Abstract: According to one embodiment, in response to a request received at a host agent of a server from a user device of a user over a network to process user data, a system transmits a token representing the request to an executor pool having a pool of a number of executors. The system receives by the host agent executable image(s) of an executor from the executor pool, where the executor pool allocated the executor from the pool of executors in response to successfully verifying the token. The system launches a restricted operating environment within the server, including providing the executable image(s) of the executor and the user data to the restricted operating environment. The system executes the executable image(s) of the executor within the restricted operating environment, where the executor, when executed, is to process the user data without accessing an external component external to the restricted operating environment.

Abstract: According to one embodiment, a system establishes a secure connection between a host system and a data processing (DP) accelerator over a bus, the secure connection including one or more data channels. The system transmits a first instruction from the host system to the DP accelerator over a command channel, the first instruction requesting the DP accelerator to perform a data preparation operation. The system receives a first request to read a first data from a first memory location of the host system from the DP accelerator over one data channel. In response to the request, the system transmits the first data to the DP accelerator over the data channel, where the first data is utilized for a computation or a configuration operation. The system transmits a second instruction from the host system to the DP accelerator over the command channel to perform the computation or the configuration operation.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for launching a device.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for detecting a side channel attack. An embodiment of the method comprises: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. The embodiment implements detecting a side channel attack to the enclave without additional hardware.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for launching a device.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for detecting a side channel attack. An embodiment of the method comprises: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. The embodiment implements detecting a side channel attack to the enclave without additional hardware.