Abstract: Disclosed herein are system, method, and computer program product embodiments for verifying the integrity of a boot process without relying on a boot aggregate value. An embodiment operates by cryptographically validating, by a hardware root of trust, a first code module associated with a digital signature. The embodiment determines that the first code module was cryptographically validated and cryptographically measures the first code module thereby generating a first measurement. The embodiment stores a representation of the first measurement in a first platform configuration register (PCR) of a trusted platform module. The embodiment configures a remote attestation agent to instruct a remote attestation server to attest the value stored in the first PCR. The embodiment transmits a TPM attestation quote to the remote attestation server.

Abstract: A method for secure single-packet authorization and secure transparent access to software services residing on cloud-based servers other than the host system where the SPA server itself is running. A single packet authorization (SPA) server running on a host system passively monitors a network for a valid SPA packet while maintaining a default deny stance on a gateway packet filter. The SPA server stores the MD5 sum of every valid SPA packet that it monitors and flags any duplicate access attempts. This way, if any SPA packet has the same MD5 hash as a previously monitored packet the SPA server treats the packet as malicious. After a valid SPA packet is sent, the SPA host server provides a Network Address Translation (NAT) which essentially creates an “SPA gateway” within a Cloud network independent of any other border gateway devices that already exist within the Cloud.

Abstract: A method for secure single-packet authorization and secure transparent access to software services residing on cloud-based servers other than the host system where the SPA server itself is running. A single packet authorization (SPA) server running on a host system passively monitors a network for a valid SPA packet while maintaining a default deny stance on a gateway packet filter. The SPA server stores the MD5 sum of every valid SPA packet that it monitors and flags any duplicate access attempts. This way, if any SPA packet has the same MD5 hash as a previously monitored packet the SPA server treats the packet as malicious. After a valid SPA packet is sent, the SPA host server provides a Network Address Translation (NAT) which essentially creates an “SPA gateway” within a Cloud network independent of any other border gateway devices that already exist within the Cloud.

Abstract: A method for secure single-packet remote authorization using a single packet authorization (SPA) server on a host system that passively monitors the network for connection attempts and anonymously accept or rejects said attempts depending on whether a valid SPA packet is detected, an SPA client on a client system that is responsible for generating the appropriately encrypted SPA packet in order to gain access to services on the host, and a particular packet format sent from the client to the host to gain access. The packet format is encrypted and non-replayable by virtue of 16 bytes of random data in every message, and an MD5 sum that is a hash function of the random data (made via any known hashing function). The SPA server stores the MD5 sum of every valid SPA packet that it monitors and flags any duplicate access attempts using the same MD5 hash as a previously monitored packet, in which case the SPA server treats the packet as being generated by a malicious attempt to replay the original packet.