Abstract: Aspects of the disclosure are directed to point-to-point generation and rotation of security tokens to provide anti-spoof protection in a virtual network stack. Existing public key infrastructure can be leveraged to establish secure connections for control plane purposes. The hosts can run local daemons on machines and can establish secure connections to a control plane as well as to other hosts.

Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.

Abstract: Providing secure software defined storage includes identifying data directed to be stored in a software defined storage location, intercepting the data, performing a security operation on the intercepted data, and transmitting the data to the software defined storage.

Abstract: There is disclosed a computing apparatus, including: a hardware platform; a service mapping requirements table including a plurality of components and having associated therewith a plurality of service requirements; an isolation platform; and a security policy engine configured to: receive a new appliance image for the isolation platform; scan the new appliance image and build a bill of materials (BoM) for the new container image, the BoM including a plurality of components; search the service mapping requirements table for the plurality of components and identify service requirements for the components; and generate a security policy for the new appliance image.

Abstract: A first storage device or first storage disk including first executable instructions that, when executed, cause a processor to at least: in response to determining a variable associated with a memory page that (1) has been loaded into local memory from a second storage device and (2) has been accessed from the local memory, has a first state, identify the memory page as a modified memory page, the memory page including second executable instructions. The first instructions also cause the processor to, in response to determining the second executable instructions of the modified memory page have been changed since a previous analysis of the modified memory page, perform anti-malware analysis of at least a portion of the modified memory page.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Abstract: Data aggregation includes receiving, from an electronic device, a plurality of sensor data packets, wherein the plurality of sensor data packets are received from at least one sensor of the electronic device, and wherein each of the plurality of sensor data packets comprise a tag identifying a classification of the sensor data in the sensor data packet, applying a user-specific policy to the plurality of sensor data packets, aggregating the plurality of sensor data packets based on the user-specific policy to obtain aggregated sensor data, and transmitting the aggregated sensor data to a service broker.

Abstract: Techniques related to trusted remote configuration and operation using multiple devices are disclosed. The techniques include a machine-readable medium, on which are stored instructions, comprising instructions that when executed cause a target device to receive, from a connecting device, a capabilities request, measure, in response to the capabilities request, the trusted capabilities of the target device, generate a list of trusted capabilities, transmit, to the connecting device, the list of trusted capabilities, receive, from the connecting device, an access request for a trusted capability, the access request describing a workload for the trusted capability, perform the workload to obtain a result, and transmit, to the connecting device, the obtained result.

Abstract: Providing secure software defined storage includes identifying data directed to be stored in a software defined storage location, intercepting the data, performing a security operation on the intercepted data, and transmitting the data to the software defined storage.

Abstract: A technique for detecting malware uses hardware capabilities of the processing element of a programmable device to detect modification of executable code during execution. By monitoring a dirty bit in page tables, pages that have been modified can be detected, allowing analysis of those pages during execution. An indication may then be passed to an anti-malware software to analyze the executable further.

Abstract: In an example, a computing device includes a trusted execution environment (TEE), including an enclave. The enclave may include both a binary translation engine (BTE) and an input verification engine (IVE). In one embodiment, the IVE receives a trusted binary as an input, and analyzes the trusted binary to identify functions, classes, and variables that perform input/output operations. To ensure the security of these interfaces, those operations may be performed within the enclave. The IVE tags the trusted binary and provides the binary to the BTE. The BTE then translates the trusted binary into a second format, including designating the tagged portion for execution within the enclave. The BTE may also sign the new binary in the second format and export it out of the enclave.

Abstract: There is disclosed a computing apparatus, including: a hardware platform; a service mapping requirements table including a plurality of components and having associated therewith a plurality of service requirements; an isolation platform; and a security policy engine configured to: receive a new appliance image for the isolation platform; scan the new appliance image and build a bill of materials (BoM) for the new container image, the BoM including a plurality of components; search the service mapping requirements table for the plurality of components and identify service requirements for the components; and generate a security policy for the new appliance image.