Typical operating systems (OS) may have a large attack surface, and have used various processor capabilities to harden the existing attack surface (for example, using ASLR, XD, SMEP and SMAP). Certain current operating systems attempt to reduce the attack surface by minimizing code operating at the highest privilege level, and reducing the reachability of unwanted code, using platform integrity monitors/virtual machine monitors (VMMs) that have a relatively small attack surface and use processor virtualization. These security-focused VMMs may partition OS software operating at the highest guest software privilege level of the processor (e.g., ring-0) with minimal latency/overheads.
Current processors may provide support for a trusted execution environment such as a secure enclave. Secure enclaves include segments of memory (including code and/or data) protected by the processor from unauthorized access including unauthorized reads and writes. In particular, certain processors may include Intel® Software Guard Extensions (SGX) to provide secure enclave support. SGX provides confidentiality, integrity, and replay-protection to the secure enclave data while the data is resident in the platform memory and thus provides protection against both software and hardware attacks. The on-chip boundary forms a natural security boundary, where data and code may be stored in plaintext and assumed to be secure. SGX operates in ring-3 (a lower privilege mode of the processor). Thus, SGX may allow untrusted OS/VMMs to host trusted execution environments without the risk of loss of confidentiality from attacks in the OS/VMM.
Facial recognition is a common biometric authentication factor. For example, a Biometric Context Agent (BCA) service may use biometric factors such as facial recognition, along with a device identifier, to allow a user to log into a device. Other biometric factors such as fingerprint and iris recognition may have better false acceptance rates (FAR) and false rejection rates (FRR) than facial recognition. Fingerprint recognition may require about 20 points for recognition; iris recognition may be even better and have more than 240 points for recognition.