Abstract: An example method can include choosing a pattern or patterns of network traffic. This pattern can be representative of a certain type of traffic such as an attack. The pattern can be associated with various components of a network and can describe expected behavior of these various components. A system performing this method can then choose a nodes or nodes to generate traffic according to the pattern and send an instruction accordingly. After this synthetic traffic is generated, the system can compare the behavior of the components with the expected behavior. An alert can then be created to notify an administrator or otherwise remedy any problems.

Abstract: System and methods are described for authenticating users across multiple environments within a cloud-computing environment. A system may receive an indication that a user authenticated within a first environment has performed an action specific to a second environment. The system determines whether a previous action was performed by the user specific to the second environment. In response to determining that no previous action was performed, the system retrieves a first token from an authentication database, wherein the first token is associated with authentication of the user within the first environment. The system then validates the first token, and then generates a second token associated with authentication of the user within the second environment.

Abstract: A foldable device includes: a display; a touch panel configured to detect a touch input; a sensing interface configured to detect an angle of the foldable device; and a controller configured to activate the display unit when the angle detected by the sensing unit as the foldable device is unfolded is equal to or greater than a first angle, and activate the touch panel when the angle detected by the sensing unit is equal to or greater than a second angle.

Abstract: A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The device is preferably a computer system that includes a dongle, or a separate unit that is connected or connectable to the computer. A security program decrypts a first key with a second key stored on the dongle. When a new application is installed the first time on the computer, the security program uses a decrypted first key to encrypt whatever is installed such that the encrypted application program is the only installed version of the application program on any non-transitory computer readable memory accessible by the computer. When a command is given to startup the application program, whatever code is needed for startup is first decrypted using the decrypted first key.

Abstract: A cloud network may include a distributed security switch (DSS). The DSS may be to receive configuration information from the hypervisor. The configuration information may include a set of access mode attributes and a security policy. The DSS may be to determine that a packet is to be directed from a source virtual machine to a target virtual machine. The DSS may be to identify an egress interface of the source virtual machine and an ingress interface of the target virtual machine. The egress interface may be associated with a first access mode attribute and the ingress interface being associated with a second access mode attribute. The DSS may be to selectively route the packet, using the shared memory, based on the first access mode attribute, the second access mode attribute, and the security policy.

Abstract: An information handling system operating a local inter-process communication securing system may comprise a memory and a processor executing machine readable code instructions of the local inter-process communication securing system performing a verification process of a candidate client application to instruct the candidate client application and a server application for which the local inter-process communication securing system acts as an API to establish a first named pipe having an endpoint address randomly generated by the local inter-process communication securing system, to receive a candidate client identification and a randomly generated string of alpha-numeric characters from the server application, and to instruct the server application to establish a first communication session, via the first named pipe, with the candidate client application upon determining the candidate client identification matches an authenticated client identification and that the randomly generated string of alpha-numeric c

Abstract: A security network system is disclosed. The security network system includes a processor selectively operable in either a normal world or a secure world, wherein the processor receives, from an external network, a packet by using a network driver module of the secure world, extracts data of the packet by using a TCP/IP module of the secure world if the packet received from the external network is used in the secure world, uses the data of the packet in the secure world, and extracts the data of the packet by using the TCP/IP module of the secure world so as to transmit the data of the packet to the normal world if the packet is not used in the secure world.

Abstract: The application is directed to a computer-implemented method and apparatus for provisioning an Internet of Things (IoT) device on an IoT network. The application is also directed to a method for managing access to functionality of an IoT device in a networked group.

Abstract: Methods and systems for securing memory within a computing fabric are disclosed. One method includes allocating memory of one or more host computing systems in the computing fabric to a partition, the partition included among a plurality of partitions, the computing fabric including a hypervisor installed on the one or more host computing platforms and managing interactions among the plurality of partitions. The method includes defining an address range associated with the memory allocated to the partition, receiving a memory operation including an address within the address range, and, based on the memory operation including an address within the address range, issuing, by the hypervisor, an indication that the memory operation is occurring at an encrypted memory location. The method also includes performing the memory operation, and performing an encryption operation on data associated with the memory operation.

Abstract: A method and device for detecting botnets in a cloud-computing infrastructure are provided. The method includes gathering data feeds over a predefined detection time window to produce a detection dataset, wherein the detection dataset includes at least security events and a first set of bot-labels related to the activity of each of at least one virtual machine in the cloud-computing infrastructure during the detection time window; generating, using the detection dataset, a features vector for each of a plurality of virtual machines in the cloud-computing infrastructure, wherein the features vector is based on idiosyncratic (iSync) scores related to botnet activity; transmitting each generated features vector to a supervised machine learning decision model to generate a label indicating if each of the plurality of virtual machines is a bot based on the respective features vector; and determining each virtual machine labeled as a bot as being part of a botnet.

Abstract: Method for enabling zero sign-on (ZSO) through a standard web browser. The device running the browser is first enrolled with a web service using an installed enrollment agent on the device which authenticates a user of the device. After authentication, the enrollment agent stores a device profile that includes a user certificate for the user and an authority certificate issued by said web service. The device profile is stored at a device location accessible by each of the web browsers used by said device. The enrollment agent configures each of the web browsers on the device to respond correctly to ZSO certificate challenges from the web service. Once enrolled, the device's web browsers can respond correctly to a ZSO Uniform Resource Locator (URL) certificate challenge received from the web service. After a successful response to the challenge, the browser is granted a secure socket layer (SSL) connection.

