Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

Various examples are provided related to software and hardware architectures that enable a lightweight incremental encryption scheme that is implemented on a System-on-chip (SoC) resource such as a network interface. In one example, among others, a method for incremental encryption includes obtaining, by a network interface (NI) of a sender intellectual property (IP) core in a network-on-chip (NoC) based system-on-chip (SoC) architecture, a payload for communication to a receiver intellectual property (IP) core; identifying, by the NI, one or more different blocks between the payload and a payload of a previous packet communicated between the sender IP core and the receiver IP core; and encrypting, by the NI, the one or more different blocks to create encrypted blocks of an encrypted payload.

A compute instance is instrumented to detect certain kernel memory allocation functions, in particular functions that allocate heap memory and/or make allocated memory executable. Dynamic shell code exploits can then be detected when code executing from heap memory allocates additional heap memory and makes that additional heap memory executable.

A compute instance is instrumented to detect certain kernel memory allocation functions, in particular functions that allocate heap memory and/or make allocated memory executable. Dynamic shell code exploits can then be detected when code executing from heap memory allocates additional heap memory and makes that additional heap memory executable.

A Software in the Loop (SiL) system and method is disclosed which may include a simulator operable to provide an environment to simulate dynamic systems, enable rapid development, validation of systems, and testing of complex systems. The system and method may include assembling one or more unsecured models operable to simulate the real-world system. The system and method may then encrypt and generate at least one secured model from the one or more unsecured models using a first cryptographic key. The at least one secured model may be decrypted using a sealed decryption key. The decrypted secured model may then be executed within the one or more TEEs. The at least one secured model may be operable to process incoming data and outgoing data.

A Software in the Loop (SiL) system and method is disclosed which may include a simulator operable to provide an environment to simulate dynamic systems, enable rapid development, validation of systems, and testing of complex systems. The system and method may include assembling one or more unsecured models operable to simulate the real-world system. The system and method may then encrypt and generate at least one secured model from the one or more unsecured models using a first cryptographic key. The at least one secured model may be decrypted using a sealed decryption key. The decrypted secured model may then be executed within the one or more TEEs. The at least one secured model may be operable to process incoming data and outgoing data.

An electronic device is provided. The electronic device includes a communication circuit, a display, a memory including a first display driver, a processor functionally connected with the communication circuit, the display, and the memory, and a secure module which is physically separated from the processor, and includes a secure processor and a second display driver, and the secure processor is configured to: when secure data is received from an external server through the communication circuit, disable the first display driver and enable the second display driver, and output a user interface including a first object corresponding to the secure data to the display by using the enabled second display driver.

An electronic device is provided. The electronic device includes a communication circuit, a display, a memory including a first display driver, a processor functionally connected with the communication circuit, the display, and the memory, and a secure module which is physically separated from the processor, and includes a secure processor and a second display driver, and the secure processor is configured to: when secure data is received from an external server through the communication circuit, disable the first display driver and enable the second display driver, and output a user interface including a first object corresponding to the secure data to the display by using the enabled second display driver.

In various examples, a VPU and associated components may be optimized to improve VPU performance and throughput. For example, the VPU may include a min/max collector, automatic store predication functionality, a SIMD data path organization that allows for inter-lane sharing, a transposed load/store with stride parameter functionality, a load with permute and zero insertion functionality, hardware, logic, and memory layout functionality to allow for two point and two by two point lookups, and per memory bank load caching capabilities. In addition, decoupled accelerators may be used to offload VPU processing tasks to increase throughput and performance, and a hardware sequencer may be included in a DMA system to reduce programming complexity of the VPU and the DMA system. The DMA and VPU may execute a VPU configuration mode that allows the VPU and DMA to operate without a processing controller for performing dynamic region based data movement operations.

An apparatus and method are provided for inhibiting instruction manipulation. The apparatus has execution circuitry for performing data processing operations in response to a sequence of instructions from an instruction set, and decoder circuitry for decoding each instruction in the sequence in order to generate control signals for the execution circuitry. Each instruction comprises a plurality of instruction bits, and the decoder circuitry is arranged to perform a decode operation on each instruction to determine from the value of each instruction bit, and knowledge of the instruction set, the control signals to be issued to the execution circuitry in response to that instruction. An input path to the decoder circuitry comprises a set of wires over which the instruction bits of each instruction are provided. Scrambling circuitry is used to perform a scrambling function on each instruction using a secret scrambling key, such that the wire within the set of wires over which any given instruction bit is provided to the decoder circuitry is dependent on the secret scrambling key. The decode operation performed by the decoder circuitry is then adapted to incorporate a descrambling function using the secret scrambling key to reverse the effect of the scrambling function. As a result, independent of which wire any given instruction bit is provided on, the decode operation is arranged when decoding a given instruction to correctly interpret each instruction bit of that given instruction, based on knowledge of the instruction set, in order to determine from the value of each instruction bit the control signals to be issued to the execution circuitry in response to that given instruction.