Abstract: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

Abstract: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

Abstract: Methods, apparatuses, articles, and systems for observing, by a virtual machine manager of a physical device, execution of a target process of a virtual machine of the physical device, including virtual addresses of the virtual machine referenced during the execution, are described herein. The virtual machine manager further determines whether the target process is executing in an expected manner based at least in part on the observed virtual address references and expected virtual address references.

Abstract: A combination of more frequent and less frequent security monitoring may be used to defeat worm or virus attacks. At periodic intervals, a risk assessment scan may be implemented to determine whether or not a worm attack has occurred. Prior thereto, an intermediate detection by an anomaly detection agent may determine whether or not a worm attack may have occurred. If a potential worm attack may have occurred, intermediate action, such as throttling of traffic, may occur. Then, at the next risk assessment scan, a determination may be made as to whether the attack is actually occurring and, if so, more effective and performance altering techniques may be utilized to counter the attack.

Abstract: Embodiments of apparatuses, articles, methods, and systems for associating identifiers with memory locations for controlling memory accesses are generally described herein. Other embodiments may be described and claimed.

Abstract: In some embodiments, a processor-based system may include at least one processor, at least one memory coupled to the at least one processor, a network interface component, and a management controller. The management controller may be configured to receive information related to a subscription request for a virtual machine, generate configuration information for the network interface component based on the subscription request, and provide the configuration information to the network interface component. Other embodiments are disclosed and claimed.

Abstract: A system and process are described to enable at least one of a plurality of host agents executing on a system to update memory region types of a system memory, register the at least one host agent in a registry stored in system management memory, receive a system management interrupt (SMI) from one of the plurality of host agents to update a memory region type, determine if the host agent issuing the SMI is listed in the registry stored in system management memory, update the memory region in response to determining the host agent issuing the SMI is listed in the registry, and maintain the memory region type in response to determining the host agent issuing the SMI is not listed in the registry.

Abstract: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

Abstract: Identity of software is authenticated with hardware on a system. The hardware may be accessible to the operating system, making the mechanisms available to software makers. The identity of the software may be authenticated using fundamental properties of the software itself, providing greater security than merely relying on transferable identifiers, for example, keys.

Abstract: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

Abstract: Embodiments of the present disclosure provide methods, systems, and articles for restricting access to memory of an application by a component of the application, for example, pluggable code modules. Other embodiments may also be described and claimed.

Abstract: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

Abstract: Embodiments of a method and system for detecting and confirming an agent presence are disclosed herein. The agent presence can be confirmed by a secure management engine configured to execute in a secure execution environment. In various embodiments, a secure execution environment includes a service processor, a virtual partition, and an embedded microcontroller. The management engine is configured to monitor a signal communicated from the agent. Based on the monitored signal, an analysis determines an operational state of the agent. Embodiments include remote management applicability for monitoring a host agent.

Abstract: Embodiments of an invention for generating multiple address space identifiers per virtual machine to switch between protected micro-contexts are disclosed. In one embodiment, an apparatus includes privileged mode logic, an interface, and memory management logic. The privileged mode logic is to transfer control of the processor among a plurality of virtual machines. The interface is to perform a transaction to fetch information from a memory. The memory management logic is to translate an untranslated address to a memory address. The memory management logic includes a storage location, a series of translation stages, determination logic, and a translation lookaside buffer. The storage location is to store an address of a data structure for the first translation stage. Each of the translation stages includes translation logic to find an entry in a data structure based on a portion of the untranslated address.

Abstract: An embodiment of the present invention is a technique to protect memory. A memory identifiers storage stores memory identifiers associated with protected components. The memory identifiers include exclusive memory identifiers and shared memory identifiers. The memory identifier storage is protected from access by a host operating system. A memory identifier management service (MMS) manages the memory identifiers. The MMS resides in a protected environment. An access control enforcer (ACE) enforces an access control policy with the memory identifiers.

Abstract: Hardware correlation of software performance statistics. Software may gather data relating to performance of a hardware resource. A hardware component of the system of the hardware resource may obtain data relating to the performance of the hardware resource from a hardware component and the gathered software data, and correlate the software and hardware data. A level of correlation may be determined, and remedial action may be taken based on the correlation of the software and hardware data.

Abstract: Systems and methods are described herein to provide for host virtual memory reconstitution. Virtual memory reconstitution is the ability to translate the host device's virtual memory addresses to the host device's physical memory addresses. The virtual memory reconstitution methods are independent of the operating system running on the host device.

Abstract: A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program's code. The measurement engine computes a comparison value on the program's image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program's image is determined to be modified, and appropriate remedial action may be triggered.

Abstract: Machine readable media, methods, and computing devices are disclosed which establish a protected memory channel between an operating system loader of a user partition and services of a management partition. One computing device includes protected storage, read only memory, firmware, a storage device and a processor. The storage device is to store the virtual machine monitor and an operating system having an operating system loader. The virtual machine monitor is to establish a protected memory channel between the one or more integrity services of a management partition and the operating system loader of a user partition in response to measuring and verifying the operating system loader based upon the manifest. The processor is to execute the code of the read only memory, the firmware, the virtual machine monitor, the operating system, the operating system loader, the management partition, and the user partition.

Abstract: A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD.