Abstract: Methods for reducing the impact of malware during a booting sequence for an interrupt driven computing device are disclosed. One or more parameters associated with an interrupt vector table (IVT) are manipulated to force the computing device into a clean state following a system level portion of the booting sequence. In another embodiment, occurring prior to the loading of an operating system or a call to a non-returnable main( ) function, one or more unused interrupt vectors in an IVT are replaced. A function filter is implemented for one or more interrupt vectors in the IVT to disallow unnecessary interrupt functions from being executed. One or more required interrupt vector functions are replaced with one or more corresponding custom vector functions. One or more memory locations are wiped if the one or more memory locations do not hold at least a portion of the IVT and/or the interrupt vector functions.

Abstract: Verification of trustworthiness of a computing platform is provided. The trustworthiness of the computing platform is dynamically assessed to determine whether a root of trust exists on the computing platform. Responsive to determining existence of the root of trust, data is unsealed from a sealed storage facility. The sealed storage facility is unsealed responsive to a root of trust being determined to exist on the computing platform. The data can be used to attest to the trustworthiness of the computing platform to other device on a network.

Abstract: A method for locating a target wireless device is disclosed. At least one directional antenna is swept through a field of view at each of a plurality of sensing locations. A position is determined for each of the plurality of sensing locations. During the sweep at each of the plurality of sensing locations, a set of signal strength data for the target wireless device and a set of bearing information are collected. A plurality of lines of bearing are determined, one from each of the plurality of sensing locations to the target wireless device, based on the determined position, the collected set of signal strength data, and bearing information for each of the plurality of sensing locations. A target location of the target wireless device is determined based on an intersection of at least two lines of bearing from the plurality of lines of bearing.

Abstract: Methods for reducing the impact of malware during a booting sequence for an interrupt driven computing device are disclosed. One or more parameters associated with an interrupt vector table (IVT) are manipulated to force the computing device into a clean state following a system level portion of the booting sequence. In another embodiment, occurring prior to the loading of an operating system or a call to a non-returnable main( ) function, one or more unused interrupt vectors in an IVT are replaced. A function filter is implemented for one or more interrupt vectors in the IVT to disallow unnecessary interrupt functions from being executed. One or more required interrupt vector functions are replaced with one or more corresponding custom vector functions. One or more memory locations are wiped if the one or more memory locations do not hold at least a portion of the IVT and/or the interrupt vector functions.

Abstract: A method, computer readable medium, and apparatus for securing a processing system includes implementing a virtual machine manager (VMM) using a hardware assisted handler in secure processing apparatus. One or more critical events are monitored with the VMM in the secure processing apparatus. One or more behaviors in response to the one or more monitored critical events are controlled with VMM.

Abstract: A method, computer readable medium, and apparatus that inspects data includes isolating retrieved target data within a protected construct with the data inspection processing apparatus. The security software is isolated such that the security software is able to access the target data within the protected construct with the data inspection processing apparatus. The data inspection processing apparatus scans the isolated target data with the isolated security software. The data inspection processing apparatus reports whether one or more security threats have been identified from the scan of the isolated retrieved target data.