Abstract: In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied.

Abstract: In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.

Abstract: A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.

Abstract: To establish trust between first and second entities, the first entity sends an attestation message to the second entity, including a code ID, relevant data, a digital signature based on the code ID and data, and a certificate chain. The second entity verifies the signature and decides whether to in fact enter into a trust-based relationship with the first entity based on the code ID and the data in the attestation message. Upon so deciding, the second entity sends a trust message to the first entity, including a secret to be shared between the first and second entities. The first entity obtains the shared secret in the trust message and employs the shared secret to exchange information with the second entity.

Abstract: Techniques are disclosed to support hosting of a first operating system by a second operating system, where the first system provides at least some of the infrastructure for the second system. A facility is provided whereby the second system can receive data from the first system without the first system being able to modify that data. The second system may use the first system's scheduler by creating shadow threads and synchronization objects known to the first system, while the second system makes the final decision as to whether a thread runs. Separate memory may be allocated to both systems at boot time, or dynamically during their operation. The techniques herein may be used to protect the second system from actions arising in the first system. Preferably, the interaction between the first and second systems is facilitated by a security monitor, which assists in protecting the second system from the first.

Abstract: Runtime checks on a program may be used to determine whether a pointer points to a legitimate target before the pointer is dereferenced. Legitimate addresses, such as address-taken local variables (ATLVs), global variables, heap locations, functions, etc., are tracked, so that the legitimate targets of pointers are known. The program may be transformed so that, prior to dereferencing a pointer, the pointer is checked to ensure that it points to a legitimate address. If the pointer points to a legitimate address, then the dereferencing may proceed. Otherwise, an error routine may be invoked. One example way to keep track of legitimate addresses is to group address-taken variables together within a specific range or ranges of memory addresses, and to check that a pointer has a value within that range prior to dereferencing the pointer. However, addresses may be tracked in other ways.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with another aspect, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The data is decrypted using public key decryption and returned to the calling program only if the calling program is allowed to access the data.

Abstract: To determine whether digital content can be released to an element such as a computer application or module, a scaled value representative of the relative security of the element is associated therewith, and the digital content has a corresponding digital license setting forth a security requirement. The security requirement is obtained from the digital license and the scaled value is obtained from the element, and the scaled value of the element is compared to the security requirement of the digital license to determine whether the scaled value satisfies the security requirement. The digital content is not released to the element if the scaled value does not satisfy the security requirement.

Abstract: In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.

Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.

Abstract: The behavior of a system call may be modified. A modification component may pre-processes and/or post-process a system call to change the behavior of the system call. Pre-processing may involve modifying arguments to the system call, replacing one system call with another, intercepting the system call, etc. Post-processing may involve modifying results and/or side effects of a system call. The modification component may pre-process and/or post-process the system call without changes to the underlying kernel service routine that is normally invoked in response to the system call. Modifying the system call's behavior may be used to implement quality of service (QoS) constraints, to allow one operating system to emulate another, to provide information about memory layout to an application, or to serve other goals.

Abstract: To render digital content encrypted according to a content key (KD) on a first device having a public key (PU1) and a corresponding private key (PR1), a digital license corresponding to the content is obtained, where the digital license includes the content key (KD) therein in an encrypted form. The encrypted content key (KD) from the digital license is decrypted to produce the content key (KD), and the public key (PU1) of the first device is obtained therefrom. The content key (KD) is then encrypted according to the public key (PU1) of the first device (PU1 (KD)), and a sub-license corresponding to and based on the obtained license is composed, where the sub-license includes (PU1 (KD)). The composed sub-license is then transferred to the first device.

Abstract: A device for securely recording protected content to a portable memory, and for reading the protected content therefrom. The device includes a feature that makes it adapted to read or write specially-configured portable memories that are incompatible with standard read/write devices. For example, the device may be designed to work with memories having an unusual shape or size, or may manipulate the data in a non-standard way before storing it on the memory. The read/write devices are trusted components that will only handle the protected content in accordance with rules governing the content. The feature included in the device is preferably a proprietary and/or hardware feature, so that counterfeit devices incorporating the feature cannot be built without overcoming economic and/or legal hurdles.

Abstract: A digital rights management (DRM) system, an application, and a DRM digital license for the application are all on a computing device. The application is for being executed to perform a function and includes code requiring that the DRM system determine that the application is allowed to be executed to perform the function based on the license. The application further includes code for determining that the application is to be executed on one of the computing device or in connection with the DRM system.

Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

Abstract: A data storage resource is identifiable by physical addresses, and optionally by a virtual address. A policy defines which resources are accessible and which resources are not accessible. A request to access a resource is allowed if access to the resource is permitted by the policy, and if carrying out the access will not cause virtual addresses to be assigned to resources to which the policy disallows access. Since resources to which access is disallowed do not have virtual addresses, certain types of access requests that identify a resource by a virtual address can be allowed without consulting the policy.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.