摘要:
Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.
摘要:
In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.
摘要:
In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.
摘要:
Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.
摘要:
Described is a technology by which classes of memory attacks are prevented, including cold boot attacks, DMA attacks, and bus monitoring attacks. In general, secret state such as an AES key and an AES round block are maintained in on-SoC secure storage, such as a cache. Corresponding cache locations are locked to prevent eviction to unsecure storage. AES tables are accessed only in the on-SoC secure storage, to prevent access patterns from being observed. Also described is securely preparing for an interrupt-based context switch during AES round computations and securely resuming from a context switch without needing to repeat any already completed round or round of computations.
摘要:
A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.
摘要:
The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.
摘要:
Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.
摘要:
Described is a technology by which classes of memory attacks are prevented, including cold boot attacks, DMA attacks, and bus monitoring attacks. In general, secret state such as an AES key and an AES round block are maintained in on-SoC secure storage, such as a cache. Corresponding cache locations are locked to prevent eviction to unsecure storage. AES tables are accessed only in the on-SoC secure storage, to prevent access patterns from being observed. Also described is securely preparing for an interrupt-based context switch during AES round computations and securely resuming from a context switch without needing to repeat any already completed round or round of computations.
摘要:
The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.