Abstract: Examples for transitioning between operating systems are disclosed. An example apparatus includes reserved copy circuitry to copy state data of a first operating system from a first portion of first memory to a second portion of the first memory in response to an operating system toggle event; toggle event circuitry to, in response to a determination that the state data has been copied to the second portion of the first memory, initiate execution of a second operating system, the second operating system loaded from a hibernation file in second memory; and write out circuitry to copy the state data of the first operating system from the second portion of the first memory to the hibernation file while the second operating system is executed on the apparatus.

Abstract: Systems, apparatuses and methods may provide for a memory apparatus that includes a client-side address space dedicated to an accessor of obfuscated multi-tenant data, wherein an executable view generation library is stored to the client-side address space. In one example, the executable view generation library is to receive a request to access at least a portion of the obfuscated multi-tenant data, convert the obfuscated multi-tenant data to deobfuscated multi-tenant data based on metadata associated with the executable view generation library and generate a single-tenant view based on the deobfuscated multi-tenant data.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Various embodiments are generally directed to techniques for supporting the distributed execution of a task routine among multiple secure controllers incorporated into multiple computing devices. An apparatus includes a first processor component and first secure controller of a first computing device, where the first secure controller includes: a selection component to select the first secure controller or a second secure controller of a second computing device to compile a task routine based on a comparison of required resources to compile the task routine and available resources of the first secure controller; and a compiling component to compile the task routine into a first version of compiled routine for execution within the first secure controller by the first processor component and a second version for execution within the second secure controller by a second processor component in response to selection of the first secure controller. Other embodiments are described and claimed.

Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.

Abstract: A disclosed example to protect memory from buffer overflow or underflow includes defining an implicit bound pointer based on an implicit bound pointer definition in a configuration file for a memory region; instrumenting object code with an implicit buffer bound check based on the implicit bound pointer; and generating hardened executable object code based on the object code, the implicit buffer bound check, and the implicit bound pointer, the implicit bound pointer located in the hardened executable object code during a compilation phase to facilitate loading the implicit bound pointer in a global bounds table during runtime for access by the implicit buffer bound check.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: Various systems and methods for enabling derivation and distribution of an attestation manifest for a software update image are described. In an example, these systems and methods include orchestration functions and communications, providing functionality and components for a software update process which also provides verification and attestation among multiple devices and operators.

Abstract: Examples for transitioning between operating systems are disclosed. An example apparatus includes reserved copy circuitry to copy state data of a first operating system from a first portion of first memory to a second portion of the first memory in response to an operating system toggle event; toggle event circuitry to, in response to a determination that the state data has been copied to the second portion of the first memory, initiate execution of a second operating system, the second operating system loaded from a hibernation file in second memory; and write out circuitry to copy the state data of the first operating system from the second portion of the first memory to the hibernation file while the second operating system is executed on the apparatus.

Abstract: Disclosed herein are distributed ledger systems and methods for efficiently creating and updating a query optimized distributed ledger. In particular, the present disclosure introduces methods and apparatuses for efficiently updating indexes when new blocks are added to the distributed ledger by using snapshots of data and appending new snapshot tables and indexes to previous snapshot tables and indexes.

Abstract: Technologies for transitioning between operating systems include a computing device having a main memory and a data storage device. The computing device executes a first operating system and monitors for an operating system toggle event. The toggle event may be a software command, a hardware buttonpress, or other user command. In response to the toggle event, the computing device copies state data of the first operating system to a reserved memory area. After copying the state data, the computing device executes a second operating system. While the second operating system is executing, the computing device copies the state data of the first operating system from the reserved memory area to the data storage device. The computing device monitors for operating system toggle events during execution of the second operating system and may similarly toggle execution back to the first operating system. Other embodiments are described and claimed.

