Abstract: The present disclosure relates to compositions and methods of generating circular-permuted nucleic acids for direct use in homology directed genome editing. The method also allows the joining of a large number of DNA fragments, in a deterministic fashion. It can be used to rapidly generate nucleic acid libraries that can be directly used in a variety of applications without further cloning steps that include, for example, genome editing and pathway assembly. Kits for performing the method are also disclosed.

Abstract: An autonomous vehicle (AV) described herein is configured to receive a pull over location specified by a passenger, and is further configured to refine the pull over location based upon one or more factors, where the factors include computer-readable content from a profile of the passenger, sensor data output by sensor systems of the AV, observed or predicted weather conditions, observed or predicted traffic, and/or observations recently generated by other AVs that belong to the same fleet as the AV.

Abstract: Systems, methods, and apparatuses to support instructions for a hardware assisted heterogeneous instruction set architecture dispatcher are described.

Abstract: Described herein are various technologies pertaining to selecting an autonomous vehicle for a trip of a passenger based on a passenger cargo reservation request and real time load data from a fleet of autonomous vehicles. The passenger cargo reservation request specifies a request to store passenger cargo in a cargo storage area of an autonomous vehicle during a ride of a passenger in the autonomous vehicle. Further, an autonomous vehicle from the fleet of autonomous vehicles can be selected for the trip of the passenger based on the passenger cargo reservation request and the real time load data for the autonomous vehicles in the fleet of autonomous vehicles.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.