Abstract:
The present disclosure includes systems and methods for securing data direct I/O (DDIO) for a secure accelerator interface, in accordance with various embodiments. Historically, DDIO has enabled performance advantages that have outweighed its security risks. DDIO circuitry may be configured to secure DDIO data by using encryption circuitry that is manufactured for use in communications with main memory along the direct memory access (DMA) path. DDIO circuitry may be configured to secure DDIO data by using DDIO encryption circuitry manufactured for use by or manufactured within the DDIO circuitry. Enabling encryption and decryption in the DDIO path by the DDIO circuitry has the potential to close a security gap in modern data central processor units (CPUs).
Abstract:
Technologies for protecting virtual machine memory of a compute device include a virtual machine (VM) instantiated on the compute device, a virtual machine monitor (VMM) established on the compute device to control operation of the VM, a secured memory, and a memory manager. The memory manager receives a memory access request that includes a virtual linear address (LA) from the VM and performs a translation of the LA to a translated host physical address (HPA) of the compute device using one or more page tables associated with the VM and VMM. The memory manager determines whether a secured translation mapping of LA-to-HPA that corresponds to the LA is locked. If the mapping is locked, the memory manager verifies the translation based on a comparison of the translated HPA to a HPA translated using the secured translation mapping and, if verified, performs the memory access request using the translated HPA.
Abstract:
A method for speaker recognition, an electronic device and a speaker recognition system are disclosed. An example method includes receiving speech data corresponding to one or more utterances from a plurality of speakers that include a plurality of voice features. A plurality of variability factors is extracted from the speech data. The dimensionality of the plurality of variability factors is reduced using a non parametric analysis, thereby generating dimensionality reduced features. A score space is defined based at least on the dimensionality reduced features.
Abstract:
Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.
Abstract:
A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.
Abstract:
Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.
Abstract:
In accordance with some embodiments, a protected execution environment may be defined for a graphics processing unit. This framework not only protects the workloads from malware running on the graphics processing unit but also protects those workloads from malware running on the central processing unit. In addition, the trust framework may facilitate proof of secure execution by measuring the code and data structures used to execute the workload. If a part of the trusted computing base of this framework or protected execution environment is compromised, that part can be patched remotely and the patching can be proven remotely throughout attestation in some embodiments.
Abstract:
Methods and apparatus are disclosed to provide for security within a network enclave. In one embodiment authentication logic initiates authentication with a central network authority. Packet processing logic receives a key and an identifier from the central network authority. Security protocol logic then establishes a client-server security association through a communication that includes a client identifier and an encrypted portion and/or an authorization signature, wherein a client authorization key allocated by the central network authority can be reproduced by a server, other than said central network authority, from the client identifier and a derivation key provided to the server by the central network authority to decrypt the encrypted portion and/or to validate the communication using the authorization signature. The server may also provide the client with new session keys and/or new client session identifiers using server-generated derivation keys if desired, protecting these with the client authorization key.
Abstract:
Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.
Abstract:
Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.