Abstract: A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic.

Abstract: A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed.

Abstract: Techniques for connecting using NFC communications are provided. Specifically, methods are presented, that when taken alone or together, provide a device or group of devices with a secure way of transferring data from a wireless device to a reader. The present disclosure includes a method that provides a wireless device with network connectivity options that enable a more secure means for using NFC communications for completing a secure transaction using a secondary code.

Abstract: Embodiments include a system, method, and apparatus for creating a trusted speech transcription. Transcription logic can receive a signal of audible speech from an audio source and convert the audible speech signal into text. Sampling logic can receive the signal of the audible speech and record a portion of the of the audible speech as a digital audio recording of the audible speech. Packaging logic can create a trusted speech transcription data record that includes the text and the digital audio recording and to digitally sign the transcription file to securely associate the text with the digital audio recording.

Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.

Abstract: Technologies are provided in embodiments to establish trust between a trusted execution environment (TEE) and a peripheral device. Embodiments are configured to communicate with an attestation server to generate an encryption key, and to establish, using the encryption key, a secure connection with an authentication server to enable communication between the authentication server and the peripheral device. Embodiments are also configured to receive a pairwise master key if the peripheral device is authenticated and to receive a trusted communication from the peripheral device based, at least in part, on the pairwise master key. Embodiments may also be configured to identify a connection to the peripheral device before the peripheral device is authenticated to the authentication server, receive an identifier from the peripheral device, and establish a connection to an attestation server based on at least a portion of the identifier.

Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.

Abstract: In an example, there is disclosed a computing apparatus having one or more logic elements forming a non-encrypted flow processor engine; and one or more logic elements forming a service selection engine, wherein the one or more logic elements include a trusted execution environment (TEE), and wherein the service selection engine is operable to; receive from the flow processor engine an encrypted payload; determine that the encrypted payload satisfies at least one selection criterion; and provide a notification of satisfaction to the flow engine. There is further disclosed a method of performing the operations disclosed, and one or more computer-readable mediums having stored thereon executable instructions to perform the method.

Abstract: There is disclosed in an example, a computing apparatus, including: a trusted execution environment (TEE); and one or more logic elements providing a collaboration engine within the TEE, operable to: receive a change to a secured document via a trusted channel; apply a change to the secured document; log the change to a ledger; and display the document to a client device via a protected audio-video path (PAVP). There is also disclosed a method of providing a collaboration engine, and a computer-readable medium having stored thereon executable instructions for providing a collaboration engine.

Abstract: Technologies for anonymous context attestation and threat analytics include a computing device to receive sensor data generated by one or more sensors of the computing device and generate an attestation quote based on the sensor data. The attestation quote includes obfuscated attributes of the computing device based on the sensor data. The computing device transmits zero knowledge commitment of the attestation quote to a server and receives a challenge from the server in response to transmitting the zero knowledge commitment. The challenge requests an indication regarding whether the obfuscated attributes of the computing device have commonality with attributes identified in a challenge profile received with the challenge. The computing device generates a zero knowledge proof that the obfuscated attributes of the computing device have commonality with the attributes identified in the challenge profile.

Abstract: Existing performance monitoring and last branch recording processor hardware may be configured and used for detection of return-oriented and jump-oriented programming exploits with less performance impact that software-only techniques. Upon generation of a performance monitoring interrupt indicating that a predetermined number of mispredicted branches have occurred, the control flow and code may be analyzed to detect a return-oriented or jump-oriented exploit.

Abstract: An embodiment includes a method executed by at least one processor of a first computing node comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and exporting the first private key in response to verifying the additional instance of the certificate is associated with the key pair. Other embodiments are described herein.

Abstract: Distributed systems for protecting networked computer assets from compromise are disclosed. The distributed system includes one or more enterprise event sources, such as endpoint(s). The system also includes a server, such as a Big Data Analytics server, and optionally a security management server such as a Security Information and Event Management server. The Big Data Analytics server processes data collected from the enterprise event sources and produces behavioral profile models for each endpoint (or group of similar endpoints). The profiles, models, and ontology analysis are provided to the endpoints. Endpoint analytics use the output from the analytics servers to detect deviations from the endpoint's behavioral profile.

Abstract: A technique allows for memory bounds checking for dynamically generated code by using transactional memory support in a processor. The memory bounds checking includes creating output code, identifying read-only memory regions in the output code and creating a map that is provided to a security monitoring thread. The security monitoring thread executes as a transaction and determines if a transactional conflict occurs to the read-only memory region during parallel execution of a monitored thread in the output code.

Abstract: Systems, devices, and techniques for network-enabled device provisioning are disclosed herein. In some embodiments, a network-enabled device may include: a storage device; listening logic to wirelessly receive a plurality of key fragments from a corresponding plurality of peer devices, to cause storage of the plurality of key fragments in the storage device, and to receive an encrypted provisioning message from a management device; key generation logic to generate a decryption key based on the plurality of key fragments stored in the storage device to decrypt the encrypted provisioning message, and to decrypt the encrypted provisioning message using the decryption key; and control logic to provision the network-enabled device in accordance with instructions included in the decrypted provisioning message. Other embodiments may be disclosed and/or claimed.

Abstract: Technologies for 3D printing digital rights management (DRM) include a 3D printing device communicatively coupled with a 3D model storage server and a rights management server over a network. The 3D printing device may establish a model unlock engine in a first trusted execution environment and a key release engine in a second trusted execution environment. The model unlock engine may extract a content access policy and a content key from an encrypted 3D model and generate a content key request to the key release engine. The key release engine may validate the content key request and decrypt the content key in response to the content access policy being satisfied. The model unlock engine may further decrypt 3D model content included in the 3D model using the decrypted content key to facilitate the printing of the 3D model.

Abstract: Described herein is technology for managing cloud storage. In particular, systems, devices and methods for managing cloud storage are described. In some embodiments, management of cloud storage may result in the designation of storage allocated to a first storage pool as obsolete, and the reallocation and/or reclamation of such storage to a second storage pool and/or a general cloud storage pool. Management may occur in accordance with one or more policies.

Abstract: Providing peer-to-peer network security includes collecting, by a local trusted network device, local trust data related to behavior of the local trusted network device, receiving, by one or more remote trusted network devices, additional trust data for the local trusted network device, calculating a combined trust score for the local trusted network device based on the local trust data and additional trust data, and modifying activity of the local trusted network device based on the combined trust score.

Abstract: A technique for cognitive protection of a system can include digital and analog sensors to measure or calculate operational parameters of a system. Digital sensors may be used to determine measured or primary operational parameters. The analog sensors are used to measure analog sensor information related to operation of the system. Analog sensor information that is measured may be used to calculate secondary operational parameters that includes the same operating parameters as the primary operational parameters. Lockstep analysis may be used to compare the primary operational parameters with the secondary operational parameters so as to determine a discrepancy in the operational parameters in the system.

Abstract: A method for managing a reference template for authentication includes generating the reference template using gait data collected during a training period. A user is authenticated utilizing the reference template. A universal background model (UBM) is generated using gait data collected after the training period. The reference template is updated using the UBM.