An integrated circuit (IC) can include a processor system configured to execute program code, a programmable logic, and a platform management controller coupled to the processor system and the programmable logic. The platform management controller is adapted to configure and control the processor system and the programmable logic independently.

An integrated circuit (IC) can include a processor system configured to execute program code, a programmable logic, and a platform management controller coupled to the processor system and the programmable logic. The platform management controller is adapted to configure and control the processor system and the programmable logic independently.

An exemplary method of detecting a Trojan circuit in an integrated circuit is related to applying a test pattern comprising an initial test pattern followed by a corresponding succeeding test pattern to a golden design of the integrated circuit, wherein a change in the test pattern increases side-channel sensitivity; measuring a side-channel parameter in the golden design of the integrated circuit after application of the test pattern; applying the test pattern to a design of the integrated circuit under test; measuring the side-channel parameter in the design of the integrated circuit under test after application of the test pattern; and determining a Trojan circuit to be present in the integrated circuit under test when the measured side-channel parameters vary by a threshold.

A conversion device for secure computation for converting an input data which is an object data of secure computation into an input format applicable to the secure computation is provided. A conversion device for secure computation of the present invention includes an acquisition unit configured to acquire an object data of the secure computation; a storage unit configured to store a correspondence table specifying an input format required for executing the secure computation; a conversion processing unit configured to perform a conversion from the acquired object data into a secure computation data in accordance with the correspondence table; and an output unit configured to output the secure computation data.

A conversion device for secure computation for converting an input data which is an object data of secure computation into an input format applicable to the secure computation is provided. A conversion device for secure computation of the present invention includes an acquisition unit configured to acquire an object data of the secure computation; a storage unit configured to store a correspondence table specifying an input format required for executing the secure computation; a conversion processing unit configured to perform a conversion from the acquired object data into a secure computation data in accordance with the correspondence table; and an output unit configured to output the secure computation data.

A secure guest generates an updated image for the secure guest, and computes one or more measurements for the updated image. The secure guest provides the one or more measurements to a trusted execution environment and obtains from the trusted execution environment metadata for the updated image. The metadata is generated based on metadata of the secure guest and obtaining the one or more measurements.

A secure guest generates an updated image for the secure guest, and computes one or more measurements for the updated image. The secure guest provides the one or more measurements to a trusted execution environment and obtains from the trusted execution environment metadata for the updated image. The metadata is generated based on metadata of the secure guest and obtaining the one or more measurements.

A trusted execution environment obtains a secure guest image and metadata to be used to start a secure guest. The metadata includes multiple parts and a plurality of integrity measures. A first part of the metadata includes one or more integrity measures of the plurality of integrity measures, and a second part of the metadata includes customized confidential data of the secure guest and one or more other integrity measures of the plurality of integrity measures. The trusted execution environment is used to verify at least one select part of the metadata using at least one integrity measure of the plurality of integrity measures of the metadata. Based on successful verification of the at least one select part of the metadata, the trusted execution environment starts the secure guest using the secure guest image and at least a portion of the metadata.

A trusted execution environment obtains a secure guest image and metadata to be used to start a secure guest. The metadata includes multiple parts and a plurality of integrity measures. A first part of the metadata includes one or more integrity measures of the plurality of integrity measures, and a second part of the metadata includes customized confidential data of the secure guest and one or more other integrity measures of the plurality of integrity measures. The trusted execution environment is used to verify at least one select part of the metadata using at least one integrity measure of the plurality of integrity measures of the metadata. Based on successful verification of the at least one select part of the metadata, the trusted execution environment starts the secure guest using the secure guest image and at least a portion of the metadata.

An apparatus to facilitate scalable runtime validation for on-device design rule checks is disclosed. The apparatus includes a memory to store a contention set, one or more multiplexors, and a validator communicably coupled to the memory. In one implementation, the validator is to: receive design rule information for the one or more multiplexers, the design rule information referencing the contention set; analyze, using the design rule information, a user bitstream against the contention set at a programming time of the apparatus, the user bitstream for programming the one or more multiplexors; and provide an error indication responsive to identifying a match between the user bitstream and the contention set.