Abstract: An electronic device includes a memory and at least one processor coupled to the memory. The at least one processor is configured to identify a device change event in a host operating system, wherein the host operating system includes a host namespace, switch from the host namespace to a container namespace of a container, and update the container with information based on the device change event.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

Abstract: A method for implementing a shared memory buffer includes at an apparatus comprising a processor and a physical memory, running a host environment with a host virtual memory. The method further includes running a guest environment with a guest virtual memory, performing, by the host environment, an allocation of a frame buffer in the physical memory, and mapping the allocated frame buffer into the host virtual memory. Additionally, the method includes passing a handle of the allocated frame buffer to the guest environment and performing a mapping of the allocated frame buffer into the guest virtual memory, the mapping based on the handle of the allocated frame buffer.

Abstract: A connected device includes an application processor, a secure element, and a control module. The application processor is configured to receive a control command from an electronic device. The secure element is connected between the application processor and a control module and is configured to authenticate the control command. The control module is configured to receive the control command when the control command is authenticated by the secure element, execute the control command to activate at least one function of the connected device, and transmit a response to the electronic device.

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to identify a device change event in a host operating system, wherein the host operating system includes a host namespace, switch from the host namespace to a container namespace of a container, and update the container with information based on the device change event.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

Abstract: A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

Abstract: An apparatus and method for reducing boot time of an electronic device are provided. The electronic device includes electronic device is provided. The electronic device includes a processor including at least one system register; and an Operating System (OS) including an OS component having at least one reserved area, each reserved area including a static memory structure. The OS component is configured to, during a booting process, copy addresses of the at least one static memory structure into at least one of the plurality of system registers, and initialize the static memory structures located at the copied addresses.

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

Abstract: A method for implementing a shared memory buffer includes at an apparatus comprising a processor and a physical memory, running a host environment with a host virtual memory. The method further includes running a guest environment with a guest virtual memory, performing, by the host environment, an allocation of a frame buffer in the physical memory, and mapping the allocated frame buffer into the host virtual memory. Additionally, the method includes passing a handle of the allocated frame buffer to the guest environment and performing a mapping of the allocated frame buffer into the guest virtual memory, the mapping based on the handle of the allocated frame buffer.

Abstract: A Protected Walk-based Shadow Paging (PWSP) method includes storing a multiple level first stage (S1) page tables structure in second stage (S2) page tables. The method includes: when an S1 page table in an S2 page table entry is marked with a writable attribute: (i) permitting an operating system (OS) to write to the S1 page table, (ii) blocking a memory management unit (MMU) from reading the S1 page table for translation, and (iii) in response, verifying the S1 page table for translation and changing the marking of the S1 page table in the S2 page table entry to a read-only attribute, enabling the MMU to subsequently read the S1 page table.

Abstract: A connected device includes an application processor, a secure element, and a control module. The application processor is configured to receive a control command from an electronic device. The secure element is connected between the application processor and a control module and is configured to authenticate the control command. The control module is configured to receive the control command when the control command is authenticated by the secure element, execute the control command to activate at least one function of the connected device, and transmit a response to the electronic device.

Abstract: PWSP method includes storing a multiple level page tables structure in second stage page tables (S2). The method includes: when an S2 entry is marked with a writable attribute: (i) permitting an operating system (OS) to write to S1, (ii) blocking an MMU from reading the S1 for translation, and (iii) in response, verifying the S1 for translation and changing the marking of the S2 entry to read-only attribute, enabling the MMU to subsequently read the S1. The method includes: when the S2 entry is marked with the read-only attribute: (i) permitting the OS to read the S1 for translating from a virtual address to an intermediate physical address, (ii) blocking the OS from writing to the S1, and (iii) in response to blocking the OS, updating the S1 and changing the marking of the S2 entry to the device memory attribute, enabling the OS to write to the S1.

Abstract: An apparatus and method of a hardware isolated secure element protecting a plurality of mission critical subsystems are provided. The method includes performing an actuation operation received across an unsecure path that modifies the state of a mission critical subsystem, performing a diagnostic operation received across the unsecure path that requests state information of the mission critical subsystem, storing information used to determine which of the diagnostic operation and the actuation operation received across the unsecure path are performed, and flashing an execution image of an electronic control unit when the execution image of the electronic control unit is received across the unsecure path.

Abstract: An apparatus and method of an attachment device for interfacing with an on-board diagnostic system of a vehicle is provided. The device includes an application processor configured to receive input from a terminal, control processing of the input by the on-board diagnostic system, transmit a result of the processing of the input by the on-board diagnostic system to the terminal, and a secure element interposed in the communication path between the application processor and the on-board diagnostic system, the secure element configured to filter the input of an on-board diagnostic operation that is untrusted.

Abstract: An apparatus and method for reducing boot time of an electronic device are provided. The electronic device includes electronic device is provided. The electronic device includes a processor including at least one system register; and an Operating System (OS) including an OS component having at least one reserved area, each reserved area including a static memory structure. The OS component is configured to, during a booting process, copy addresses of the at least one static memory structure into at least one of the plurality of system registers, and initialize the static memory structures located at the copied addresses.

Abstract: Aspects of the present invention provide a solution for passively monitoring a computer system. In an embodiment, a virtual server is accessed by an indexing agent that is contained in an indexing appliance. The virtual server is located on a physical server and is one of a plurality of virtual system instances on a common physical server. The indexing appliance is separate from the virtual server and, as such, the indexing agent is not executed within the virtual server, itself. The indexing agent retrieves a virtual image of the virtual server and indexes the virtual image to extract features indicative of changes in the virtual server. These features are analyzed to perform passive monitoring of the virtual server. Since the indexing appliance is separate from the virtual server for which passive monitoring is being performed, the indexing agent can perform the retrieving and the indexing without utilizing agents executing within the virtual server.