Abstract: Improving security and reliability of cloud-based systems by removing persistence of device firmware may include downloading, by a networked device, a temporary firmware image, cryptographically verifying the temporary firmware image, and booting the networked device using the temporary firmware image.

Abstract: One embodiment of the invention provides a method comprising identifying hardware and software components of a system architecture, and generating a multi-layered graph based on the hardware and software components. The multi-layered graph includes a hardware layer representing a lowest level of hardware architecture of the system architecture. The method further comprises extracting one or more properties of the multi-layered graph, computing one or more security metrics based on the one or more properties, and quantifying a security risk of the system architecture based on the one or more security metrics.

Abstract: Embodiments for managing a computing system are provided. A Root-of-Trust (RoT) device within the computing system is caused to boot. The computing system includes at least one peripheral device, and the RoT device is in operable communication with the at least one peripheral device and a management server. The at least one peripheral device is caused to at least partially boot. The RoT device is caused to retrieve a firmware image associated with the at least one peripheral device from the management server. The at least one peripheral device is caused to reboot utilizing the firmware image.

Abstract: A Reduced Instruction Set Computer (“RISC”) supporting large-word operations in a computing environment is disclosed. In one implementation, in response to receiving one or more control signals from a central processing unit (“CPU”), a set of operations are executed on a state of a special purpose execution unit (“SPU”) having a plurality of SPU registers, the SPU being associated with the CPU and the state of the SPU having word widths of one or more of the plurality of registers being greater in size than word widths of a plurality of CPU registers of a computing system and a set of state-master bits to synchronize the state of the SPU and a state of the CPU. The results of the set of operations are stored in the plurality of CPU registers or an alternative set of the plurality of SPU registers.

Abstract: A Reduced Instruction Set Computer (“RISC”) supporting large-word operations in a computing environment is disclosed. In one implementation, in response to receiving one or more control signals from a central processing unit (“CPU”), a set of operations are executed on a state of a special purpose execution unit (“SPU”) having a plurality of SPU registers, the SPU being associated with the CPU and the state of the SPU having word widths of one or more of the plurality of registers being greater in size than word widths of a plurality of CPU registers of a computing system and a set of state-master bits to synchronize the state of the SPU and a state of the CPU. The results of the set of operations are stored in the plurality of CPU registers or an alternative set of the plurality of SPU registers.

Abstract: A computer implemented method for assessing endpoint security includes identifying a size of exposed PCIe space corresponding to a system of interest comprising one or more endpoints, determining an observable state of correct functionality for the system, generating random transaction layer packets corresponding to the endpoint, injecting the generated transaction layer packets, monitoring the system following the injection of the generated transaction layer packets for erroneous patterns exhibited by the system, and reporting the erroneous patterns exhibited by the system. A corresponding computer program product and computer system are also disclosed.

Abstract: Embodiments for managing a computing system are provided. A Root-of-Trust (RoT) device within the computing system is caused to boot. The computing system includes at least one peripheral device, and the RoT device is in operable communication with the at least one peripheral device and a management server. The at least one peripheral device is caused to at least partially boot. The RoT device is caused to retrieve a firmware image associated with the at least one peripheral device from the management server. The at least one peripheral device is caused to reboot utilizing the firmware image.

Abstract: Described is a baseboard management controller (BMC). The BMC comprises a BMC flash storage storing firmware and an access permission table. The access permission table defines an access control policy for access requests to peripherals communicatively coupled to the BMC. The BMC further comprises an access control chip comprising one or more processors and a write-once memory. The write-once memory stores a copy of the access permission table. The access control chip is configured to manage access to the peripherals using the access permission table.

Abstract: An apparatus includes a trigger generator and at least one multiplexer. The trigger generator is configured to generate a non-periodic trigger output. The at least one multiplexer is configured to output a valid control signal and an obfuscated control signal in response to a key value input. The obfuscated control signal is selectively set to one of a valid control signal and an invalid control signal based on the non-periodic trigger output.

Abstract: An apparatus includes a trigger generator and at least one multiplexer. The trigger generator is configured to generate a non-periodic trigger output. The at least one multiplexer is configured to output a valid control signal and an obfuscated control signal in response to a key value input. The obfuscated control signal is selectively set to one of a valid control signal and an invalid control signal based on the non-periodic trigger output.