Abstract: Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Systems, apparatuses and methods may provide for technology that includes a writing implement with an ink subsystem to print a message, a sensor subsystem to digitize the message and an authorization subsystem coupled to the sensor subsystem, wherein the authorization subsystem generates a notification of whether the digitized message is authentic. In one example, a remote server obtains the digitized message originating from a writing implement, wherein the digitized message includes an image of a handwritten signature and additional sensor information. In such a case, the server may conduct an authentication of the additional sensor information with respect to known sensor information associated with an authenticated user and send an authentication response to the writing implement based on the authentication.

Abstract: Techniques for secure remote debugging of SoCs are described. The SoC includes an intellectual property (IP) block, a microcontroller, and a fabric coupled to the IP block and the microcontroller. The IP block transmits, via the fabric, information regarding events within the IP block to the microcontroller. The microcontroller executes firmware including a network stack and a remote debugger program. Using the firmware, the microcontroller provides the event information to a device external to the SoC.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Embodiments of apparatuses and methods including virtual address memory range registers are disclosed. In one embodiment, a processor includes a memory interface, address translation hardware, and virtual memory address comparison hardware. The memory interface is to access a system memory using a physical memory address. The address translation hardware is to support translation of a virtual memory address to the physical memory address. The virtual memory address is used by software to access a virtual memory location in the virtual memory address space of the processor. The virtual memory address comparison hardware is to determine whether the virtual memory address is within a virtual memory address range.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

Abstract: In one embodiment, an apparatus includes: at least one core to execute instructions, the at least one core formed on a semiconductor die; a first memory formed on the semiconductor die, the first memory comprising a non-volatile random access memory, the first memory to store a first entry to be a monotonic counter, the first entry including a value field and a status field; and a control circuit, wherein the control circuit is to enable access to the first entry if the apparatus is in a secure mode and otherwise prevent the access to the first entry. Other embodiments are described and claimed.

Abstract: Generally, this disclosure provides systems, devices, methods and computer readable media for virtualization-based intra-block workload isolation. The system may include a virtual machine manager (VMM) module to create a secure virtualization environment or sandbox. The system may also include a processor block to load data into a first region of the sandbox and to generate a workload package based on the data. The workload package is stored in a second region of the sandbox. The system may further include an operational block to fetch and execute instructions from the workload package.

Abstract: According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.

Abstract: A protected graphics module can send its output to a display engine securely. Secure communications with the display can provide a level of confidentiality of content generated by protected graphics modules against software and hardware attacks.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: Various embodiments are generally directed an apparatus and method for processing an encrypted graphic with a decryption key associated with a depth order policy including a depth position of a display scene, generating a graphic from the encrypted graphic when the encrypted graphic is successfully decrypted using the decryption key and assigning the graphic to a plane at the depth position of the display scene when the encrypted graphic is successfully decrypted.

Abstract: Computing platform security methods and apparatus are disclosed. An example apparatus includes a security application to configure a security task, the security task to detect a malicious element on a computing platform, the computing platform including a central processing unit and a graphics processing unit; and an offloader to determine whether the central processing unit or the graphics processing unit is to execute the security task; and when the graphics processing unit is to execute the security task, offload the security task to the graphics processing unit for execution.

Abstract: This disclosure is directed to avoiding redundant memory encryption in a cryptographic protection system. Data stored in a device may be protected using different encryption systems. Data associated with at least one trusted execution environment (TEE) may be encrypted using a first encryption system. Main memory in the device may comprise data important to maintaining the integrity of an operating system (OS), etc. and may be encrypted using a second encryption system. Data may also be placed into a memory location via direct memory access (DMA) and may be protected utilizing a third encryption system. Redundant encryption may be avoided by encryption circuitry capable of determining when data is already protected by encryption provided by another system. For example, the encryption circuitry may comprise encryption control circuitry that monitors indicators set at different points during data handling, and may bypass certain data encryption or decryption operations based on the indicator settings.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: A voice command device (VCD) has privacy protection. The VCD comprises a processor, first and second input devices, at least one data line to couple the first and second input devices to the processor, a power supply, and a sensor power line to couple the first and second input devices to the power supply. The VCD also comprises a manually operated mechanical switch on the sensor power line, to divide the sensor power line into a first leg comprising the power supply and a second leg comprising the input devices. The VCD also comprises an active sensor indicator light on the second leg of the sensor power line. The indicator light is configured to indicate whether the input devices are operational, based on a power level of the second leg of the sensor power line. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to handle interrupts directed to secure virtual machines. Work is added to a work queue in a shared memory buffer in accordance with a received request, and a task-priority register is updated to block interrupts not directed toward the secure virtual machine. A timer that expires after a number of cycles of the computer processor have elapsed is started. The secure virtual machine is launched on the computer processor, and a work queue in a shared memory buffer is polled for work to be executed by the secure virtual machine until the work queue is empty or until the timer expires.