Abstract: Methods and apparatus for jitter-less distributed Function as a Service (FaaS) using flavor clustering. A set of FaaS functions clustered by flavor chaining is implemented to deploy one or more FaaS flavor clusters on one or more edge nodes, wherein each flavor is defined by a set of resource requirements mapped into a jitter Quality of Service (QoS) and is executed on at least one hardware computing component on the one or more edge nodes. One or more jitter controllers are implemented to control and monitor execution of FaaS functions in the one or more FaaS flavor clusters such that the functions are executed to meet jitter-less QoS requirements. Jitter controllers include platform jitter-less function controllers in edge nodes and a data center FaaS jitter-less controller. A jitter-less Software Defined Wide Area Network (SD-WAN) network controller is also provided to provide network resources used by FaaS flavor clusters and satisfy connectivity requirements between the edge nodes.

Abstract: Various systems and methods are described to enable cyber-physical protections in edge computing platforms, including with countermeasures that mitigate and halt a variety of digital or real-world attacks. In an example, an attack detection and response engine is used to monitor processing circuitry, with operations that: identify operational data from processing circuitry that operates multiple layers (e.g., of an IP block) to perform compute operations, with trust of the processing circuitry established based on attestation of a hardware root of trust (RoT); evaluate the operational data to identify an attack condition at the processing circuitry, based on monitoring an operational layer of the multiple layers; and provide a digital attack response to the processing circuitry, in response to identifying the attack condition, to deploy the digital attack response and cause a countermeasure at the operational layer of the processing circuitry.

Abstract: Various aspects of methods, systems, and use cases for verification and attestation of operations in an edge computing environment are described, based on use of a trust calculus and established definitions of trustworthiness properties. In an example, an edge computing verification node is configured to: obtain a trust representation, corresponding to an edge computing feature, that is defined with a trust calculus and provided in a data definition language; receive, from an edge computing node, compute results and attestation evidence from the edge computing feature; attempt validation of the attestation evidence based on attestation properties defined by the trust representation; and communicate an indication of trustworthiness for the compute results, based on the validation of the attestation evidence. In further examples, the trust representation and validation is used in a named function network (NFN), for dynamic composition and execution of a function.

Abstract: Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.

Abstract: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.

Abstract: Software and other electronic services are increasingly being executed in cloud computing environments. Edge computing environments may be used to bridge the gap between cloud computing environments and end-user software and electronic devices, and may implement Functions-as-a-Service (FaaS). FaaS may be used to create flavors of particular services, a chain of related functions that implements all or a portion of a FaaS edge workflow or workload. A FaaS Temporal Software-Defined Wide-Area Network (SD-WAN) may be used to receive a computing request and decompose the computing request into several FaaS flavors, enable dynamic creation of SD-WANs for each FaaS flavor, execute the FaaS flavors in their respective SD-WAN, return a result, and destroy the SD-WANs. The FaaS Temporal SD-WAN expands upon current edge systems by allowing low-latency creation of SD-WAN virtual networks bound to a set of function instances that are created to a execute a particular service request.

Abstract: A system for trust brokering as a service includes an edge computing node and a trust brokering service edge computing device. The trust brokering service edge computing device receives a computing workload request from an application configured to process secure data and identifies a set of security requirements associated with the request. The device also identifies a security feature present in the set of security requirements but not provided by the edge computing node. To address this, the device generates an application execution environment that includes a secure plugin providing the security feature and a virtual device representing the edge computing node. The computing workload request is then executed at the application execution environment, providing a secure and efficient solution for trust brokering as a service.

Abstract: Various systems and methods are described for implementing attestation operations. A computing device includes a processor; and memory to store instructions, which when executed by the processor, cause the computing device to: receive a workload from a source computing device over a network shared with the computing device; determine whether the workload has valid attestation; establish attestation for the workload when the workload does not have valid attestation; determine whether the attestation is compliant with a policy; and execute the workload when the attestation is compliant with the policy.

Abstract: Various systems and methods for providing consensus-based named function execution are described herein. A system is configured to access an interest packet received from a user device, the interest packet including a function name of a function and a data payload; broadcast the interest packet to a plurality of compute nodes, wherein the plurality of compute nodes are configured to execute a respective instance of the function; receive a plurality of responses from the plurality of compute nodes, the plurality of responses including respective results of the execution of the respective instances of the function; analyze the plurality of responses using a consensus protocol to identify a consensus result; and transmit the consensus result to the user device.

Abstract: Methods, apparatus, systems and articles of manufacture to train a model using attestation data are disclosed. An example apparatus includes a model trainer to train a machine learning model using a golden training data set received from a server to generate golden training results; and an attestation result generator to: compare the shared model training results to the golden training results; and determine if attestation of the shared model training results passes based on the comparison of the shared model training results and the golden training results.

