摘要:
Generally, this disclosure provides systems, devices, methods and computer readable media for controlled memory view switching. The system may include a memory module comprising a shared address space between a first memory view and a second memory view. The system may also include a virtual machine monitor (VMM) to maintain a list of Controlled View Switch (CVS) descriptors. The system may further include a processor to receive a memory view switch request and to execute an instruction to save processor state information and switch from the first memory view to the second memory view, wherein the second memory view is specified by an extended page table pointer (EPTP) provided by one of the CVS descriptors.
摘要:
In some embodiments, the invention involves a method and apparatus for secure/authenticated local boot of a host operating system on a computing platform using active management technology (AMT) with a third party data store (3PDS)-based ISO firmware image. A portion of non-volatile memory is hardware secured against access by the host processor and OS, and accessible only to the AMT. The AMT comprises an AT/ATAPI protocol emulator to access an ISO boot image from secured memory, while appearing to the host processor as a communication with an AT/ATAPI device. Other embodiments are described and claimed.
摘要:
A method and device for securely displaying web content with secure web objects across untrusted channels includes downloading web content from a web server. The web content includes tags that a web browser uses to authenticate the current user and identify encrypted web objects packaged in the web content. The computing device authenticates the current user using a biometric recognition procedure. If the current user is authenticated and determined to be authorized to view the decrypted web object, the encrypted web object is decrypted and displayed to the user. If the user is unauthenticated, the encrypted web object is displayed in place of the encrypted web object such that the decrypted web object is displayed for only authorized persons physically present at the computing device. The biometric recognition procedure and web object decryption processes are protected through secure media path circuitry and secure memory.
摘要:
In some embodiments, approaches may provide an out-of-band (OOB) agent to protect a platform. The OOB agent may be able to use non-TRS methods to measure and protect an in-band security agent. In some embodiments, a manageability engine can provide out of band connectivity to the in-band and out-of-band security agents and provide access to the system memory resources without having to rely on OS services. This can be used for a trusted anti-malware and remediation service.
摘要:
Cooperative embedded agents as well as manageability and security operations that can be performed on a host system having cooperative embedded agents are disclosed.
摘要:
A system and method for managing a network using a policy tree which includes a plurality of levels (e.g., two levels, five levels, etc.) is described. When the network receives a request to provide an action to a particular source, the network determines if the action is available as a function of at least one level of the plurality of levels. If the action is available, the network determines if the particular source is authorized to be provided with the action as a function of at least one rule of at least one further level of the plurality of levels. If the particular source is authorized, the network provides the action to the particular source.
摘要:
A pre-cut, pre-folded carton having a hexagonally shaped, preformed bottom with upwardly extending walls which form at the top thereof a generally circular top for receiving and retaining the bottom, enlarged portion of an egg-shaped container therein. A die-cut blank is first formed with a rear wall section and a pair of front wall sections. Each section is of a height sufficient to receive the largest diameter of the egg-shaped container therein and includes depending lower flap portions. The bottom is formed by folding and gluing the lower flap sections. The resulting carton has a first, flat position in which the bottom wall is folded up between the front and rear walls, and a second, open position where the flap sections, which are already secured to form a folded bottom section, are automatically unfolded or extended to form a double-thickness, hexagonal shaped bottom wall. An upper flap folds downwardly and inwardly from the upper edges of the front and rear wall to form a retaining member of reduced diameter which prevents inadvertent removal of the container.
摘要:
The present disclosure is directed to systems and methods for detecting stack-pivot attacks in a processor-based device. Processor circuitry executes one or more applications via sequential execution of instructions on a stack. Stack pivot attacks occur when an attacker takes control of the stack and uses the stack to execute a series of code sections referred to as “gadgets.” A stack-pivot attack detector establishes an allowable processor stack offset change value associated with an application and monitors a processor stack offset change value responsive to an occurrence of a processor stack exchange instruction. A stack-pivot attack is detected when the processor offset change value exceeds the allowable processor stack offset change value. Upon detecting a stack-pivot attack, the stack-pivot detection circuitry causes the selective termination of the application.
摘要:
A trusted time service is provided that can detect resets of a real-time clock and re-initialize the real-time clock with the correct time. The trusted time service provides a secure communication channel from an application requesting a timestamp to the real-time clock, so that malicious code (such as a compromised operating system) cannot intercept a timestamp as it is communicated from the real-time clock to the application. The trusted time service synchronizes wall-clock time with a trusted time server, as well as protects against replay attacks, where a valid data transmission (such as transmission of a valid timestamp) is maliciously or fraudulently repeated or delayed.
摘要:
In an embodiment, a processor includes: at least one core to execute instructions; a cache memory coupled to the at least one core to store data; and a tracker cache memory coupled to the at least one core. The tracker cache memory includes entries to store an integrity value associated with a data block to be written to a memory coupled to the processor. Other embodiments are described and claimed.