Abstract: A key derivation provider (e.g., a key derivation enclave (KDE)) provides a stable key to trusted codes of application enclaves. The KDE receives, from a trusted code of an application enclave, a request for a key, the request including evidence of the trusted code of the application enclave and a specification of the key being requested. The KDE determines whether the evidence indicates that the trusted code of the application enclave is authorized to access the KDE. The KDE validates the request for the key against a key access policy for the requested key. Responsive to validating the request, the KDE obtains a master key corresponding to the specification of the key being requested, derives the requested key using materials of the obtained master key, and returns the master key to the requesting application enclave.

Abstract: A secure enclave is hosted by an untrusted host and communicatively coupled to at least one client. To detect a rollback attack, the secure enclave generates first hidden data relating to a first persistent data structure and transmits the first hidden data to the at least one client. The secure enclave transmits the first persistent data structure to the host. The secure enclave receives a second persistent data structure from the host and validates that the second persistent data structure is a copy of the first persistent data structure. The validation includes generating second hidden data relating to the second persistent data structure, causing the client to provide the first hidden data, and comparing the first hidden data to the second hidden data to ensure a match.

Abstract: A secure enclave is hosted by an untrusted host. To securely persist data on the untrusted host, the secure enclave generates or updates a persistent file system, wherein the persistent file system is a collection of logical files. The secure enclave segments the persistent file system into a plurality of sectors. The secure enclave provides a key specification to a key derivation enclave. The secure enclave obtains an encryption key dynamically generated based on the key specification. The secure enclave cryptographically protects each of the plurality of sectors using the key and causes the host to write a plurality of encrypted sectors to a disk as a single physical file.

Abstract: A computing system provides clock readings from an untrusted code to trusted code, where the trusted code is executed in a secure enclave and the untrusted code is executed outside the secure enclave. The computing system allocates a pointer to shared memory that is shared between the untrusted code and the trusted code. Under control of the untrusted code, the computing system periodically writes a clock reading to the shared memory. Under control of the trusted code, the computing system reads the clock reading stored in shared memory. The untrusted code cannot determine when the trusted code reads a clock reading.

Abstract: A system that supports the providing of keys to application enclaves (AEs) that can be used to decrypt data regardless of the CPU that executes an application enclave is provided. A key derivation provider provides a key derivation enclave (KDE) that provides keys to authorized AEs that can used to decrypt data regardless of the CPU upon which an AE is currently executing. The KDE provides the same key to affiliated AEs that may have the same trusted code or different trusted code that is provided by the same author. The KDE generates the same key regardless of the CPU on which it is executing. The KDE and the AEs use attestations to ensure that they are communicating with enclaves that include code that is trusted.

Abstract: A computing system provides clock readings from an untrusted code to trusted code, where the trusted code is executed in a secure enclave and the untrusted code is executed outside the secure enclave. The computing system allocates a pointer to shared memory that is shared between the untrusted code and the trusted code. Under control of the untrusted code, the computing system periodically writes a clock reading to the shared memory. Under control of the trusted code, the computing system reads the clock reading stored in shared memory. The untrusted code cannot determine when the trusted code reads a clock reading.

Abstract: In an example, a system and method are disclosed for location-based security for devices such as portable devices. A portable device may be provided with a short-range transceiver (such as RIFD) that is detectable when a user enters or exits an area. The device may also include an encrypted storage divided into a plurality of discrete units. Upon entering an area, the devices identity and location are provided to a policy server. In response, the policy server may wirelessly provide security tokens to the portable device that enable decryption of specific storage units authorized for access in that area. When a user passes back through a portal to the area, the security tokens are revoked, so that access to secured units of the storage is restricted.