Abstract: Anomalous behavior in a multi-tenant computing environment may be identified by analyzing hardware sensor value data associated with hardware events on a host machine. A privileged virtual machine instance executing on a host machine acquires hardware sensor values and causes the values to be compared to other hardware sensor value data that may be indicative of anomalous behavior; for example, various threshold values, patterns, and/or signatures of hardware counter values generated by analyzing and correlating hardware event counter data. In this manner, potential anomalous behavior on an instance may be determined without having to access customer data or workloads associated with the instance.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract: Methods and apparatus for a computing infrastructure for configurable-quality random data are disclosed. A storage medium stores program instructions that when executed on a processor designate some servers of a provider network as members of a pool of producers of random data usable by random data consumers. The instructions, when executed, determine a subset of the pool to be used to supply a collection of random data intended for a random data consumer, and one or more sources of random phenomena to be used to generate the collection of random data. The instructions, when executed, initiate a transmission of the collection of random data directed to the random data consumer.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: An apparatus suspends a personal radiation protection garment above a work surface. The suspension apparatus comprises a support member positioned above the work surface, a cable mechanically suspended from the support member, and means for counter-balancing the weight of the personal radiation protection garment attached to the cable. Means for attaching the counter-balancing means to the personal radiation protection garment suspend the personal radiation protection garment. The attaching means includes means for disconnecting the garment from the counter-balancing means, the disconnecting means manually operable by one hand of a user and disposed within reach of the user while wearing the personal radiation protection garment attached to the counter-balancing means.

Abstract: A trigger assembly includes a trigger shoe configured to disengage a sear to release a firing mechanism in response to force applied by a user. The trigger assembly further includes a blocking mechanism configured to selectively prevent the release of the firing mechanism in response to a control signal.

Abstract: A graph of a plurality of resources in a computing environment is generated, with the graph associating a first resource of the plurality with a second resource of the plurality. Based at least in part on measurements obtained at a point in a test computing environment that corresponds to a point in the computing environment, an expected value or expected range of values is determined. An assessment of a security state of the computing environment is generated based at least in part on a comparison between a measurement obtained at the point in the computing environment and the expected value or expected range of values, and responsive to a determination that the assessment indicates a rule violation in the computing environment, a security action is performed.

Abstract: A computer-implemented method includes restricting access to customer data to certain geographic regions authorized by the customer. The restriction can be managed by associating policy information with the customer data that identifies the geographic regions authorized by the customer. Resources attempting to access the customer data can evaluate the policy information associated with the customer data with respect to the geographic location in which the resource is located to determine whether the resource is permitted to access the customer data. The restriction can also be managed by encrypting the customer data with a cryptographic key that corresponds to the customer and/or the authorized geographic regions.

Abstract: A system and method for threat detection and mitigation through run-time introspection. The system and method comprising receiving a request to monitor a computing environment. Based on the received request, the system and method further includes determining a set of introspection points for monitoring the computing environment. receive a request to monitor a computing environment, measuring at individual introspection points of the set of introspection points to obtain a set of measurements, generating a graph of a set of resources in the computing environment, wherein the graph correlates individual resources in the set of resources to other resources based on at based at least in part on the set of measurements, and determining whether to perform a security action based at least in part on whether an evaluation of the graph indicates a threat to the computing environment.

Abstract: Methods and apparatus for a security mechanism evaluation service are disclosed. A storage medium stores program instructions that when executed on a processor define a programmatic interface enabling a client to submit an evaluation request for a security mechanism. On receiving an evaluation request from a client indicating a particular security mechanism using public-key encryption, the instructions when executed, identify resources of a provider network to be used to respond. The instructions, when executed, provide to the client, one or more of: (a) a trustworthiness indicator for a certificate authority that issued a public-key certificate in accordance with the particular security mechanism; (b) a result of a syntax analysis of the public-key certificate; or (c) a vulnerability indicator for a key pair.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: A trigger assembly includes a plurality of components including a trigger shoe configured to disengage a firing mechanism in response to a force applied by a user. The trigger assembly further includes a first PCB having at least one optical sensor to receive light and a controller configured to determine a positional state of at least one of the trigger shoe and a selected one of the plurality of components in response to the light received by the at least one optical sensor.

Abstract: An externally supported foil with reversible camber and variable chord length is described that allows a thin foil of efficient deformed shape to generate lift equally on opposite angles of attack to a fluid flow. The foil is supported at the leading and trailing edges to ribs that are in turn connected to spanwise spars forming an external structure attachable to a body. The foil is held by leading edge hinge(s) and trailing edge elastic membrane(s) along the span or at the ribs. Membrane pretension keeps the foil taut while generating no lift when parallel to a flow. When rotated by an external mechanism to generate an angle of attack, the membrane stretches due to the differential pressures generated on the foil surface; thereby, passively increasing the chord length and camber. Rib cutouts dictate the deformed aerodynamic or hydrodynamic foil shape that then generates lift.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: An automatic braking indicator according to one example embodiment includes a sensor for detecting a plurality of accelerations of a vehicle, a processor in communication with the sensor and a brake light switch in communication with the processor. The processor receives signals from the sensor corresponding to the plurality of accelerations of the vehicle, filters the signals from the sensor to remove signals from vehicle vibrations, compares a first signal corresponding to a first acceleration of the vehicle to a first set amount and sends a brake signal to the brake light switch to turn a brake light on if the first acceleration of the vehicle is less than the first set amount.

Abstract: Methods and apparatus for a configurable-quality random data service are disclosed. A method includes implementing programmatic interfaces enabling a determination of respective characteristics of random data to be delivered to one or more clients of a random data service of a provider network. The method includes implementing security protocols for transmission of random data to the clients, including a protocol for transmission of random data to trusted clients at devices within the provider network. The method further includes obtaining, on behalf of a particular client and in accordance with the determined characteristics, random data from one or more servers of the provider network, and initiating a transmission of the random data directed to a destination associated with the particular client.

Abstract: A trigger assembly includes a trigger shoe configured to disengage a sear to release a firing mechanism in response to force applied by a user. The trigger assembly further includes a blocking mechanism configured to selectively prevent the release of the firing mechanism in response to a control signal.

Abstract: A trigger assembly includes a plurality of components including a trigger shoe configured to disengage a firing mechanism in response to a force applied by a user. The trigger assembly further includes a first PCB having at least one optical sensor to receive light and a controller configured to determine a positional state of at least one of the trigger shoe and a selected one of the plurality of components in response to the light received by the at least one optical sensor.

Abstract: A trigger assembly includes a trigger shoe configured to disengage a sear to release a firing mechanism in response to force applied by a user. The trigger assembly further includes a blocking mechanism configured to selectively prevent the release of the firing mechanism in response to a control signal.