Abstract: Technologies disclosed herein provide cryptographic computing. An example method comprises executing a first instruction of a first software entity to receive a first input operand indicating a first key associated with a first memory compartment of a plurality of memory compartments stored in a first memory unit, and execute a cryptographic algorithm in a core of a processor to compute first encrypted contents based at least in part on the first key. Subsequent to computing the first encrypted contents in the core, the first encrypted contents are stored at a memory location in the first memory compartment of the first memory unit. More specific embodiments include, prior to storing the first encrypted contents at the memory location in the first memory compartment and subsequent to computing the first encrypted contents in the core, moving the first encrypted contents into a level one (L1) cache outside a boundary of the core.

Abstract: In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

Abstract: In one example, a system for managing encrypted memory comprises a processor to store a first MAC based on data stored in system memory in response to a write operation to the system memory. The processor can also detect a read operation corresponding to the data stored in the system memory, calculate a second MAC based on the data retrieved from the system memory, determine that the second MAC does not match the first MAC, and recalculate the second MAC with a correction operation, wherein the correction operation comprises an XOR operation based on the data retrieved from the system memory and a replacement value for a device of the system memory. Furthermore, the processor can decrypt the data stored in the system memory in response to detecting the recalculated second MAC matches the first MAC and transmit the decrypted data to cache thereby correcting memory errors.

Abstract: Apparatus, systems, computer readable storage mediums and/or methods may provide memory integrity by using unused physical address bits (or other metadata passed through cache) to manipulate cryptographic memory integrity values, allowing software memory allocation routines to control the assignment of pointers (e.g., implement one or more access control policies). Unused address bits (e.g., because of insufficient external memory) passed through cache, may encode key domain information in the address so that different key domain addresses alias to the same physical memory location. Accordingly, by mixing virtual memory mappings and cache line granularity aliasing, any page in memory may contain a different set of aliases at the cache line level and be non-deterministic to an adversary.

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

Abstract: A method of data nibble-histogram compression can include determining a first amount of space freed by compressing the input data using a first compression technique, determining a second amount of space freed by compressing the input data using a second, different compression technique, compressing the input data using the compression technique of the first and second compression techniques determined to free up more space to create compressed input data, and inserting into the compressed input data, security data including one of a message authentication control (MAC) and an inventory control tag (ICT).

Abstract: A design for test (DfT) architecture is provided that enables pre-bond parametric testing of through-silicon vias (TSVs). A grouping of N number of input/output (I/O) segments are configured to receive a test signal in a feedback loop, where each I/O segment includes one or more buffers (or inverters) and a TSV connected at one end to the one or more buffers. The TSV acts as a shunt-connected capacitor—when defect free—and includes a load resistance when the TSV contains a defect. Each I/O segment can also include one or two multiplexers to control whether the I/O segment receives a test or functional signal and, optionally, whether the I/O segment is bypassed or included in the ring oscillator. The varying loads caused by the defects cause variations in the delay across the buffers (or inverters) of an I/O segment that can be detected in the output signal.

Abstract: Techniques and computing devices for compression memory coloring are described. In one embodiment, for example, an apparatus may include at least one memory, at least on processor, and logic for compression memory coloring, at least a portion of the logic comprised in hardware coupled to the at least one memory and the at least one processor, the logic to determine whether data to be written to memory is compressible, generate a compressed data element responsive to determining data is compressible, the data element comprising a compression indicator, a color, and compressed data, and write the compressed data element to memory. Other embodiments are described and claimed.

Abstract: The present disclosure is directed to systems and methods for the secure transmission of plaintext data blocks encrypted using a NIST standard encryption to provide a plurality of ciphertext data blocks, and using the ciphertext data blocks to generate a Galois multiplication-based authentication tag and parity information that is communicated in parallel with the ciphertext blocks and provides a mechanism for error detection, location and correction for a single ciphertext data block or a plurality of ciphertext data blocks included on a storage device. The systems and methods include encrypting a plurality of plaintext blocks to provide a plurality of ciphertext blocks. The systems and methods include generating a Galois Message Authentication Code (GMAC) authentication tag and parity information using the ciphertext blocks.

Abstract: In one example a computer implemented method comprises generating an error correction code for a memory line, the memory line comprising a first plurality of data blocks, wherein the error correction code comprises a first plurality of parity bits and a second plurality of parity bits, applying a domain-specific function to the second plurality of parity bits to generate a modified block of parity bits, generating a metadata block corresponding to the memory line, wherein the metadata block comprises the error correction code for the memory line and at least a portion of the modified block of parity bits, encoding the first plurality of data blocks and the metadata block to generate a first encoded data set, and providing the encoded data set and the encoded metadata block for storage on a memory module. Other examples may be described.

