Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: Systems and methods for a network environment for client-side remote access of a server device from a client device may utilize a biometric sensor device of the client device and a pluggable authentication and authorization framework. The biometric sensor device may capture a gesture of a target user. The server device may authenticate the target user based on previously registered encrypted biometric information of the target user utilizing the pluggable authentication and authorization framework and a remote desktop protocol. When the target user has been authenticated, the client device may be authorized to access a service of the server device.

Abstract: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order.

Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.

Abstract: A method and an information handling system for security management across a plurality of diverse execution environments. The method includes associating, based on a distributed computing framework, a secure execution environment interface with each diverse execution environment. The method includes receiving a general access policy to access at least one secure memory region associated with a respective one of the diverse execution environments. In response to a request to access a memory region associated with at least one diverse execution environment, the method includes prompting for entry of security credentials. In response to receiving and verifying the security credentials, the method establishes access to the secure memory region of the respective diverse execution environment. The method includes executing a subroutine to modify at least a subset of the secure memory region, and the method includes returning a result to a distributed application via the secure execution environment interface.

Abstract: A method and system comprising a processor executing code instructions of a security filewall validation system for inspecting primitive file system operations to detect abnormal file types, abnormal file operation, or abnormal intended result files in violation of a security filewall rule set, a memory for storing the security filewall rule set describing permitted access to file types, file-paths, mounting points, data volume access rules, or data operations relating to the primitive file system operations where the security filewall validation system intercepts an attempted primitive file system operation and the security filewall validation system compares the attempted primitive file system operation including associated arguments indicating file, file location, and intended result to the security filewall rule set.

Abstract: A secured virtual environment provides access to enterprise data and may be configured remotely while isolated from the operating system of an Information Handling System (IHS). In secured booting of the IHS, references signatures are received via an out-of-band connection to the IHS. The reference signatures specify reference states for components of the IHS. Prior to launching a secured virtual environment, a trusted resource of the IHS, such as embedded controller isolated from the operating system, is queried for updated signatures specifying operating states of the component. The integrity of the IHS is validated based on comparisons of the respective reference signatures and updated signatures. If the integrity of the IHS is validated, a secured virtual environment is configured such that particular user may access the enterprise data according to applicable policies that may be periodically revalidated. The secured virtual environment may then be launched on the IHS.

Abstract: Systems and methods for tamper-proof detection triggering of automatic lockdown using a recoverable encryption mechanism issued from a secure escrow service. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; a secure storage device coupled to the processor, wherein the secure storage device comprises a container encrypted with a derived container key; and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution, cause the IHS to: receive a digital certificate from a remote server, wherein the digital certificate includes a public key and, in response to a detection of a tampering event, encrypt the derived container key using the public key.

Abstract: Systems and methods are provided that that may be implemented to track software developer code contributions and their respective revisions. In one exemplary implementation, a distributed ledger may be utilized to track software developer code contributions and their respective revisions. Each code contribution digest, code digest ID, developer public key and previous blockchain block may be compiled for a new block in the blockchain, and the compilation may first be hashed and signed by the private key of the developer. Each developer may have his/her own blockchain that resides within a code repository site and which may also be cached locally on the end user device and used to verify the integrity of the code contribution (e.g., application/service/executable) at the time it is installed on the end user device.

Abstract: Systems and methods are provided that that may be implemented to track software developer code contributions and their respective revisions. In one exemplary implementation, a distributed ledger may be utilized to track software developer code contributions and their respective revisions. Each code contribution digest, code digest ID, developer public key and previous blockchain block may be compiled for a new block in the blockchain, and the compilation may first be hashed and signed by the private key of the developer. Each developer may have his/her own blockchain that resides within a code repository site and which may also be cached locally on the end user device and used to verify the integrity of the code contribution (e.g., application/service/executable) at the time it is installed on the end user device.

Abstract: A method and an information handling system for security management across a plurality of diverse execution environments. The method includes associating, based on a distributed computing framework, a secure execution environment interface with each diverse execution environment. The method includes receiving a general access policy to access at least one secure memory region associated with a respective one of the diverse execution environments. In response to a request to access a memory region associated with at least one diverse execution environment, the method includes prompting for entry of security credentials. In response to receiving and verifying the security credentials, the method establishes access to the secure memory region of the respective diverse execution environment. The method includes executing a subroutine to modify at least a subset of the secure memory region, and the method includes returning a result to a distributed application via the secure execution environment interface.

Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: A secured virtual environment provides access to enterprise data and may be configured remotely while isolated from the operating system of an Information Handling System (IHS). In secured booting of the IHS, references signatures are received via an out-of-band connection to the IHS. The reference signatures specify reference states for components of the IHS. Prior to launching a secured virtual environment, a trusted resource of the IHS, such as embedded controller isolated from the operating system, is queried for updated signatures specifying operating states of the component. The integrity of the IHS is validated based on comparisons of the respective reference signatures and updated signatures. If the integrity of the IHS is validated, a secured virtual environment is configured such that particular user may access the enterprise data according to applicable policies that may be periodically revalidated. The secured virtual environment may then be launched on the IHS.

Abstract: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order.

Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.

Abstract: Systems and methods for a network environment for client-side remote access of a server device from a client device may utilize a biometric sensor device of the client device and a pluggable authentication and authorization framework. The biometric sensor device may capture a gesture of a target user. The server device may authenticate the target user based on previously registered encrypted biometric information of the target user utilizing the pluggable authentication and authorization framework and a remote desktop protocol. When the target user has been authenticated, the client device may be authorized to access a service of the server device.

Abstract: Systems and methods for tamper-proof detection triggering of automatic lockdown using a recoverable encryption mechanism issued from a secure escrow service. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; a secure storage device coupled to the processor, wherein the secure storage device comprises a container encrypted with a derived container key; and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution, cause the IHS to: receive a digital certificate from a remote server, wherein the digital certificate includes a public key and, in response to a detection of a tampering event, encrypt the derived container key using the public key.

Abstract: In particular embodiments, a first computing device may receive a request from a software to access information of a remote device of a client device, the client device being coupled to the first computing device, and access the information of the remote device based at least on a virtual interface of the remote device, and send, responsive to the received request, the accessed information to the software.

Abstract: A method and system comprising a processor executing code instructions of a security filewall validation system for inspecting primitive file system operations to detect abnormal file types, abnormal file operation, or abnormal intended result files in violation of a security filewall rule set, a memory for storing the security filewall rule set describing permitted access to file types, file-paths, mounting points, data volume access rules, or data operations relating to the primitive file system operations where the security filewall validation system intercepts an attempted primitive file system operation and the security filewall validation system compares the attempted primitive file system operation including associated arguments indicating file, file location, and intended result to the security filewall rule set.

Abstract: In particular embodiments, a computing device may receive device data from a client device. The computing device may encode the data for transmission to a remote desktop client. The re-encoding may be performed according to a pre-defined import/export protocol.