Abstract: An apparatus and system for remote attestation of a power delivery network is disclosed. Embodiments of the disclosure enable remote attestation of the power delivery network by storing a trusted golden reference waveform in secure memory. The trusted golden reference waveform characterizes a power delivery network in response to a load generated on the power delivery network. A remote cloud server generates a server-generated remote attestation of the power delivery network by receiving an attestation packet from the power delivery network and verifying whether the attestation packet is consistent with an expected power delivery network identity.

Abstract: An apparatus and method for detecting a change in electrical properties in a system is disclosed. Embodiments of the disclosure enable the detection of a change in electrical properties in a system by, in response to a load generated on a power delivery network power in at least part of the system, measuring noise induced in the power delivery network in response to the load. Based on the measured noise, a dynamic-response property of the power delivery network is determined and the dynamic-response property is compared to a stored reference dynamic-response property of the power delivery network based on a predetermined load. In the event of a difference between the dynamic-response property and the reference dynamic-response property, a response to the event is triggered to indicate tampering with the power delivery network.

Abstract: An apparatus comprises a plurality of redundant processing units to perform data processing redundantly in lockstep; common mode fault detection circuitry to detect an event indicative of a potential common mode fault affecting each of the plurality of redundant processing units; a memory shared between the plurality of redundant processing units; and memory checking circuitry to perform a memory scanning operation to scan at least part of the memory for errors; in which the memory checking circuitry performs the memory scanning operation in response to a common mode fault signal generated by the common mode fault detection circuitry indicating that the event indicative of a potential common mode fault has been detected.

Abstract: A machine-implemented method for controlling a configuration data item in a storage-equipped device having at least two security domains, comprising receiving, by one of the security domains, a configuration data item; storing the configuration data item; providing a security indication for the configuration data item; and when an event indicates untrustworthiness of the data item, invalidating a configuration effect of the stored configuration data item. Further provided is a machine-implemented method for controlling a storage-equipped device as a node in a network of devices, comprising receiving information that a data source or type of a configuration data item is untrusted; analysing metadata for the data source and the configuration data item; populating a knowledge base with analysed metadata; and responsive to the analysed metadata, transmitting security information to the network of devices. A corresponding device and computer program product are also described.

Abstract: A method and authenticator for authenticating a device in a system using the electrical properties of the device is disclosed. Embodiments of the disclosure enable authentication by receiving a plurality of input seed values from a requestor. For each input seed value, load stimuli are generated to produce an electrical load sequence on a power delivery network powering at least part of the system. Noise induced in the power delivery network is measured in response to the electrical load sequence using one or more sensors located on the power delivery network. Based on the measured noise, a dynamic response property (magnitude and phase response as a function of frequency) of the power delivery network corresponding to a respective input seed value can be determined and returned to the requestor.

Abstract: A method of accessing data sent between a remote resource and a data processing device, the method comprising: caching data uploaded from the remote resource or caching data sent to the remote resource at one or more intermediate network nodes between the data processing device and the remote resource; and accessing the cached data stored at the one or more intermediate network nodes.

Abstract: A technology for mutually isolating accessors of a shared electronic device from leakage of context data after a context switch comprises: on making the shared electronic device available to the plurality of accessors, establishing a portion of storage as an indicator location for the shared electronic device; when a first accessor requests use of the shared electronic device, writing at least one device-reset-required indicator to the indicator location; on switching context to a new context, after context save, when a second accessor requests use of the shared electronic device, resetting context data of the shared electronic device to a known state and reconciling the first device-reset-required indicator and a second device-reset-required indicator for the new context.

Abstract: A data processing apparatus having a first secure area and a second secure area coupled by a monitor is provided. The monitor applies security credentials to processing circuitry transitioning from the first secure area to the second secure area to enable the processing circuitry to perform functions in the second secure area. A call gateway comprising a transition instruction and access parameters stored in a trusted storage device is used by the monitor to determine when to applying the security credentials to the processing circuitry. The access parameters comprising a target function or a memory location.

Abstract: The machine implemented method for operating at least one electronic system comprises detecting a pattern of use of plural control parameters in a path through a graph of operational context switches to reach a target operational context; storing a representation of the pattern in association with an indicator identifying the target operational context; responsive to detecting at least one of a request for a switch of operation from a source operational context to the target operational context, a trapping on a resource access, and a detection of a breakpoint, retrieving the representation in accordance with the indicator identifying the target operational context; and responsive to the retrieving, applying at least one control parameter to said at least one electronic system to match the pattern.

Abstract: Broadly speaking, the present techniques provide methods, apparatus and systems for monitoring operation of a device. More particularly, the present techniques provide methods for monitoring operation of a device based on a device firmware update that is associated with at least one power profile.

Abstract: A data processing device has a processor which executes software directly from non-volatile memory. The processor has a runtime component which dynamically maps software element identifiers specified by the software to corresponding software elements in memory. Mapping information is used to determine which software elements identifiers correspond to which software elements. This provides a level of indirection which can be used to make software updates more efficient, by updating only parts of the software while leaving old parts of the software as they are. Updated software elements can be stored to memory and the mapping information updated to point to the new elements, while existing mappings may be retained.

