Abstract: A high assurance kernel executed by a safety certified hypervised system using a separation kernel. The high assurance kernel includes a first level of the separation kernel configured to perform first security features associated with a hypervisor, the first level configured to run on a primary core and a second level of the separation kernel configured to augment the first security features with second security features, the second level implemented on a separate protected component from the primary core, the first level and the second level communicating with one another through a physical separation between the first and second levels. The high assurance kernel may further include a third level of the separation kernel configured as a virtual machine to perform third security features associated with the hypervisor.

Abstract: A gateway device configured to receive, from an integrated development environment (IDE), a system configuration for a target device including application code for execution on the target device, the configuration being received via an encrypted network connection. The gateway device provisions the target device with the application code, receives, from the IDE, instructions via the encrypted network connection to execute the application code on the remote device and instructs the application code to execute on the remote device.

Abstract: Application Programming Interfaces (APIs) for a computer program can be verified to be correct. The verification includes receiving updated source code for an application, receiving an application programming interface (API) corresponding to the application, scanning the updated source code, determining if the API has changed from a previous version of the API and determining if a change in the API is an intended change based on a comparison of the API with a predetermined benchmark.

Abstract: A binary image of a computer program can be verified as accurate. The verification includes receiving one or more requirements corresponding to source code changes for a program to be loaded on a processing device, generating a representation of the program including the source code changes, determining a change in the representation based on a comparison of the representation with one or more previously stored representations of the program and determining whether the change in the representation corresponds to the one or more requirements.

Abstract: A manner of securing data that includes receiving a first plurality of hashes corresponding to data stored in a database, writing the first plurality of hashes to a private distributed ledger technology (DLT), sealing each block of the private DLT when a predetermined criteria is met to create a plurality of sealed blocks and writing a second plurality hashes corresponding to the plurality of sealed blocks to a public DLT.

Abstract: Application Programming Interfaces (APIs) for a computer program can be verified to be correct. The verification includes receiving updated source code for an application, receiving an application programming interface (API) corresponding to the application, scanning the updated source code, determining if the API has changed from a previous version of the API and determining if a change in the API is an intended change based on a comparison of the API with a predetermined benchmark.

Abstract: A high assurance kernel executed by a safety certified hypervised system using a separation kernel. The high assurance kernel includes a first level of the separation kernel configured to perform first security features associated with a hypervisor, the first level configured to run on a primary core and a second level of the separation kernel configured to augment the first security features with second security features, the second level implemented on a separate protected component from the primary core, the first level and the second level communicating with one another through a physical separation between the first and second levels. The high assurance kernel may further include a third level of the separation kernel configured as a virtual machine to perform third security features associated with the hypervisor.

Abstract: A device, system, and method protects cryptographic keying material. The method is performed at an electronic device including a plurality of components housed in an enclosure. The method includes determining a tamper state of the enclosure, the tamper state being one of a secure state in which the enclosure has not been physically tampered or an unsecure state in which the enclosure has been physically tampered. When the tamper state is the secure state, the method includes associating a first value with the application. When the tamper state is the unsecure state, the method includes associating a second value with the application. The first value is configured to enable access to the data in the data storage unit. The second value prevents access to the data in the data storage unit.

Abstract: A device, system, and method secures executable operations through verification of an operation prior to execution. The method performed at an electronic device comprising a processor in an execution state and a memory representable with a memory map includes receiving a request for the operation from an application installed on the electronic device, the request including a location in the memory map. The method includes determining whether the location is within one of at least one address range included in a security policy register generated prior to the execution phase, the at least one address range respectively corresponding to at least one authorized operation. The method includes, when the location is within one of the at least one address range, servicing the request to perform the operation.

Abstract: A device, system, and method protects cryptographic keying material. The method is performed at an electronic device including a plurality of components housed in an enclosure. The method includes determining a tamper state of the enclosure, the tamper state being one of a secure state in which the enclosure has not been physically tampered or an unsecure state in which the enclosure has been physically tampered. When the tamper state is the secure state, the method includes associating a first value with the application. When the tamper state is the unsecure state, the method includes associating a second value with the application. The first value is configured to enable access to the data in the data storage unit. The second value prevents access to the data in the data storage unit.

Abstract: A device, system, and method secures executable operations through verification of an operation prior to execution. The method performed at an electronic device comprising a processor in an execution state and a memory representable with a memory map includes receiving a request for the operation from an application installed on the electronic device, the request including a location in the memory map. The method includes determining whether the location is within one of at least one address range included in a security policy register generated prior to the execution phase, the at least one address range respectively corresponding to at least one authorized operation. The method includes, when the location is within one of the at least one address range, servicing the request to perform the operation.

Abstract: A virtualization environment is provided to include a security management instance and an application instance. The application instance is separated from the security management instance and includes a first operating system and a particular software application. The security management instance includes a second operating system and one or more security tools to provide security for the particular application. Data for the application instance is received at the security management instance, the data is processed using at least one of the security tools, and the processed data is securely passed from the security management instance to the application instance.

Abstract: A device, system, and method detects a malicious module using a memory of an electronic device. The method performed by an electronic device includes generating a first parameter corresponding to first unallocated regions of the memory in a trusted state, wherein the memory in the trusted state includes at least one memory allocation, each memory allocation corresponding to a module or an action previously determined as trusted. The method includes generating a second parameter corresponding to second unallocated regions of the memory in a current state, wherein the memory in the current state corresponds to a subsequent allocation of the memory at a time subsequent to the trusted state. The method includes comparing the second parameter to the first parameter. The method includes indicating that the malicious module is detected in the second unallocated regions if the comparing step determines that the second parameter is different from the first parameter.

Abstract: A plurality of devices in a system are identified, each device having an operational context. One of a plurality of agents are identified for each of the plurality of devices, which correspond to the device. Data is received from the plurality of agents that describes security attributes of the plurality of devices. Policy data is sent to each of the plurality of agents to cause a set of security policies to be applied to the plurality of devices through the security management instances. Each of the plurality of agents can be provided in a respective security management instance separate from the operational context.

Abstract: A virtualization environment is provided to include a security management instance and an application instance. The application instance is separated from the security management instance and includes a first operating system and a particular software application. The security management instance includes a second operating system and one or more security tools to provide security for the particular application. Data for the application instance is received at the security management instance, the data is processed using at least one of the security tools, and the processed data is securely passed from the security management instance to the application instance.

Abstract: A connection is established between a network gateway and a particular device. An identity is generated for the particular device and a secure communication tunnel is established with another device at the network gateway using the identity. The secure communication tunnel can be established by the network gateway on behalf of the other device and is for use by the particular device to communicate with the other device. Data to be received from the other device over the secure communication tunnel can be sent on the connection to the particular device.