Abstract: Embodiments of apparatus, method, and storage medium associated with multi-stage memory integrity for securing/protecting memory content are described herein. In some embodiments, an apparatus may include multiple stages having respective encryption engines to encrypt data in response to a write or restore operation; wherein the encryption engines are to successively encrypt the data in a plurality of encryption stages using a plurality of tweaks based on a plurality of selectors of different types {s1, s2, . . . }. In embodiments, the multiple stages may further comprise one or more decryption engines to partially, fully, or pseudo decrypt the plural encrypted data, in response to a read, move or copy operation; wherein the one or more decryption engines are to partially, fully, or pseudo decrypt the plural encrypted data in one or more decryption stages using one or more tweaks based on a subset of the selectors of different types {s1, s2, . . . }.

Abstract: A data processing system includes support for sub-page granular memory tags. The data processing system comprises at least one core, a memory controller responsive to the core, random access memory (RAM) responsive to the memory controller, and a memory protection module in the memory controller. The memory protection module enables the memory controller to use a memory tag value supplied as part of a memory address to protect data stored at a location that is based on a location value supplied as another part of the memory address. The data processing system also comprises an operating system (OS) which, when executed in the data processing system, manages swapping a page of data out of the RAM to non-volatile storage (NVS) by using a memory tag map (MTM) to apply memory tags to respective subpages within the page being swapped out. Other embodiments are described and claimed.

Abstract: The present disclosure is directed to systems and methods that maintain consistency between a system architectural state and a microarchitectural state in the system cache circuitry to prevent a side-channel attack from accessing secret information. Speculative execution of one or more instructions by the processor circuitry causes memory management circuitry to transition the cache circuitry from a first microarchitectural state to a second microarchitectural state. The memory management circuitry maintains the cache circuitry in the second microarchitectural state in response to a successful completion and/or retirement of the speculatively executed instruction. The memory management circuitry reverts the cache circuitry from the second microarchitectural state to the first microarchitectural state in response to an unsuccessful completion, flushing, and/or retirement of the speculatively executed instruction.

Abstract: Methods, apparatus, and system to analyze a memory integrity violation and determine whether its cause was hardware or software based.

Abstract: Systems, apparatuses and methods may provide for technology that associates a key domain of a plurality of key domains with a customer boot image, receives the customer boot image from the customer, and verifies the integrity of the customer boot image that is to be securely installed at memory locations determined from an untrusted privileged entity (e.g., a virtual machine manager).

Abstract: In one embodiment, an apparatus comprises a controller comprising circuitry, the controller to generate an error correction code for a memory line, the memory line comprising a plurality of first data blocks, wherein the error correction code comprises parity bits generated based on first portions of a plurality of second data blocks, wherein the plurality of second data blocks are the first data blocks or diffused data blocks generated from the plurality of first data blocks; generate a metadata block corresponding to the memory line, wherein the metadata block comprises the error correction code for the memory line and at least one metadata bit; encode the first data blocks and the metadata block; and provide the encoded data blocks and the encoded metadata block for storage on a memory module.

Abstract: Before sending a message to a destination device, a source device automatically uses a pattern matching algorithm to analyze entropy characteristics of a plaintext version of the message. The pattern matching algorithm uses at least one pattern matching test to generate at least one entropy metric for the message. The source device automatically determines whether the message has sufficiently low entropy, based on results of the pattern matching algorithm. In response to a determination that the message does not have sufficiently low entropy, the source device automatically generates integrity metadata for the message and sends the integrity metadata to the destination device. However, in response to a determination that the message has sufficiently low entropy, the source device sends the message to the destination device without sending any integrity metadata for the message to the destination device. Other embodiments are described and claimed.

Abstract: The present disclosure is directed to systems and methods for providing protection against replay attacks on memory, by refreshing or updating encryption keys. The disclosed replay protected computing system may employ encryption refresh of memory so that unauthorized copies of data are usable for a limited amount of time (e.g., 500 milliseconds or less). The replay protected computing system initially encrypts protected data prior to storage in memory. After a predetermined time or after a number of memory accesses have occurred, the replay protected computing system decrypts the data with the existing key and re-encrypts data with a new key. Unauthorized copies of data (such as those made by an adversary system/program) are not refreshed with subsequent new keys. When an adversary program attempts to use the unauthorized copies of data, the unauthorized copies of data are decrypted with the incorrect keys, which renders the decrypted data unintelligible.

Abstract: Logic may implement implicit integrity techniques to maintain integrity of data. Logic may perform operations on data stored in main memory, cache, flash, data storage, or any other memory. Logic may perform more than one pattern check to determine repetitions of entities within the data. Logic may determine entropy index values and/or Boolean values and/or may compare the results to threshold values to determine if a data unit is valid. Logic may merge a tag with the data unit without expanding the data unit to create an encoded data unit. Logic may decode and process the encoded data unit to determine the data unit and the tag. Logic may determine value histograms for two or more entities, determine a sum of repetitions of the two or more entities, and compare the sum to a threshold value. Logic may determine that a data unit is valid or is corrupted.