Abstract: A method for verifying the integrity of data in a message by a data processing device, the message comprising a plurality of packets, the method comprising: receiving, at the device from a first resource, a manifest associated with the message, the manifest comprising a plurality of group check values for the plurality of packets; receiving, at the device, from the first or a different resource, the message; generating a first progression of rolling hashes for the plurality of packets; deriving group check values from the first progression of rolling hashes for groups of the plurality of packets along one or more paths; verifying the integrity of the data in the message based on or in response to a determination that the derived group check values correspond to the plurality of group check values in the manifest.

Abstract: A data processing apparatus comprises branch prediction circuitry adapted to store at least one branch prediction state entry in relation to a stream of instructions, input circuitry to receive at least one input to generate a new branch prediction state entry, wherein the at least one input comprises a plurality of bits; and coding circuitry adapted to perform an encoding operation to encode at least some of the plurality of bits based on a value associated with a current execution environment in which the stream of instructions is being executed. This guards against potential attacks which exploit the ability for branch prediction entries trained by one execution environment to be used by another execution environment as a basis for branch predictions.

Abstract: An apparatus comprises a plurality of redundant processing units (4) to perform data processing redundantly in lockstep; common mode fault detection circuitry *6, 22) to detect an event indicative of a potential common mode fault affecting each of the plurality of redundant processing units; a memory (10) shared between the plurality of redundant processing units; and memory checking circuitry (30) to perform a memory scanning operation to scan at least part of the memory for errors; in which the memory checking circuitry (30) performs the memory scanning operation in response to a common mode fault signal generated by the common mode fault detection circuitry (6, 22) indicating that the event indicative of a potential common mode fault has been detected.

Abstract: Broadly speaking, embodiments of the present techniques provide methods and apparatus to implement a time-limited configuration settings hierarchy. The time-limited configuration settings hierarchy introduces a temporary override setting that allows a fail-back to a prior setting after the expiry of a time period. This allows temporary users of IoT devices to have much higher levels of privilege over configuration settings, as an automatic revocation of the permission and reversion to the previous settings is guaranteed on the expiry of the specified time period.

Abstract: Methods for delivering an authenticatable management activity to a group of remote devices in a networked computing environment is described herein. An authenticatable management activity may be any activity which requires internal state changes to be made at a remote device, such as software or firmware updates, system configuration operations, access control list update operations, file transfer operations, changes to user data etc., and which requires an operators approval of the activity before being performed. In addition to an operators approval of the activity, the management activity is required to be signed by an operator, such that the operator authorising the management activity is authenticated.

Abstract: There is provided a data processing apparatus that includes an input policy filter that receives input data and an input provenance that relates to the input data. The filter forwards some or all of the input data and the input provenance according to at least one input policy. A processing environment receives the input data forwarded by the input policy filter and processes the input data to generate output data A management environment produces an attestation of the processing environment and produces an output provenance based on the input provenance and the attestation. An output policy filter receives the output data and the output provenance and forwards the output data and the output provenance according to at least one output policy.

Abstract: Technology for operating a data-source device for assembling a data stream compliant with a data stream constraint. The technology comprises acquiring a plurality of data items by accessing data in a memory and/or transforming data. Prior to completion of the accessing data in a memory, an accessor is selected based on an estimate of access constraint. Prior to completion of the transforming data, a transformer is selected based on an estimate of transformation constraint, wherein the transportation constraint comprises any data acquisition constraint. The access and transformation constraints are dependent upon system state it the data-source system. The data items are positioned in the data stream, and, responsive to achieving compliance with the data stream constraint, the data strewn is communicated.

Abstract: A method for securely distributing content from a distributor to a plurality of receiving devices, each recipient creating recipient trusted ephemeral public private key pair and making the recipient trusted ephemeral public key available, the method comprising: generating a content encryption key for encrypting content to be distributed and encrypting content using the content encryption key; generating, for each recipient trusted ephemeral public key, a shared secret using the recipient trusted ephemeral public key and the distributor ephemeral private key; generating a plurality of encrypted per-recipient key slots, each encrypted per-recipient key slot generated by encrypting the content encryption key using a different shared secret of the plurality of shared secrets; creating a data structure comprising the distributor ephemeral public key, the encrypted content, and one or more encrypted per-recipient key slots; and transmitting the data structure to deliver the content to recipients associated with th

Abstract: A method for controlling communications between a data processing device in a first network and a target service in a second network via a gateway apparatus, the method comprising: transmitting a request to communicate with the target service from the data processing device to the gateway apparatus; transmitting device credentials from the data processing device to the gateway apparatus, wherein the credentials comprise information relating to the target service; verifying at the gateway apparatus an authentication status of the data processing device based on the device credentials; establishing a communication path between the data processing device and the target service if the authentication status is verified.