Abstract:
Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.
Abstract:
In one embodiment, a semiconductor integrated code (SIC) may be provided in a binary format by a processor manufacturer. This SIC may include platform independent code of the processor manufacturer. Such code may include embedded processor logic to initialize the processor and at least one link that couples the processor to a memory, and embedded memory logic to initialize the memory. Other embodiments are described and claimed.
Abstract:
Systems, apparatuses and methods may provide for verifying, from outside a trusted computing base of a computing system, an identity an enclave instance prior to the enclave instance being launched in the trusted computing base, determining a memory location of the enclave instance and confirming that the memory location is local to the computing system. In one example, the enclave instance is a proxy enclave instance, wherein communications are conducted with one or more additional enclave instances in the trusted computing base via the proxy enclave instance and an unencrypted channel.
Abstract:
A computing device comprises instructions that, when executed, enable the computing device to present a logical representation of a unified view of virtual machines (VMs), each of which executes a respective application in the computing device. The logical representation of the unified view includes a plurality of graphical user interface (GUI) elements for the applications. The operation of presenting the logical representation of the unified view is performed, at least in part, by a unification console that executes in a dedicated VM. The unification console also facilitates operations such as receiving user input pertaining to a selected application among the applications and receiving application output from the selected application. The user input from the unification console is redirected to the selected application in its respective VM. Output is rendered for the user, based on the application output received by the unification console. Other embodiments are described and claimed.
Abstract:
A virtual environment manager (“VEM”) simplifies the usability of virtual machines and provides users with an enhanced design for creating and/or for managing virtual machines (“VMs”). For example, a user can select description information and management information to be included in descriptors and according to which a VEM will create and manage various VM environments for various host environments. The VEM automatically creates the VM environments and host environments by sending descriptor description information and data files associated with the description information to virtual machine monitors (VMMs), which create the VM environments according to the description information. A VEM at each host may manage VM environments executed by the VMM, according to the descriptor management information. Thus, a set of descriptors to create and manage a set of VMs for a home computer may be easily modified by a user to create and manage a set of VMs for a work or laptop computer.
Abstract:
Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.
Abstract:
In an embodiment, a system is adapted to: record at least one measurement of a virtual trusted execution environment in a storage of the system and generate a secret sealed to a state of this measurement; create, using the virtual trusted execution environment, an isolated environment including a secure enclave and an application, the virtual trusted execution environment to protect the isolated environment; receive, in the application, a first measurement quote associated with the virtual trusted execution environment and a second measurement quote associated with the secure enclave; and communicate quote information regarding the first and second measurement quotes to a remote attestation service to enable the remote attestation service to verify the virtual trusted execution environment and the secure enclave, and responsive to the verification the secret is to be provided to the virtual trusted execution environment and the isolated environment. Other embodiments are described and claimed.
Abstract:
Sensor data may be filtered in a secure environment. The filtering may limit distribution of the sensor data. Filtering may modify the sensor data, for example, to prevent identification of a person depicted in a captured image or to prevent acquiring a user's precise location. Filtering may also add or require other data use controls to access the data. Attestation that a filter policy is being applied and working properly or not may be provided as well.
Abstract:
Technologies for end-to-end biometric-based authentication and locality assertion include a computing device with one or more biometric devices. The computing device may securely exchange a key between a driver and a secure enclave. The driver may receive biometric data from the biometric sensor in a virtualization-protected memory buffer and encrypt the biometric data with the shared key. The secure enclave may decrypt the biometric data and perform a biometric authentication operation. The computing device may measure a virtual machine monitor (VMM) to generate attestation information for the VMM. A secure enclave may execute a virtualization report instruction to request the attestation information. The processor may copy the attestation information into the secure enclave memory. The secure enclave may verify the attestation information with a remote attestation server. If verified, the secure enclave may provide a shared secret to the VMM. Other embodiments are described and claimed.
Abstract:
A virtual environment manager (“VEM”) simplifies the usability of virtual machines and provides users with an enhanced design for creating and/or for managing virtual machines (“VMs”). For example, a user can select description information and management information to be included in descriptors and according to which a VEM will create and manage various VM environments for various host environments. The VEM automatically creates the VM environments and host environments by sending descriptor description information and data files associated with the description information to virtual machine monitors (VMMs), which create the VM environments according to the description information. A VEM at each host may manage VM environments executed by the VMM, according to the descriptor management information. Thus, a set of descriptors to create and manage a set of VMs for a home computer may be easily modified by a user to create and manage a set of VMs for a work or laptop computer.