Environment type validation can provide a tamper-resistant validation of the computing environment within which the environment type validation is being performed. Such information can then be utilized to perform policy management, which can include omitting verifications in order to facilitate the sharing of policy, such as application licenses, from a host computing environment into a container virtual computing environment. The environment type validation can perform multiple checks, including verification of the encryption infrastructure of the computing environment, verification of code integrity mechanisms of that computing environment, checks for the presence of functionality evidencing a hypervisor, checks for the presence or absence of predetermined system drivers, or other like operating system components or functionality, checks for the activation or deactivation of resource management stacks, and checks for the presence or absence of predetermined values in firmware.

Methods, media, and systems for secure provisioning of servers within a cloud computing environment are provided for herein. In some embodiments, a management service can delegate provisioning of a server of the cloud computing environment to an imaging service. In response, the imaging service can generate an operating system image for the server and can utilize disk encryption to protect to operating system image. In embodiments, a volume encryption key of the disk encryption can be encrypted utilizing a public key of a trusted platform manager of the server, to produce an encrypted volume encryption key that is protected by the trusted platform module of the server. The encrypted operating system image and the encrypted volume encryption key can then be transmitted to the server to cause the server to be provisioned with the operating system image. Other embodiments may be described and/or claimed herein.

Disclosed embodiments include securely transferring secrets to network resources. Aspects involve receiving, in a protected environment, a secret credential associated with an identity; storing, in the protected environment, the secret credential in an association with the identity and the network resource; receiving a request for authentication of the identity to the network resource; accessing, in response to the request and on behalf of the identity, the secret credential from storage in the protected environment; and signing an outgoing communication sent from the identity and addressed to the network resource. The network resource may be configured to validate the signed outgoing communication. The outgoing communication may be signed without storing the secret credential in the local exposed memory of the computing device.

A virtual secure mode is enabled for a virtual machine operating in a computing environment that is associated with a plurality of different trust levels. First, a virtual secure mode image is loaded into one or more memory pages of a virtual memory space of the virtual machine. Then, the one or more memory pages of the virtual memory space are made inaccessible to one or more trust levels having a relatively lower trust level than a launching trust level that is used by a virtual secure mode loader to load the virtual secure mode image. A target virtual trust level is also enabled on a launching virtual processor for the virtual machine that is higher than the launching trust level.

A method for registering and provisioning an electronic device is provided. The method includes a step of inserting a first keypair into a secure element of the electronic device. The first keypair includes a public key and a private key. The method further includes a step of requesting, from a server configured to register and provision connected devices, a provisioning of credentials of the electronic device. The method further includes a step of verifying, by the server, the electronic device credentials. The method further includes a step of registering, by the server, the electronic device. The method further includes a step of transmitting, from the server to the electronic device, a device certificate. The method further includes steps of installing the transmitted device certificate within the secure element of the electronic device, and provisioning the electronic device according to the installed device certificate.

Systems, apparatuses, and methods for implementing trusted cluster attestation techniques are disclosed. A cluster includes multiple computing devices connected together and at least one cluster security module. The cluster security module collects measurement logs and attestations from N computing devices, with N being a positive integer greater than one. The cluster security module also maintains a log and calculates an attestation for its own hardware and/or software. The cluster security module combines the logs from the N computing device and the log of the cluster security module into an aggregate log, with N+1 logs combined into the aggregate log. Then, the cluster security module generates a single attestation for the cluster to represent the cluster as a whole. The cluster security module is configured to provide the single attestation and aggregate log to an external device responsive to receiving a challenge request from the external device.

A system which provides remote attestation of a cloud infrastructure comprises a plurality of attestation servers, a virtual machine (VM), and a VM scheduler arranged to register the VM for attestation and deploy the VM to a VM host within the cloud. More than one of the plurality of attestation servers are selected and mapped to the deployed VM, and each of the more than one mapped attestation servers is arranged to collect perform remote attestations of the deployed VM and its VM host. Performing remote attestations comprises transmitting a request for trust evidence to the VM and VM host, receiving, storing trust evidence transmitted by the VM and VM host and transmitting VM and VM host trust evidence to a cloud user.

Techniques are described herein that are capable of provisioning a trusted execution environment (TEE) based on (e.g., based at least in part on) a chain of trust that includes a platform on which the TEE executes. Any suitable number of TEEs may be provisioned. For instance, a chain of trust may be established from each TEE to the platform on which an operating system that launched the TEE runs. Any two or more TEEs may be launched by operating system(s) running on the same platform or by different operating systems running on respective platforms. Once the chain of trust is established for a TEE, the TEE can be provisioned with information, including but not limited to policies, secret keys, secret data, and/or secret code. Accordingly, the TEE can be customized with the information without other parties, such as a cloud provider, being able to know or manipulate the information.

Approaches, techniques, and mechanisms are disclosed for provisioning programmable devices in a secure manner. The secure programming system can individually encrypt a target payload of data and code and then program the information into each individual one of the programmable devices targeted for a specific job. The secure programming system can create a customized payload package that can only be decrypted by a particular system or device having the correct security keys.

The disclosed technology is generally directed to cryptographic functions for smart contracts. In one example of the technology, a request for cryptographic resources is received. The request for cryptographic resources includes a binding identity (ID). Cryptographic resources are fetched from at least one cryptographic resource pool of a plurality of cryptographic resource pools responsive to the request for cryptographic resources. Separate cryptographic resource pools of the plurality of cryptographic resource pools are pools of separate types of cryptographic resources. Which type of proof delegate code is suitable for each fetched cryptographic resource is determined. For each fetched cryptographic resource, the determined type of proof delegate code is injected into the fetched cryptographic resource.