Abstract: Various systems and methods for content adaptation based on seat position or occupant position in a vehicle are described herein. An example implementation for content adaptation based on seat position in a vehicle includes: obtaining sensor data, the sensor data including a seat position of a seat in the vehicle; identifying audiovisual content for output to a human occupant in the vehicle; identifying an occupant position of the human occupant, based on the seat position, for a user experience of the output of the audiovisual content; and cause one or more adjustments to the output of the audiovisual content in the vehicle, via an output device, based on the identified position of the human occupant.

Abstract: A DTaaS architecture is described to support communication-side optimization and to reduce communication overhead while meeting necessary reliability and latency requirements. The disclosure describe techniques for utilizing DT resources for V2X environments using both virtual and physical “twin” resources to achieve improved resiliency. Moreover, to optimize redundancy costs, the ratio of virtual DT nodes to physical DT nodes may be asymmetrical. An asymmetric approach to DT redundancies involving both virtual and physical resources enables greater flexibility in managing deployment costs.

Abstract: Various systems and methods are described to enable cyber-physical protections in edge computing platforms, including with countermeasures that mitigate and halt a variety of digital or real-world attacks. In an example, an attack detection and response engine is used to monitor processing circuitry, with operations that: identify operational data from processing circuitry that operates multiple layers (e.g., of an IP block) to perform compute operations, with trust of the processing circuitry established based on attestation of a hardware root of trust (RoT); evaluate the operational data to identify an attack condition at the processing circuitry, based on monitoring an operational layer of the multiple layers; and provide a digital attack response to the processing circuitry, in response to identifying the attack condition, to deploy the digital attack response and cause a countermeasure at the operational layer of the processing circuitry.

Abstract: Methods, systems, and use cases for one-touch inline cryptographic data security are discussed, including an edge computing device with a network communications circuitry (NCC), an enhanced DMA engine coupled to a memory device and including a cryptographic engine, and processing circuitry configured to perform a secure exchange with a second edge computing device to negotiate a shared symmetric encryption key, based on a request for data. An inline encryption command for communication to the enhanced DMA engine is generated. The inline encryption command includes a first address associated with a storage location storing the data, a second address associated with a memory location in the memory device, and the shared symmetric encryption key. The data is retrieved from the storage location using the first address, the data is encrypted using the shared symmetric encryption key, and the encrypted data is stored in the memory location using the second address.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described. In an example, RESTful messaging within IoT operational and resource models are used to establish, instantiate, and operate DM services having various roles within an IoT framework abstraction.

Abstract: Technologies for providing secure utilization of tenant keys include a compute device. The compute device includes circuitry configured to obtain a tenant key. The circuitry is also configured to receive encrypted data associated with a tenant. The encrypted data defines an encrypted image that is executable by the compute device to perform a workload on behalf of the tenant in a virtualized environment. Further, the circuitry is configured to utilize the tenant key to decrypt the encrypted data and execute the workload without exposing the tenant key to a memory that is accessible to another workload associated with another tenant.

Abstract: Technologies for providing efficient migration of services include a server device. The server device includes compute engine circuitry to execute a set of services on behalf of a terminal device and migration accelerator circuitry. The migration accelerator circuitry is to determine whether execution of the services is to be migrated from an edge station in which the present server device is located to a second edge station in which a second server device is located, determine a prioritization of the services executed by the server device, and send, in response to a determination that the services are to be migrated and as a function of the determined prioritization, data utilized by each service to the second server device of the second edge station to migrate the services. Other embodiments are also described and claimed.

Abstract: Embodiments herein may include systems, apparatuses, methods, and computer-readable media, for a multi-access edge computing (MEC) system. A MEC orchestrator is to receive a request for service that includes a workload from a user agent; and facilitate formation of a SLA for servicing the workload. To facilitate the formation of the SLA includes to obtain, via a decentralized contracting system, bids from a plurality of service providers to respectively service a plurality of functions or tasks of the workload. The MEC orchestrator is also to translate the workload into the plurality of functions or tasks, and schedule servicing of the functions of tasks with the one or more service providers, including one or more edge computing devices, in accordance with the SLA. Other embodiments may be described and/or claimed.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.

Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.

Abstract: In one embodiment, a method includes: receiving, in an edge platform, a plurality of messages from a plurality of edge devices coupled to the edge platform, the plurality of messages comprising metadata including priority information and granularity information; extracting at least the priority information from the plurality of messages; storing the plurality of messages in entries of a pending request queue according to the priority information; selecting a first message stored in the pending request queue for delivery to a destination circuit; and sending a message header for the first message to the destination circuit via at least one interface circuit, the message header including the priority information, and thereafter sending a plurality of packets including payload information of the first message to the destination circuit via the at least one interface circuit. Other embodiments are described and claimed.

Abstract: An Internet of Things (IoT) network includes an IoT device with a communicator to send a communication including egress frame, protocol library builder to determine available protocols, frame analyzer to analyze an ingress frame, and frame builder to build the egress frame from the ingress frame. An IoT network includes an IoT device with network discoverer to identify available parallel communication channels between the IoT device and target device, payload, payload fragmenter/packager to fragment the payload into sub-objects for transmission, and packet communicator to send sub-objects to the target device over parallel communication channels. An IoT network includes a plurality of IoT devices, which each include a communication channel to an upstream device, a network link to another one of the plurality of IoT devices, a hash calculator to identify a neighbor IoT device, and a communicator to send out a message to the neighbor IoT device.

Abstract: Various aspects of methods, systems, and use cases for verification and attestation of operations in an edge computing environment are described, based on use of a trust calculus and established definitions of trustworthiness properties. In an example, an edge computing verification node is configured to: obtain a trust representation, corresponding to an edge computing feature, that is defined with a trust calculus and provided in a data definition language; receive, from an edge computing node, compute results and attestation evidence from the edge computing feature; attempt validation of the attestation evidence based on attestation properties defined by the trust representation; and communicate an indication of trustworthiness for the compute results, based on the validation of the attestation evidence. In further examples, the trust representation and validation is used in a named function network (NFN), for dynamic composition and execution of a function.

Abstract: Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.

Abstract: Systems and techniques for distributed machine learning (DML) in an information centric network (ICN) are described herein. Finite message exchanges, such as those used in many DML exercises, may be efficiently implemented by treating certain data packets as interest packets to reduce overall network overhead when performing the finite message exchange. Further, network efficiency in DML may be improved achieved by using local coordinating nodes to manage devices participating in a distributed machine learning exercise. Additionally, modifying a round of DML training to accommodate available participant devices, such as by using a group quality of service metric to select the devices, or extending the round execution parameters to include additional devices, may have an impact on DML performance.

Abstract: A named function network (NFN) system includes a routing node, a function generation node, and a server node. The routing node receives requests for new functions, the requests including data values for generating the new functions. The function generation node receives the data values from the routing node and generates a new function for the NFN using the data values. The server node receives a request from the routing node to execute the new function, executes the new function, and transmits results of the execution to the routing node.

Abstract: Examples for device-driven auto-recovery using multiple recovery sources are disclosed herein. At least one storage device or storage disk includes instructions that, when executed, cause at least one processor to at least detect a flaw in a first configuration of a program to be installed on a programmable device, the first configuration recorded on a first chain of a distributed ledger of a blockchain; correct the flaw in the first configuration to generate a corrected configuration; commit the corrected configuration to the distributed ledger, the corrected configuration to create a second chain of the distributed ledger; detect an update of the first configuration to a first updated configuration and an update to the corrected configuration to an updated corrected configuration; and prevent the first updated configuration from being installed on the programmable device by replacing the first updated configuration with the updated corrected configuration on the second chain.

Abstract: In some examples, an apparatus uses a blockchain to agree on a time in an information exchange network. A first node includes a processor communicatively coupled to a storage device including instructions. When executed by the processor, the instructions cause the processor to verify a time estimate from each of one or more other node, to determine a time match of a time estimate of the first node with the time estimates from the one or more other node, and if the time match is determined, to commit to the blockchain a transaction that includes a time stamp.

Abstract: An architecture to allow Multi-Access Edge Computing (MEC) billing and charge tracking, is disclosed. In an example, a tracking process, such as is performed by an edge computing apparatus, includes: receiving a computational processing request for a service operated with computing resources of the edge computing apparatus from a connected edge device within the first access network, wherein the computational processing request includes an identification of the connected edge device; identifying a processing device, within the first access network, for performing the computational processing request; and storing the identification of the connected edge device, a processing device identification, and data describing the computational processes completed by the processing device in association with the computational processing request.

Abstract: In one embodiment, a domain controller (a) quarantines unknown devices at a first quarantine point at a first layer of a multi-layer communication model; (b) communicates with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service; (c) receives a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model; (d) verifies a device type of the first device with the DNS service; and (e) responsive to that verification, provisions the first device into the domain. The domain controller may also send a provisioning response to the access point to enable the first device to be removed from the second quarantine point, to enable the first device to communicate with the domain controller. Other embodiments are described and claimed.