Abstract: The subject matter described herein provides technical solutions for technical problems facing computing network security. Technical solutions described herein include adaptive sniffing of networking traffic, such as using a brokered network traffic sniffing framework. A brokered sniffing framework may be used to provide dynamic adjustment of network access points and network traffic sampling queries, such as by providing dynamic adjustment in response to changes to the network topology or network traffic. The brokered sniffing framework may provide improved statistical sampling of network traffic using improved network traffic telemetry, such as by modifying a statistical profile of network traffic contents that are collected. The network traffic telemetry may be used to identify various changes in network traffic, such as by identifying statistically significant changes in latencies, bandwidths, or other data center performance metrics.

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described. In an example, RESTful messaging within IoT operational and resource models are used to establish, instantiate, and operate DM services having various roles within an IoT framework abstraction.

Abstract: Various systems and methods for implementing observe-notify callback context automation in a connected device framework are described herein. In an example, the techniques for context automation may include: expansion of RESTful permissions to include an OBSERVE command (e.g., as part of a CRUDON (Create, Retrieve, Update, Delete, Observe, Notify) command definition); configuration of a callback resource to implement the OBSERVE command; access control policies to implement the OBSERVE command; and OBSERVE registration events to be monitored within an access management service.

Abstract: Systems and techniques to enable message routing among multiple devices and device domains, via end-to-end tunneling techniques, are disclosed. In an example, techniques and device configurations involving the use of RESTful protocols that communicate OSCORE (Object Security for Constrained RESTful Environments) payloads over OSCORE tunnels, involve receiving an OSCORE message having an encrypted COSE (Concise Binary Object Representation (CBOR) Object Signing and Encryption) object payload and inserting the OSCORE message into an OSCORE tunnel message to implement a tunneled communication with a receiving device. Here, the tunnel message includes the OSCORE message within an envelope encrypted COSE object payload. The OSCORE tunnel message may then be transmitted to the receiving device. Further techniques and device configurations for the receipt, processing, conversion, and decryption of such tunneled messages are also disclosed.

Abstract: Technologies for providing efficient migration of services include a server device. The server device includes compute engine circuitry to execute a set of services on behalf of a terminal device and migration accelerator circuitry. The migration accelerator circuitry is to determine whether execution of the services is to be migrated from an edge station in which the present server device is located to a second edge station in which a second server device is located, determine a prioritization of the services executed by the server device, and send, in response to a determination that the services are to be migrated and as a function of the determined prioritization, data utilized by each service to the second server device of the second edge station to migrate the services. Other embodiments are also described and claimed.

Abstract: Various systems and methods for enhancing a distributed computing environment with multiple edge hosts and user devices, including in multi-access edge computing (MEC) network platforms and settings, are described herein. A device of a lifecycle management (LCM) proxy apparatus obtains a request, from a device application, for an application multiple context of an application. The application multiple context for the application is determined. The request from the device application for the application multiple context for the application is authorized. A device application identifier based on the request is added to the application multiple context. A created response for the device application based on the authorization of the request is transmitted to the device application. The response includes an identifier of the application multiple context.

Abstract: Systems and techniques for end-to-end quality of service in edge computing environments are described herein. A set of telemetry measurements may be obtained for an ongoing dataflow between a device and a node of an edge computing system. A current key performance indicator (KPI) may be calculated for the ongoing dataflow. The current KPI may be compared to a target KPI to determine an urgency value. A set of resource quality metrics may be collected for resources of the network. The set of resource quality metrics may be evaluated with a resource adjustment model to determine available resource adjustments. A resource adjustment may be selected from the available resource adjustments based on an expected minimization of the urgency value. Delivery of the ongoing dataflow may be modified using the selected resource adjustment.

Abstract: Systems and techniques for information-centric network namespace policy-based content delivery are described herein. A registration request may be received from a node on an information-centric network (ICN). Credentials of the node may be validated. The node may be registered with the ICN based on results of the validation. A set of content items associated with the node may be registered with the ICN. An interest packet may be received from a consumer node for a content item of the set of content items that includes an interest packet security level for the content item. Compliance of the security level of the node with the interest packet security level may be determined. The content item may be transmitted to the consumer node.

Abstract: Various systems and methods for implementing a soft reset state. A server device includes processing circuitry; and at least one storage device including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, configure the processing circuitry to perform operations of a soft reset operation, the operations to: define a soft reset state; cause a check of a secure virtual resource (SVR) of the server device, while in the soft reset state; and transition from the soft reset state in response to an event.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Technologies for providing attestation for function as a service flavors include a compute device including circuitry configured to obtain function definition data indicative of a set of operations to be performed in a function and a set of hardware resources to be utilized by the function, execute a benchmark operation to produce benchmark data indicative of a measured performance of the function, and sign the function definition data and the benchmark data to produce function flavor data. The circuitry is also configured to provide the function flavor data to one or more other compute devices for validation that the function, when executed on the hardware resources, provides the measured performance and write, to a distributed ledger, the function flavor data.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described herein. In an example, a Cloud-To-OCF Device mediator service may be established from OCF services definition; this mediator service may be used to establish connectivity between a cloud-capable device and a cloud-based service. Further systems and methods to provide a proxy access service (PAS) hosted on a cloud service provider, that enable a PAS to coordinate and preserve device-to-device interactions from end-to-end, are also disclosed.

Abstract: Various systems and methods of establishing a trusted pairing relationship between IoT devices, through the exchange of authentication service proof of possession tokens, are described herein. In an example, a trusted pairing relationship is established between IoT devices, through access control and credential resources based on communication via intermediary devices and services. The IoT devices may request or receive access to or information from a resource based on the trusted relationship.

Abstract: Methods, apparatus, systems and machine-readable storage media to enable fast boot of secure and unsecure environments in a computing system are disclosed. Root of trust hardware is used to provide dynamic root of trust measurements of various virtual machines, operating systems, and application environments within the computing system. In an example, a trusted application for a trusted environment is initiated with a fast boot process, with use of a secure enclave accessed by an operating system and virtual machine. The root of trust hardware is used to perform dynamic integrity measurements of a second virtual machine and an untrusted application, to later initiate this untrusted application securely after verification of the integrity measurements. Further uses and coordination of dynamic root of trust measurements and application execution, booting, and security verification processes are also described.

Abstract: Various systems and methods of artificial intelligence (AI) processing using hardware acceleration within edge computing settings are described herein. In an example, processing performed at an edge computing device includes: obtaining a request for an AI operation using an AI model; identifying, based on the request, an AI hardware platform for execution of an instance of the AI model; and causing execution of the AI model instance using the AI hardware platform. Further operations to analyze input data, perform an inference operation with the AI model, and coordinate selection and operation of the hardware platform for execution of the AI model, is also described.

Abstract: Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

Abstract: A method, a computer-readable medium, and a device for dynamically identifying criticality of services and data sources. The computer-readable medium comprising instructions which, when executed, cause a programmable device to: determine, based on a plurality of service-related metrics from a network node, upstream network nodes and downstream network nodes in a network; query the upstream network nodes and the downstream network nodes with a multicast request for an additional plurality of service-related metrics; extrapolate a current network topology based on the plurality of service-related metrics and the additional plurality of service-related metrics; determine whether or not an upstream backup server is present for the network node; determine a set of critical service delivery points in the network based on the determination of the upstream backup server; and generate a network service alert responsive to a service interruption from the set of critical service delivery points.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate information exchange using publish-subscribe with blockchain. An example apparatus includes a broker including a processor and a distributed ledger module. The example distributed ledger module stores a message to be relayed by the broker from a publisher to a subscriber. The example processor is to at least compute, triggered by receipt of the message by the broker, a proof-of-work (PoW) function. The example processor is to at least verify the computation of the PoW function. The example processor is to at least transmit, upon verifying the computation of the PoW function, the message to the subscriber. The example processor is to at least process feedback received by the broker to update the PoW function.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.