Abstract: In various examples there is a computing device in communication with at least one other computing device via a communications network. The computing device has a memory and a central processing unit having a trusted execution environment comprising trusted regions of the memory. The computing device has an operating system configured to create a memory mapping between a virtual address space of the memory and a memory of the at least one other computing device and to provide details of the memory mapping to the trusted execution environment. The trusted execution environment is configured to execute an application which is able to communicate with the other computing device directly using the memory mapping provided by the operating system.

Abstract: A method of memory deallocation across a trust boundary between a first software component and a second software component is described. Some memory is shared between the first and second software components. An in-memory message passing facility is implemented using the shared memory. The first software component is used to deallocate memory from the shared memory which has been allocated by the second software component. The deallocation is done by: taking at least one allocation to be freed from the message passing facility; and freeing the at least one allocation using a local deallocation mechanism while validating that memory access to memory owned by data structures related to memory allocation within the shared memory are within the shared memory.

Abstract: A method of operating a computer according to an actor model, the method comprising: defining a plurality of actors, each taking form of a data structure comprising respective data and one or more respective functions for operating on the respective data; generating a wrapped message to be transmitted from a transmitting actor to multiple recipient actors, the wrapped message comprising at least one constituent message, a sorted list of the recipient actors, and an index indicating an entry in the list, the index initially being set to indicate the first recipient actor in the list; transmitting the wrapped message from the transmitting actor to the first recipient actor in the list; each of the recipient actors, except the last in the list, upon receiving the wrapped message, advancing the index and forwarding the wrapped message to the next actor in the list as indicated by the advanced index.

Abstract: In various examples there is a computing device in communication with at least one other computing device via a communications network. The computing device has a memory and a central processing unit having a trusted execution environment comprising trusted regions of the memory. The computing device has an operating system configured to create a memory mapping between a virtual address space of the memory and a memory of the at least one other computing device and to provide details of the memory mapping to the trusted execution environment. The trusted execution environment is configured to execute an application which is able to communicate with the other computing device directly using the memory mapping provided by the operating system.

Abstract: In various examples, there is a computer-implemented method for providing packages for processing on a computer system. The method creates a secure connection to an enclave and retrieves a quote to verify that the enclave is genuine and that it contains a predetermined process. The predetermined process is configured to create an enclave for itself and determine that an initial state of the computer system is equivalent to a predetermined state based on a quote retrieved from a security module. The predetermined process is further configured to receive a package to be processed by the computer system and cause the processor to process the package outside of the enclave. In response to verifying the enclave, the method provides a package to be processed by the computer system.

Abstract: A method of operating a computer according to an actor model, the method comprising: defining a plurality of actors, each taking form of a data structure comprising respective data and one or more respective functions for operating on the respective data; generating a wrapped message to be transmitted from a transmitting actor to multiple recipient actors, the wrapped message comprising at least one constituent message, a sorted list of the recipient actors, and an index indicating an entry in the list, the index initially being set to indicate the first recipient actor in the list; transmitting the wrapped message from the transmitting actor to the first recipient actor in the list; each of the recipient actors, except the last in the list, upon receiving the wrapped message, advancing the index and forwarding the wrapped message to the next actor in the list as indicated by the advanced index.

Abstract: A method of running a computer program comprising concurrent threads, wherein: at any time, the program is in a current global execution phase, GEP, each thread is divided into a sequence of local execution phases, LEPs, each corresponding to a different GEP, wherein the thread is in a current LEP that cannot progress beyond the LEP corresponding to the current GEP; any of the threads is able to advance the GEP if the current LEP of all threads has reached the LEP corresponding to the current GEP; one thread comprises code to perform an internal acquire to acquire a lock on its respective LEP; and at least one other threads comprises code to perform an external release to force advancement of the current LEP of said one thread, but wherein the external release will be blocked if said thread has performed the internal acquire.

Abstract: A method of communicating messages between threads. For each thread there are defined M buckets. When a transmitting thread has a message to send, it assigns the message to the bucket numbered m=Tid_r mod M to await transmission, where Tid_r is the ID of the receiving thread. The bucket m=Tid_t mod M is the home bucket, where Tid_t is the ID of the transmitting thread. After accumulating multiple messages, a batch transmission is performed, comprising a plurality of successive phases p. Each phase comprises: i) from each bucket other than the home bucket, transmitting some or all of the messages in the bucket as a batch to one of the receiving threads of the bucket, and ii) except in the last phase, incrementing the phase p by 1, and redistributing the messages remaining in the home bucket according to m=(Tid_r/M{circumflex over (?)}p) mod M.

Abstract: In various examples, there is a computer-implemented method for providing packages for processing on a computer system. The method creates a secure connection to an enclave and retrieves a quote to verify that the enclave is genuine and that it contains a predetermined process. The predetermined process is configured to create an enclave for itself and determine that an initial state of the computer system is equivalent to a predetermined state based on a quote retrieved from a security module. The predetermined process is further configured to receive a package to be processed by the computer system and cause the processor to process the package outside of the enclave. In response to verifying the enclave, the method provides a package to be processed by the computer system.