Abstract: Presented herein are systems and methods for enabling and providing safe and secure last resort access to a computing system. Embodiments may leverage trusted platform modules that exists in information handling systems to provide a more convenient and more secure rescue account. In one or more embodiments, the last resort access may be based on federated approval from a vendor/provider and a customer. In one or more embodiments, part of the cryptographic information is stored/controlled by a provisioner (or vendor), and another part is stored/controlled by the customer. Since both parts are involved in the last resort access process in order to gain access, neither entity alone can gain access to the information handling system.

Abstract: One example method includes performing a filtering process that identifies one or more candidate hosts for scheduling of a pod, wherein the candidacy of a host is determined based in part upon an association rule, generating an overall host score for each of the candidate hosts, and scheduling the pod to one of the candidate hosts based on the overall host score of that candidate host. A host risk score and/or pod risk score may be used in the generating of the overall host score.

Abstract: A system receives a request from a user to execute a command on an air-gapped computer system. If a role-based access control system permits the user to execute the command, the system prompts a number of approvers to determine whether to approve of the user executing the command. If a required number of approvers have approved of the user executing the command, the system encodes the command and incorporates the encoded command in an encoded message. The system uses a simplex communication output device to communicate the encoded message to a simplex communication input device for the air-gapped computer system. The system enables execution of the command by requesting the air-gapped computer system to execute the command, or by providing the user with an access token, received from the air-gapped computer system, which enables the user to physically access the air-gapped computer system and execute the command.

Abstract: An air-gapped computer receives, from a simplex communication input device, an encoded message communicated by a simplex communication output device. The air-gapped computer system can use a private key to decrypt an encrypted message which was encrypted by a corresponding public key. The air-gapped computer system decodes the encoded message. The air-gapped computer system verifies that the decoded message indicates that a required number of approvers have approved of a user executing a command. The air-gapped computer system extracts the approved command from the decoded message. The air-gapped computer system enables execution of the command by executing the command, or by providing the user with an access token which enables the user to physically access the air-gapped computer system and execute the command.

Abstract: A system receives a request from a user to execute a command on an air-gapped computer system. If a role-based access control system permits the user to execute the command, the system prompts a number of approvers to determine whether to approve of the user executing the command. If a required number of approvers have approved of the user executing the command, the system encodes the command and incorporates the encoded command in an encoded message. The system uses a simplex communication output device to communicate the encoded message to a simplex communication input device for the air-gapped computer system. The system enables execution of the command by requesting the air-gapped computer system to execute the command, or by providing the user with an access token, received from the air-gapped computer system, which enables the user to physically access the air-gapped computer system and execute the command.

Abstract: According to one embodiment, a secure storage unit replacement and locking system includes computer-executable instructions to receive a request to remove one of the storage units from the enclosure, and generate a key, wherein the key includes information for identifying the one storage unit to be removed. When the key is presented at the enclosure, the instructions receive information associated with the key when the key is located at the disk enclosure, determine which one of the plurality of storage units are to be unlocked by the key, and unlock the one storage unit according to the determination.

Abstract: One example method includes reading, at an air-gapped system, a code provided by a control system, and the code includes a message containing instructions from the control system to the air-gapped system, checking, by the air-gapped system, the message to determine if the message includes a command executable by the air-gapped system, and when the message identifies a command executable by the air-gapped system, and the command is included in a list of authorized commands, executing, by the air-gapped system, the command.

Abstract: One example method includes packaging a containerized application into at least two images. The first image may include the main application and the second image includes a decryptor. Sensitive information associated with the application is encrypted and included in the second image. The decryptor operates separately from the main application. After the decryptor successfully completes, the main application is run. The main application may include a copier layer to copy any data decrypted by the decryptor into the main application.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.