Abstract: Various systems and methods for providing decentralized reputation management in a named-function network are described herein. A compute node is configured to access an information centric network (ICN) interest packet from a user device, the ICN interest packet including a function name and a data name; construct a named-function network (NFN) interest packet using the function name; transmit the NFN interest packet to a function provider; receive an NFN data packet with a version of a function corresponding to the function name; construct a named-data network (NDN) interest packet using the data name; receive an NDN data packet with a data value corresponding to the data name; determine that the version of the function is not on a denylist; and initiate execution of the version of the function with the data value in response to determining that the version of the function is not on the denylist.

Abstract: Systems, methods, articles of manufacture, and apparatus for end-to-end hardware tracing in an Edge network are disclosed. An example compute device includes at least one memory, instructions in the compute device, and processing circuitry to execute the instructions to, in response to receiving detecting an object having a global group identifier, generate monitoring data corresponding to a respective process executing on the compute device, the monitoring data including a process identifier, index the monitoring data having the process identifier to the corresponding global group identifier, synchronize a time stamp of the monitoring data to a network time protocol corresponding to the global group identifier, and transmit the indexed and synchronized monitoring data as tracing data in to the a tracing datastore.

Abstract: System and techniques for information centric network (ICN) routing are described herein. An ICN node receives an interest packet including a name for content. The name is hashed to create an index. A bit that corresponds to the index is retrieved from an array of bits. The ICN node then routes the interest packet based on the bit.

Abstract: Methods, apparatus, systems and articles of manufacture to offload execution of a portion of a machine learning model are disclosed. An example apparatus includes processor circuitry to instantiate offload controller circuitry to select a first portion of layers of the machine learning model for execution at a first node and a second portion of the layers for remote execution for execution at a second node, model executor circuitry to execute the first portion of the layers, serialization circuitry to serialize the output of the execution of the first portion of the layers, and a network interface to transmit a request for execution of the machine learning model to the second node, the request including the serialized output of the execution of the first portion of the layers of the machine learning model and a layer identifier identifying the second portion of the layers of the machine learning model.

Abstract: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.

Abstract: Methods, apparatus, systems, and articles of manufacture to protect proprietary functionality and/or other content in hardware and software are disclosed. An example computer apparatus includes; a first circuit including a first interface, the first circuit associated with a first domain; a second circuit including a second interface, the second circuit associated with a second domain; and a chip manager to generate a first authenticated interface for the first interface using a first token and to generate a second authenticated interface for the second interface using a second token to enable communication between the first authenticated interface and the second authenticated interface.

Abstract: Methods and apparatus to verify trained models in edge environments are disclosed. An example apparatus to validate a trained model in an edge environment includes an attestation verifier to determine an attestation score of the model received at a first appliance, the attestation score calculated at a second appliance different from the first appliance, a comparator to compare the attestation score to a threshold, a validator to validate the model based on the comparison, and an executor to at least one of execute or deploy the model based on the validation.

Abstract: Methods, systems, and use cases for verifying operations of trusted hardware, such as with a memory monitor, are disclosed, with implementation in a computing system. In an example, a computing system includes memory circuitry including a DRAM device, processing circuitry operably coupled to the DRAM device, and a field programmable gate array (FPGA) configured to install and provision a memory monitor. The memory monitor is provided from an external verifier entity, and the memory monitor is operated by the FPGA to monitor operations of the DRAM device. The FPGA includes a Root of Trust (RoT) hardware component that is compliant with a Device Identifier Composition Engine (DICE) trusted computing specification, and DICE attestation using the RoT hardware component is used to verify a secure state of the memory monitor with the verifier entity, during operation of the memory monitor.

Abstract: Various aspects of methods, systems, and use cases for verification and attestation of operations in an edge computing environment are described, based on use of a trust calculus and established definitions of trustworthiness properties. In an example, an edge computing verification node is configured to: obtain a trust representation, corresponding to an edge computing feature, that is defined with a trust calculus and provided in a data definition language; receive, from an edge computing node, compute results and attestation evidence from the edge computing feature; attempt validation of the attestation evidence based on attestation properties defined by the trust representation; and communicate an indication of trustworthiness for the compute results, based on the validation of the attestation evidence. In further examples, the trust representation and validation is used in a named function network (NFN), for dynamic composition and execution of a function.

Abstract: Methods and apparatus for jitter-less distributed Function as a Service (FaaS) using flavor clustering. A set of FaaS functions clustered by flavor chaining is implemented to deploy one or more FaaS flavor clusters on one or more edge nodes, wherein each flavor is defined by a set of resource requirements mapped into a jitter Quality of Service (QoS) and is executed on at least one hardware computing component on the one or more edge nodes. One or more jitter controllers are implemented to control and monitor execution of FaaS functions in the one or more FaaS flavor clusters such that the functions are executed to meet jitter-less QoS requirements. Jitter controllers include platform jitter-less function controllers in edge nodes and a data center FaaS jitter-less controller. A jitter-less Software Defined Wide Area Network (SD-WAN) network controller is also provided to provide network resources used by FaaS flavor clusters and satisfy connectivity requirements between the edge nodes.