Abstract: Disclosed herein are cloud-based machine learning systems and methods for monitoring networked devices to identify and classify characteristics, to infer typical or atypical behavior and assign reputation profiles across various networked devices, and to make remediation recommendations. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a plurality of reputable devices that are known to be free from malicious software and other threats. In some embodiments, a cloud-based machine learning system may learn the typical operation and interfacing of a device, and may identify atypical operations or interfaces associated with that device by comparing the operations and interfaces to those of a plurality of networked devices or to those of a defined standard reference device.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein. An example apparatus includes at least one memory, and at least one processor to execute instructions to at least identify one or more non-sensitive parameters of a plurality of policy parameters and one or more sensitive parameters of the plurality of the policy parameters, the plurality of the policy parameters obtained from a computing device in response to a request from a cloud analytics server for the plurality of the policy parameters, encrypt the one or more sensitive parameters to generate encrypted parameter data in response to the identification of the one or more sensitive parameters, and transmit the encrypted parameter data to the cloud analytics server, the cloud analytics server to curry a security policy function based on one or more of the plurality of the policy parameters.

Abstract: A disclosed example apparatus includes memory; and at least one processor to execute first instructions, the first instructions obtained from first encrypted firmware, the at least one processor to: encrypt handoff data with an original equipment manufacturer key to generate encrypted handoff data; decrypt second encrypted firmware based on the original equipment manufacturer key to generate second instructions; and provide access to the encrypted handoff data to the second instructions, the second instructions to perform initialization of a computer based on the handoff data obtained from the encrypted handoff data.

Abstract: Disclosed herein is a charging drone. The charging drone can comprise a flight mechanism, a charging transmitter, a processor, and a memory. The processor can be in electrical communication with the flight mechanism and the charging transmitter. The memory can store instructions that, when executed by the processor, can cause the processor to perform operations. The operations can comprise receiving a charge request signal; transmitting a navigation signal to the flight mechanism; verifying credentials from an in-flight drone; and activing the charging transmitter. The charge request signal can include data associated with the in-flight drone. The navigation signal can include guidance data for guiding the charging drone to the in-flight drone. The credentials can be verified when the charging drone is proximate the in-flight drone. The charging transmitter can be activated upon verification of the credentials.

Abstract: Technologies for privacy-safe security policy evaluation are disclosed herein.

Abstract: A pre-boot initialization technique for a computing system allows for encrypting both a manufacturer and original equipment manufacturer firmware routines, as well as handing off data between the manufacturer and original equipment manufacturer firmware routines encrypted with a key provisioned in field programmable fuses with an original equipment manufacturer key. By encrypting the firmware routines and handoff data, security of the pre-boot initialization process is enhanced. Original equipment manufacturer updatable product data may also be encrypted with the original equipment manufacturer key. Additional security may be provided by using trusted input/output capabilities of a trusted execution environment to display information to and receive information from a user. Furthermore, multiple secure phases of configuration may be achieved using wireless credentials exchange components.

Abstract: Malicious attacks have moved from higher level virus attacks on software and data files operating on a device, to subverting the firmware underlying the device, where the firmware will compromise operation of the device even after attempts to remove the virus, unwanted programs, or other activity due to the subversion. If the firmware is compromised then even a clean reinstall of all software and/or services on the device may only result in a clean device that is then subsequently compromised again. Although device manufacturers may update a firmware to remove the vulnerability, there remains a problem in getting users to actually perform the update. To facilitate device security, a database or databases of firmware may be maintained where their status of vulnerable (bad) or not (good) is maintained and various options are presented for scanning firmware for vulnerabilities, out of band or manually, and pulling/pushing updates as desired to automatically update a device or prompt a user for updating.

Abstract: An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein.

Abstract: Embodiments are directed to securing system management mode (SMM) in a computer system. A CPU is configurable to execute first code in a normal mode, and second code in a SMM. A SMM control engine is operative to transition the CPU from the normal mode to the SMM in response to a SMM transition call, and to control access by the CPU in the SMM to data from an originator of the SMM transition call. The access is controlled based on an authorization state assigned to the SMM transition call. An authorization engine is operative to perform authentication of the originator of the SMM transition call and to assign the authorization state based on an authentication result. The CPU in the SMM is prevented from accessing the data in response to the authentication result being a failure of authentication.