Abstract: Systems or methods of the present disclosure may provide receiving a request to perform an operation on data. A data payload of the data is then transmitted to a programmable logic device using a first transfer to enable offloading of at least a portion of the operation. Then, a descriptor corresponding to a storage location of the data payload in the programmable logic device is received. Using memory accesses one or more headers are added to the data payload in the storage location. Finally, the descriptor corresponding to the data payload is transmitted without the data payload to the programmable logic device to cause the programmable logic device to transmit packets comprising the data payload and the one or more headers over a network.

Abstract: There is disclosed an example of a computing apparatus for providing a hardware-assisted virtual switch on a host, including: a hardware virtual switch (vSwitch) circuit; and a hardware virtual host (vHost) circuit, the vHost circuit having an interface driver specific to the hardware vSwitch and configured to provide a vHost data plane to: provide a plurality of hardware queues to communicatively couple the hardware vSwitch to a guest virtual function (VF); and present to a virtual network driver of the guest VF an interface that is backward compatible with a software network interface.

Abstract: There is disclosed an example of a computing apparatus for providing a hardware-assisted virtual switch on a host, including: a hardware virtual switch (vSwitch) circuit; and a hardware virtual host (vHost) circuit, the vHost circuit having an interface driver specific to the hardware vSwitch and configured to provide a vHost data plane to: provide a plurality of hardware queues to communicatively couple the hardware vSwitch to a guest virtual function (VF); and present to a virtual network driver of the guest VF an interface that is backward compatible with a software network interface.

Abstract: A computer system may comprise a multi-chip package (MCP), which includes multi-core processor circuitry and hardware accelerator circuitry. The multi-core processor circuitry may comprise a plurality of processing cores, and the hardware accelerator circuitry may be coupled with the multi-core processor circuitry via one or more coherent interconnects and one or more non-coherent interconnects. A coherency domain of the MCP may be extended to encompass the hardware accelerator circuitry, or portions thereof An interconnect selection module may select an individual coherent interconnect or an individual non-coherent interconnect based on application requirements of an application to be executed and a workload characteristic policy. Other embodiments are described and/or claimed.

Abstract: There is disclosed an example of a computing apparatus for providing a hardware-assisted virtual switch on a host, including: a hardware virtual switch (vSwitch) circuit; and a hardware virtual host (vHost) circuit, the vHost circuit having an interface driver specific to the hardware vSwitch and configured to provide a vHost data plane to: provide a plurality of hardware queues to communicatively couple the hardware vSwitch to a guest virtual function (VF); and present to a virtual network driver of the guest VF an interface that is backward compatible with a software network interface.

Abstract: A computer system may comprise a multi-chip package (MCP), which includes multi-core processor circuitry and hardware accelerator circuitry. The multi-core processor circuitry may comprise a plurality of processing cores, and the hardware accelerator circuitry may be coupled with the multi-core processor circuitry via one or more coherent interconnects and one or more non-coherent interconnects. A coherency domain of the MCP may be extended to encompass the hardware accelerator circuitry, or portions thereof An interconnect selection module may select an individual coherent interconnect or an individual non-coherent interconnect based on application requirements of an application to be executed and a workload characteristic policy. Other embodiments are described and/or claimed.

Abstract: In accordance with embodiments of the present disclosure, a process for classifying a mobile application is provided. The process may detect, by an application classification module, a mobile application located on a mobile device. The process may further extract, by the application classification module, a set of embedded data from the mobile application; and obtain a classification for the mobile application by analyzing the set of embedded data using a pattern and training set database.

Abstract: In accordance with at least some embodiments of the present disclosure, a security enhancement method is provided for operating a computer system having a trusted environment and an untrusted environment. The method may include acquiring an identification data associated with an application installed in the untrusted environment, authenticating the identification data according to a predetermined rule in the trusted environment to acquire a corresponding authentication result, and executing the application in the untrusted environment or uninstalling the application from the computer system according to the authentication result.

Abstract: Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

Abstract: A computer-implemented method and system for malware prevention in a peer-to-peer (P2P) environment are disclosed. Specifically, one implementation of the embodiment sets forth a method, which includes the operations of obtaining a meta information of a data, prior to initiating downloading of the data, sending the meta information to a server, and initiating downloading of the data after having received confirmation from the server that the meta information is free from being associated with any known malware.

Abstract: A method and system for ensuring system security is disclosed. Based on the content of the data units the method and system monitor, the method and system retrieve the states and the dependency relationships among these states that are representative of unwanted patterns. The method and system store the states and the dependency relationships mentioned above in different types of memories according to the frequency of accessing the states. The frequency is calculated by comparing a number of test data patterns with the states in a sequence specified by the dependency relationships. The method and system further identify a set of suspected data units by comparing the data units with the retrieved states in a sequence specified by the retrieved dependency relationships, wherein the content of the set of the suspected data units collectively matches any of the unwanted patterns.

Abstract: A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for ensuring system security is disclosed. The method and system utilize a first processing unit to split a regular expression that corresponds to a number of patterns into sub-expressions and maintain the dependency relationships among the finite automata that correspond to the sub-expressions. Then, the method and system utilize a second processing unit to move the data units through these finite automata in a sequence that is based on the dependency relationships to identify the suspected data units. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata.

Abstract: A method and apparatus for preventing web page attacks are disclosed. Specifically, one embodiment of the present invention sets forth a method, which includes the steps of examining an object property from a web page requested by a client computer in real-time before the client computer receives the web page, assessing a collective risk level associated with the web page causing harm to the client computer based on the result of examining the object property, and performing an action with regards to the web page according to the collective risk level.

Abstract: A method and system that ensures system security is disclosed. Specifically, the method and system formulate a finite automaton that corresponds to a number of patterns. Then, as data units are put through the finite automaton, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. To identify the suspected data units, the dependency relationships among various states in the finite automaton that have been compressed are relied upon. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for ensuring system security is disclosed. Based on the content of the data units the method and system monitor, the method and system retrieve the states and the dependency relationships among these states that are representative of unwanted patterns. The method and system store the states and the dependency relationships mentioned above in different types of memories according to the frequency of accessing the states. The frequency is calculated by comparing a number of test data patterns with the states in a sequence specified by the dependency relationships. The method and system further identify a set of suspected data units by comparing the data units with the retrieved states in a sequence specified by the retrieved dependency relationships, wherein the content of the set of the suspected data units collectively matches any of the unwanted patterns.

Abstract: Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

Abstract: A method and system that ensures system security is disclosed. Specifically, the method and system formulate a finite automaton that corresponds to a number of patterns. Then, as data units are put through the finite automaton, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. To identify the suspected data units, the dependency relationships among various states in the finite automaton that have been compressed are relied upon. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for ensuring system security is disclosed. The method and system utilize a first processing unit to split a regular expression that corresponds to a number of patterns into sub-expressions and maintain the dependency relationships among the finite automata that correspond to the sub-expressions. Then, the method and system utilize a second processing unit to move the data units through these finite automata in a sequence that is based on the dependency relationships to identify the suspected data units. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata.