Abstract: In one embodiment, a computing device comprises memory circuitry and processing circuitry. The memory circuitry is to store a plurality of container images, comprising: a first container image comprising a first set of applications; and a second container image comprising a virtual machine, a guest operating system, and a second set of applications. The processing circuitry is to: instantiate a plurality of containers on a host operating system, wherein the plurality of containers comprises a first container and a second container; execute the first set of applications in the first container, wherein the first set of applications is to be executed on the host operating system; and execute the virtual machine in the second container, wherein the guest operating system is to be executed on the virtual machine and the second set of applications is to be executed on the guest operating system.

Abstract: Technologies for securely providing one or more remote accelerators hosted on edge resources to a client compute device includes a device that further includes an accelerator and one or more processors. The one or more processors are to determine whether to enable acceleration of an encrypted workload, receive, via an edge network, encrypted data from a client compute device, and transfer the encrypted data to the accelerator without exposing content of the encrypted data to the one or more processors. The accelerator is to receive, in response to a determination to enable the acceleration of the encrypted workload, an accelerator key from a secure server via a secured channel, and process, in response to a transfer of the encrypted data from the one or more processors, the encrypted data using the accelerator key.

Abstract: Technologies for managing telemetry and sensor data on an edge networking platform are disclosed. According to one embodiment disclosed herein, a device monitors telemetry data associated with multiple services provided in the edge networking platform. The device identifies, for each of the services and as a function of the associated telemetry data, one or more service telemetry patterns. The device generates a profile including the identified service telemetry patterns.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described herein. In an example, a Cloud-To-OCF Device mediator service may be established from OCF services definition; this mediator service may be used to establish connectivity between a cloud-capable device and a cloud-based service. Further systems and methods to provide a proxy access service (PAS) hosted on a cloud service provider, that enable a PAS to coordinate and preserve device-to-device interactions from end-to-end, are also disclosed.

Abstract: Various systems and methods for user-authorized onboarding of a device using a public authorization service (310) are described herein. In an example, a 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. For instance, respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients (350A, 350B, . . . , 350N). Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding action(s) assigned. Further techniques for implementation and tracking such onboarding actions as part of an IoT network service are also disclosed.

Abstract: Technologies for batching requests in an edge infrastructure include a compute device including circuitry configured to obtain a request for an operation to be performed at an edge location. The circuitry is also configured to determine, as a function of a parameter of the obtained request, a batch that the obtained request is to be assigned to. The batch includes a one or more requests for operations to be performed at an edge location. The circuitry is also configured to assign the batch to a cloudlet at an edge location. The cloudlet includes a set of resources usable to execute the operations requested in the batch.

Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.

Abstract: An apparatus operating as a certificate authority (CA) is described. The apparatus can perform operations including receiving, from a plurality of requesting devices, a request to join a group. The request can include identification information for the group and attestation evidence for the plurality of requesting devices. Responsive to receiving the request, the apparatus can provide a group certificate for the group to the plurality of requesting devices.

Abstract: Methods, apparatus, systems and machine-readable storage media of an edge computing device which is enabled to access and select the use of local or remote acceleration resources for edge computing processing is disclosed. In an example, an edge computing device obtains first telemetry information that indicates availability of local acceleration circuitry to execute a function, and obtains second telemetry that indicates availability of a remote acceleration function to execute the function. An estimated time (and cost or other identifiable or estimateable considerations) to execute the function at the respective location is identified. The use of the local acceleration circuitry or the remote acceleration resource is selected based on the estimated time and other appropriate factors in relation to a service level agreement.

Abstract: Methods, apparatuses and system provide for technology that interleaves a plurality of verification commands with a plurality of copy commands in a command buffer, wherein each copy command includes a message authentication code (MAC) derived from a master session key, wherein one or more of the plurality of verification commands corresponds to a copy command in the plurality of copy commands, and wherein a verification command at an end of the command buffer corresponds to contents of the command buffer. The technology may also add a MAC generation command to the command buffer, wherein the MAC generation command references an address of a compute result.

Abstract: Systems, apparatuses and methods may provide for encryption based technology. Data may be encrypted locally with a graphics processor with encryption engines. The graphics processor components may be verified with a root-of-trust and based on collection of claims. The graphics processor may further be able to modify encrypted data from a non-pageable format to a pageable format. The graphics processor may further process data associated with a virtual machine based on a key that is known by the virtual machine and the graphics processor.