Abstract: Techniques are provided for user identity verification using dynamic identification policies. One method comprises obtaining, by an identity management server, a validation request to evaluate an identity of a user, wherein the validation request is processed by the identity management server in connection with an access request of the user to access a protected resource provided by a service provider that is distinct from the identity management server. The validation request may comprise an identification policy, generated by the service provider in response to receiving the access request, that specifies authentication consensus constraints that apply to the access request.

Abstract: A secure approval chain for runtime protection is disclosed. As an application or pod is developed in a pipeline, an approval engine ensures that the pod is approved by all approvers. The approval engine generates a deployment token that is added to the configuration data of the pod and that can be used at deployment to perform various security operations including pod verification, runtime environment control and enforcement, and pod or application verification.

Abstract: Techniques for securely monitoring an air-gapped machine. Systems, methods, and devices for generating a status message representing a state of an air-gapped machine, converting the status message to a visual code, displaying the visual code to a display monitor connected to the air-gapped machine, capturing image data of the visual code at a camera connected to a monitoring machine, and transmitting the image data to the monitoring machine, thereby causing the visual code to be accessible by a user of the monitoring machine. Techniques for verifying the integrity of the status message, and optionally, encrypting the status message.

Abstract: One example method includes performing a filtering process that identifies one or more candidate hosts for scheduling of a pod, wherein the candidacy of a host is determined based in part upon an association rule, generating an overall host score for each of the candidate hosts, and scheduling the pod to one of the candidate hosts based on the overall host score of that candidate host. A host risk score and/or pod risk score may be used in the generating of the overall host score.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.

Abstract: One example method includes using a primary key to encrypt a decryption key, splitting the primary key into ‘n’ parts, where at least ‘k’ parts of the ‘n’ parts are required to restore the primary key, and ‘k’?‘n’, storing some of the ‘k’ parts in respective locations in a production environment, and one of the stored ‘k’ parts is held by a verifier stage, receiving, at the verifier stage, a request for restoration of the primary key, where the request is received from a deployment pod and the request includes a subset of the ‘k’ parts and the encrypted decryption key, performing, by the verifier stage, a validation process concerning the deployment pod, and restoring, by the verifier stage, the primary key, wherein the primary key is restored using the ‘k’ part held by the verifier stage.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.

Abstract: One example method includes using a primary key to encrypt a decryption key, splitting the primary key into ‘n’ parts, where at least ‘k’ parts of the ‘n’ parts are required to restore the primary key, and ‘k’?‘n’, storing some of the ‘k’ parts in respective locations in a production environment, and one of the stored ‘k’ parts is held by a verifier stage, receiving, at the verifier stage, a request for restoration of the primary key, where the request is received from a deployment pod and the request includes a subset of the ‘k’ parts and the encrypted decryption key, performing, by the verifier stage, a validation process concerning the deployment pod, and restoring, by the verifier stage, the primary key, wherein the primary key is restored using the ‘k’ part held by the verifier stage.

Abstract: A secure approval chain for runtime protection is disclosed. As an application or pod is developed in a pipeline, an approval engine ensures that the pod is approved by all approvers. The approval engine generates a deployment token that is added to the configuration data of the pod and that can be used at deployment to perform various security operations including pod verification, runtime environment control and enforcement, and pod or application verification.

Abstract: One example method includes packaging a containerized application into at least two images. The first image may include the main application and the second image includes a decryptor. Sensitive information associated with the application is encrypted and included in the second image. The decryptor operates separately from the main application. After the decryptor successfully completes, the main application is run. The main application may include a copier layer to copy any data decrypted by the decryptor into the main application.

Abstract: One example method includes inserting a signal layer in an image, the signal layer indicating that a sensitive layer in the image is a candidate for encryption, creating a single layer archive file that includes the sensitive layer, encrypting the single layer archive file to create an encrypted layer, constructing a new image that includes the encrypted layer, inserting, in the new image, a decryptor layer that is operable to decrypt the encrypted layer, and designating the decryptor layer as an entry point of the new image.