Abstract: A method for providing graph-based application modeling to facilitate application lifecycle management is disclosed. The method includes receiving, via a graphical user interface, an input, the input relating to a request to design and develop an application; determining, based on the input, a model development plan, the model development plan including a universal schema that is compatible with a variety of application development schemas; generating a model based on the model development plan and the input, the model relating to an illustration of a topology corresponding to the application; associating the model with the application; storing the model and the association in a model repository; and exposing the model via a network interface.

Abstract: Integrated controls frameworks are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for using an integrated control framework for an application comprising a plurality of application modules may include: (1) defining an application profile, an application model, and a target cloud environment for an application; (2) identifying a plurality of security, resiliency, and controls requirements for the target cloud environment; (3) configuring a plurality of security controls for the application based on the plurality of security, resiliency, and controls requirements; and (4) deploying the security controls to the target cloud environment.

Abstract: Integrated controls frameworks are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for using an integrated control framework for an application comprising a plurality of application modules may include: (1) defining an application profile, an application model, and a target cloud environment for an application; (2) identifying a plurality of security, resiliency, and controls requirements for the target cloud environment; (3) configuring a plurality of security controls for the application based on the plurality of security, resiliency, and controls requirements; and (4) deploying the security controls to the target cloud environment.

Abstract: A method for providing graph-based application modeling to facilitate application lifecycle management is disclosed. The method includes receiving, via a graphical user interface, an input, the input relating to a request to design and develop an application; determining, based on the input, a model development plan, the model development plan including a universal schema that is compatible with a variety of application development schemas; generating a model based on the model development plan and the input, the model relating to an illustration of a topology corresponding to the application; associating the model with the application; storing the model and the association in a model repository; and exposing the model via a network interface.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with a potentially untrusted requestor. In one aspect, a targeting protocol head may receive a request for protected data from a potentially untrusted requestor associated with a TrEE, and an attestation statement of the TrEE. The targeting protocol head may retrieve the protected data, and obtain a targeting key of the TrEE from, for example, the request in the case of clean room provisioning, or the attestation statement. The targeting protocol head may generate targeted protected data by encrypting the protected data with the targeting key, and provide the targeted protected data to the potentially untrusted requestor, where a private targeting key of the TrEE is required to decrypt the targeted protected data.

Abstract: Integrated controls frameworks are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for using an integrated control framework for an application comprising a plurality of application modules may include: (1) defining an application profile, an application model, and a target cloud environment for an application; (2) identifying a plurality of security, resiliency, and controls requirements for the target cloud environment; (3) configuring a plurality of security controls for the application based on the plurality of security, resiliency, and controls requirements; and (4) deploying the security controls to the target cloud environment.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with an untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data may register a public encryption key of a TrEE that corresponds to a private encryption key held by the TrEE or a symmetric key of the TrEE. The targeting protocol head may receive a request for protected data from a requestor associated with the TrEE, and retrieve the protected data for example, from a key management system or store of protected data. The targeting protocol head may generate targeted protected data by encrypting the protected data with the public encryption key or symmetric key of the TrEE. The targeting protocol head may then send the targeted protected data to the requestor.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE) associated with an untrusted requestor. The nested TrEE may include a trustlet running on top of secure kernel. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, an attestation statement of the secure kernel, and a key certification statement. The key certification statement may bind a trustlet public encryption key and a trustlet ID. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the trustlet public encryption key. The targeting protocol head may then send the encrypted protected data to the requestor.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE) associated with an untrusted requestor. The nested TrEE may include a trustlet running on top of secure kernel. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, an attestation statement of the secure kernel, and a key certification statement. The key certification statement may bind a trustlet public encryption key and a trustlet ID. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the trustlet public encryption key. The targeting protocol head may then send the encrypted protected data to the requestor.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with an untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data may register a public encryption key of a TrEE that corresponds to a private encryption key held by the TrEE or a symmetric key of the TrEE. The targeting protocol head may receive a request for protected data from a requestor associated with the TrEE, and retrieve the protected data for example, from a key management system or store of protected data. The targeting protocol head may generate targeted protected data by encrypting the protected data with the public encryption key or symmetric key of the TrEE. The targeting protocol head may then send the targeted protected data to the requestor.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with a potentially untrusted requestor. In one aspect, a targeting protocol head may receive a request for protected data from a potentially untrusted requestor associated with a TrEE, and an attestation statement of the TrEE. The targeting protocol head may retrieve the protected data, and obtain a targeting key of the TrEE from, for example, the request in the case of clean room provisioning, or the attestation statement. The targeting protocol head may generate targeted protected data by encrypting the protected data with the targeting key, and provide the targeted protected data to the potentially untrusted requestor, where a private targeting key of the TrEE is required to decrypt the targeted protected data.

Abstract: Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor.

Abstract: Bifurcated authentication token techniques are described in which sign-on credentials are separated from corresponding privilege data for resources. During client authentication, a determination is made regarding whether a service provider is configured to support bifurcated authentication token techniques. If the techniques are supported, a lightweight token is issued to the client and corresponding privilege data is stored separately from the token in a centralized authentication database. If a service provider does not support bifurcated authentication token techniques, a traditional, combined authentication token that includes privilege data is issued to the client. The lightweight token contains identity information and a reference to the privilege data, but does not contain the actual privilege data. Therefore, the lightweight cookie token alone is not sufficient to gain access to corresponding resources.

Abstract: A system that includes an account management module configured to maintain protected accounts. For instance, a particular protected account includes a protected data set that is not readable outside of the system, and perhaps not even readable outside of the account. The particular data set corresponds to a particular entity assigned to the particular account and that includes keys corresponding to the particular entity. A security processor uses at least some of the plurality of keys to perform cryptographic processes in response to one or more trusted execution environment commands received from the particular entity.

Abstract: Bifurcated authentication token techniques are described in which sign-on credentials are separated from corresponding privilege data for resources. During client authentication, a determination is made regarding whether a service provider is configured to support bifurcated authentication token techniques. If the techniques are supported, a lightweight token is issued to the client and corresponding privilege data is stored separately from the token in a centralized authentication database. If a service provider does not support bifurcated authentication token techniques, a traditional, combined authentication token that includes privilege data is issued to the client. The lightweight token contains identity information and a reference to the privilege data, but does not contain the actual privilege data. Therefore, the lightweight cookie token alone is not sufficient to gain access to corresponding resources.

Abstract: Protecting user credentials from a computing device includes establishing a secure session between a computing device and an identity provider (e.g., a Web service). Parameters of the secure session are communicated to a credential service, which renegotiates or resumes the secure session to establish a new secure session between the credential service and the identity provider. User credentials are passed from the credential service to the identity provider via the new secure session, but the computing device does not have the parameters of the new secure session and thus does not have access to the passed user credentials. The credential service then renegotiates or resumes the secure session again to establish an additional secure session between the credential service and the identity provider. Parameters of the additional secure session are communicated to the computing device to allow the computing device to continue communicating securely with the identity provider.

Abstract: Input challenge based authentication techniques are described in which data regarding a user's input signature is employed for authentication of the user to access resources. Different users have distinct input signatures that are indicative of the manner in which each individual user provides input including at least typing characteristics and timing data. Data regarding input signatures may be captured from user interaction with computing devices and associated with user accounts. Once sufficient data regarding a user's input signature is captured, access to a user account may be controlled at least in part based on the input signature. To do so, an input challenge that indicates a non-secret pattern of input is presented to the user in connection with an authentication sequence. The user reproduces the non-secret pattern of input and selective access to the user account is granted depending upon whether or not the reproduction matches the input signature.

Abstract: Cloning of a virtual machine having a trusted executed environment such as a software-based trusted platform module. In order to clone the virtual machine, the virtual machine state of the source virtual machine is copied to formulate a target virtual machine state that is to be associated with a target virtual machine. The target virtual machine is a clone of the source virtual machine state, and thus the storage hierarchy of the trusted execution environment may be the same for the trusted execution environment in the source and target virtual machine states. However, because the identity of the target virtual machine is different than that of the source virtual machine, the endorsement hierarchy of the target virtual machine state is altered such that it is based on the identity of the target virtual machine, rather than the source virtual machine.

Abstract: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.