Abstract: Various systems and methods of establishing and utilizing device management (DM) services in Internet of Things (IoT) networks and similar distributed network architectures, are described. In an example, RESTful messaging within IoT operational and resource models are used to establish, instantiate, and operate DM services having various roles within an IoT framework abstraction.

Abstract: Systems, methods, articles of manufacture, and apparatus for end-to-end hardware tracing in an Edge network are disclosed. An example compute device includes at least one memory, instructions in the compute device, and processing circuitry to execute the instructions to, in response to receiving detecting an object having a global group identifier, generate monitoring data corresponding to a respective process executing on the compute device, the monitoring data including a process identifier, index the monitoring data having the process identifier to the corresponding global group identifier, synchronize a time stamp of the monitoring data to a network time protocol corresponding to the global group identifier, and transmit the indexed and synchronized monitoring data as tracing data in to the a tracing datastore.

Abstract: Various systems and methods for implementing an access control policy that provides subject matching in distributed access control scenarios, such as Internet of Things (IoT) device interconnection settings, are described. In an example, a determining an access control policy with an access evaluator includes: receiving a request from a subject to perform an operation with an object; evaluating the first type of access policy of the subject, and a second type of access policy of the object, to determine a first and second access scope for performing the requested operation; identifying an access control object that provides a mapping between the first access scope and the second access scope for performing the requested operation; and providing access from the subject to the object based on a security level determined from the mapping between the first access scope and the second access scope provided with the access control object.

Abstract: Systems and techniques for storage-class memory device including a network interface are described herein. A write for a network communication is received by the host interface of the memory device. Here, the network communication includes a header. The header is written to a non-volatile storage array managed by a memory controller. A network command is detected by the memory device. Here, the network command includes a pointer to the header in the non-volatile storage array. The header is retrieved from the non-volatile storage array and a packet based on the header is transmitted via a network interface of the memory controller.

Abstract: Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein.

Abstract: Methods, apparatus, systems, and articles of manufacture for attestation for a constellation of edge devices are disclosed. An example first edge computing node includes at least one memory, instructions in the first edge computing node, and processor circuitry to execute the instructions to record one or more timestamps corresponding to processing of event data from a first edge computing device, transmit the event data and the one or more timestamps to a second edge computing node, in response to the second edge computing node validating the event data based on the one or more timestamps and historical key performance indicators corresponding to the first edge computing node, validate the event data.

Abstract: A computing node includes network interface circuitry and processing circuitry. The processing circuitry assigns available computing resources to a plurality of slice contexts. Each slice context of the plurality includes resource allocations of the available computing resources associated with multiple communication networks. A first portion of the resource allocations is designated as dedicated resources and a second, remaining portion is designated as shared resources. A FAFO event associated with a workload is detected. The workload executes on a network slice instance (NSI) associated with a slice context of a subset of slice contexts. The configuration of the NSI is restored to a pre-FAFO event state based on reconfiguring one or both of the dedicated resources or the shared resources of the slice context based on the resource allocations of at least a second slice context in the subset of slice contexts.

Abstract: Systems and techniques for transparent dynamic reassembly of computing resource compositions are described herein. An indication may be obtained of an error state of a component of a computing system. An offload command may be transmitted to component management software of the computing system. An indication may be received that workloads to be executed using the component have been suspended. An administrative mode command may be transmitted to the component. The administrative mode command may place the component in partial shutdown to prevent the component from receiving non-administrative workloads. Data of the component may be synchronized with a backup component. Workloads from the component may be transferred to the backup component. An offload release command may be transmitted to the software of the computing system.

Abstract: A machine-readable storage medium includes instructions stored thereupon, which when executed by processing circuitry of a computing node operable to implement a service mesh control plane (SMCP) in a MEC network, cause the processing circuitry to decode an attestation request received from a sidecar proxy of a deployable instance. The sidecar proxy is instantiated on a MEC host. Evidence information is collected from the deployable instance responsive to the attestation request, the evidence information comprising at least one security configuration of the deployable instance. An attestation of the evidence information is performed using a verified configuration of the deployable instance to generate an integrity report. An attestation token is generated based on the integrity report and is encoded for transmission to the MEC host. The attestation token authorizes the sidecar proxy to obtain configuration to facilitate a data exchange between the deployable instance and at least another deployable instance.