Abstract: Methods and apparatuses are disclosed herein for unified tracking data management. An example method is performed at a device with a display and one or more input devices, the method including: displaying a user interface with two or more sets of tracking-data configuration options associated with a plurality of websites, the sets including: a first tracking-data configuration option that, when selected, causes the device to block all of the plurality of websites from storing tracking data; and a second tracking-data configuration option that, when selected, causes the computing device to limit receipt by all of the plurality of websites of information associated with device. While displaying the user interface, the method includes: receiving a selection of the first tracking-data configuration option; and, in response, causing the computing device to block all of the plurality of websites from storing tracking data of at least the first type on the computing device.

Abstract: An information processing device includes: a first reception unit that receives first information indicating a storage location of a document to be printed; a first transmission unit that uses the first information to generate an authorization request, generates corresponding second information, and transmits the authorization request and the second information to a terminal used by a sender of the first information; a second reception unit that receives a corresponding authorization code; a controller that uses the authorization code to acquire an access token, and controls storage of the access token, the second information, and the first information in association with each other; and a second transmission unit that, if the second information is received from an image processing device, uses the corresponding access token and information indicating a storage location to acquire a document in the storage location, and transmits the document to the image processing device.

Abstract: An anonymized biometric representation of a target individual is used in a computer based security system. A detailed input biometric signal associated with a target individual is obtained. A weakened biometric representation of the detailed biometric signal is constructed such that the weakened biometric representation is designed to identify a plurality of individuals including the target individual. The target individual is enrolled in a data store associated with the computer based security system wherein the weakened biometric representation is included in a record for the target individual. In another aspect of the invention, a detailed input biometric signal from a screening candidate individual is obtained. The detailed biometric signal of the screening candidate is matched against the weakened biometric representation included in the record for the target individual.

Abstract: Techniques for network security are disclosed. In some implementations, an evaluation module determines whether a network communication from a source computing system to a destination computing system is allowable. The allowability of the communication is determined based properties of the network communication, such as a source or destination address, a port number, a time of day, a geographic location, and the like. If the communication is disallowed, the evaluation module or a related component redirects the communication to an alternative computing system that masquerades as the destination communication system.

Abstract: Described technologies automatically detect computing system security attacks. Departure of occurrence distributions, which are based on leading digit(s) of digital item occurrence data, from model distributions that correspond to particular data sources, indicates a presence likelihood for particular attack types. Some model distributions exhibit Benford's Phenomenon. Described mechanisms detect security attack types such as ransomware, bitcoin mining, and others, using particular corresponding data sources such as file extensions, processor statistics, etc. Mechanisms detect security attacks without a captured baseline of healthy normal behavior, and without relying on malware code signatures. When an item occurrence distribution departs from a model distribution by at least a predefined degree, the technology electronically raises a security attack alert. Then countermeasures may be asserted for a possible type X security attack on the computing system.

Abstract: Controlling access to sensitive data can be difficult during an application development effort. A developer may not be authorized to see the data that is to be used by the application. Credentials used in a development environment to access development data can require modification when the application is migrated to a deployed environment. Changing the code in the deployed environment increases risks of change induced incidents. The technology disclosed allows for the creation of a named credential object, where the credentials for different environments are stored, and where the named credential object is called by metadata. This allows the promotion of code from a development environment to a deployed environment without changes to code, and without giving access to sensitive data to the developer.

Abstract: A graphical user interface provides network security administrators a tool to quickly and easily create one or more courses of action for automatic response to a network threat. The courses of action are hardware and system agnostic, which allows a common response task to be implemented by an underlying response engine for any or multiple similar-function devices regardless of brand or version. The course of action builder allows the administrator to use a simple, graphic-based, business modeling concept to craft and design security response processes rather than having to hard code response routines specific to each piece of hardware on the network. The graphic interface model allows the user of the threat response software incorporating the course of action builder to easily understand the overall flow and paths the response may take, as well as understand the data requirements and dependencies that will be evaluated.

Abstract: In accordance with embodiments of the present disclosure, a management controller configured to provide management-domain management of an information handling system may include a processor and a key management utility embodied in non-transitory computer-readable media. The key management utility may be configured to issue one or more commands to a cryptoprocessor for storing and sealing a key encryption key on the cryptoprocessor, wherein the key encryption key is for decrypting a media encryption key for encrypting and decrypting data stored to a storage resource of a host domain of the information handling system. The key management utility may also be configured to issue one or more commands to the cryptoprocessor for unsealing and retrieving the key encryption key from the cryptoprocessor.

Abstract: According to one embodiment, in response to receiving a plurality of uniform resource locator (URL) links for malicious determination, any known URL links are removed from the URL links based on a list of known link signatures. For each of remaining URL links that are unknown, a link analysis is performed on the URL link based on link heuristics to determine whether the URL link is suspicious. For each of the suspicious URL links, a dynamic analysis is performed on a resource of the suspicious URL link. It is classified whether the suspicious URL link is a malicious link based on a behavior of the resource during the dynamic analysis.