Abstract: Aspects of the present disclosure relate to techniques for identifying susceptibility to induced charge leakage. In examples, a susceptibility test sequence comprising a cache line flush instruction is used to repeatedly activate a row of a memory unit. The susceptibility test sequence causes induced charge leakage within rows that are physically adjacent to the activated row, such that a physical adjacency map can be generated. In other examples, a physical adjacency map is used to identify a set of adjacent rows to a target row. A susceptibility test sequence is used to repeatedly activate the set of adjacent rows, after which the content of the target row is analyzed to determine whether the any bits of the target row flipped as a result of induced charge leakage. If flipped bits are not identified, an indication is generated that the memory unit is not susceptible to induced charge leakage.

Abstract: A compromise detection system protects data centers (DCs) or other providers in the cloud. The compromise detection system can detect compromised virtual machines (VMs) through changes in network traffic characteristics while avoiding expensive data collection and preserving privacy. The compromise detection system obtains and uses periodically-obtained flow pattern summaries to detect compromised VMs. Agent-based detection on predetermined and compromised VMs can expose (using supervised learning) the network behavior of compromised VMs and then apply the learned model to all VMs in the DC. The compromise detection system can run continuously, protect the privacy of cloud customers, comply with Europe's General Data Protection Regulation (GDPR), and avoid various techniques that both erode privacy and degrade VM performance.

Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Abstract: Disclosed is a trusted language runtime (TLR) architecture that provides abstractions for developing a runtime for executing trusted applications or portions thereof securely on a mobile device (e.g., a smartphone). TLR offers at least two abstractions to mobile developers: a trustbox and a trustlet. The trustbox is a runtime environment that offers code and data integrity, and confidentiality. Code and data running inside a trustbox cannot be read or modified by any code running outside the trustbox. A trustlet is the code portion of an application that runs inside a trustbox. With TLR, programmers can write applications in .NET and specify which parts of the application handle sensitive data, and thus, run inside the trustbox. With the TLR, the developer places these parts in a trustlet class, and the TLR provides all support needed to run the parts in the trustbox.

Abstract: Methods and devices for encoding and decoding data streams are disclosed. In some aspects, the data streams are multimedia data streams. One method disclosed includes obtaining, by a client device, a first multimedia data stream and a second multimedia data stream, the second multimedia data stream being a lower fidelity version of the first multimedia data stream, generating, by the client device, a third multimedia data stream based on differences between the first and second multimedia data streams, compressing, by the client device, the second multimedia data stream to generate a first compressed multimedia data stream, compressing, by the client device, the third multimedia data stream to generate a second compressed multimedia data stream; and transmitting, by the client device, the first and second compressed multimedia data steams to the server.

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

Abstract: Described is a technology by which classes of memory attacks are prevented, including cold boot attacks, DMA attacks, and bus monitoring attacks. In general, secret state such as an AES key and an AES round block are maintained in on-SoC secure storage, such as a cache. Corresponding cache locations are locked to prevent eviction to unsecure storage. AES tables are accessed only in the on-SoC secure storage, to prevent access patterns from being observed. Also described is securely preparing for an interrupt-based context switch during AES round computations and securely resuming from a context switch without needing to repeat any already completed round or round of computations.

Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.

Abstract: The minimization of the amount of power consumed by an electronic device in acquiring or maintaining network connectivity with a network may extend the battery life of the electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection. Accordingly, the electronic device powers on a main processor of the electronic device when the network interface controller detects a beacon during the power on state that indicates the wireless access point has a buffered data frame for the electronic device.

Abstract: Various technologies described herein pertain to performing collaborative rendering. A GPU of a mobile device can generate a mobile-rendered video stream based on a first instance of an application executed on the mobile device. A GPU of a server can generate one or more server-rendered video streams based on instance(s) of the application executed on the server. Based on the one or more server-rendered video streams, the server can generate a compressed server-manipulated video stream. The mobile device can further combine the mobile-rendered video stream and the compressed server-manipulated video stream to form a collaborative video stream, and a display screen of the mobile device can be caused to display the collaborative video stream. The mobile-rendered video stream can have a first level of a quality attribute and the collaborative video stream can have a second level of the quality attribute greater than the first level of the quality attribute.

Abstract: A method described herein includes an act of, at a mobile computing device, receiving an indication that a portion of code of a program executing on the mobile computing device is to be offloaded to a second computing device for execution on the second computing device, wherein the indication is based at least in part upon an estimated energy savings of the mobile computing device by offloading the portion of the code for execution on the second computing device. The method also includes an act of transmitting data to the second computing device that causes the second computing device to execute the portion of the code.

Abstract: The minimization of the amount of power consumed by an electronic device in acquiring or maintaining network connectivity with a network may extend the battery life of the electronic device. When the electronic device has established a communication connection with a wireless access point, the electronic device cycles a network interface controller of the electronic device between a power on state and a power off state without terminating the communication connection. Accordingly, the electronic device powers on a main processor of the electronic device when the network interface controller detects a beacon during the power on state that indicates the wireless access point has a buffered data frame for the electronic device.

Abstract: A system is provided that allows a spectator to spectate video gameplay over a network. Recorded information associated with a selected recording of a player playing a video game that includes a game engine is received over the network. The recorded information includes game commands that were input to the game engine as the player was playing the game, and inputs the player made to the game to control it. The recorded information is replayed to the game at the timing in which this information was originally recorded, where this replay includes replaying the game commands to the game engine. The replay generates a playback of the selected recording which is displayed on the display screen of the spectator's computer. Upon receiving a request from the spectator to view the inputs the player made to the game they are highlighted on the screen during the playback of the selected recording.

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

Abstract: Various technologies described herein pertain to a computing device that includes secure hardware (e.g., a TPM, a secure processor of a processing platform, protected memory that includes a software-based TPM, etc.). The secure hardware includes a shared secret, which is shared by the secure hardware and a server computing system. The shared secret is provisioned by the server computing system or a provisioning computing system of a party affiliated with the server computing system. The secure hardware further includes a cryptographic engine that can execute a cryptographic algorithm using the shared secret or a key generated from the shared secret. The cryptographic engine can execute the cryptographic algorithm to perform encryption, decryption, authentication, and/or attestation.

Abstract: A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Abstract: In a cloud computing environment, a production server virtualization stack is minimized to present fewer security vulnerabilities to malicious software running within a guest virtual machine. The minimal virtualization stack includes support for those virtual devices necessary for the operation of a guest operating system, with the code base of those virtual devices further reduced. Further, a dedicated, isolated boot server provides functionality to securely boot a guest operating system. The boot server is isolated through use of an attestation protocol, by which the boot server presents a secret to a network switch to attest that the boot server is operating in a clean mode. The attestation protocol may further employ a secure co-processor to seal the secret, so that it is only accessible when the boot server is operating in the clean mode.

Abstract: Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.

Abstract: The claimed subject matter provides a method for split billing. The method includes receiving a requested token. The requested token specifies conditions under which network traffic is allowed to be billed against a third party for content requested from a mobile computing device. The method also includes matching network traffic between the mobile computing device and a content provider to the specified conditions. The method further includes metering the matched network traffic to a billing account for the third party.