Abstract: A processor for mitigating side channel attacks includes units that perform fetch, decode, and execution of instructions and pipeline control logic. The processor performs speculative and out-of-order execution of the instructions. The units detect and notify the control unit of events that cause a change from a first translation context (TC) to a second TC. In response, the pipeline control logic prevents speculative execution of instructions that are dependent in their execution on the change to the second TC until all instructions that are dependent on the first TC have completed execution, which may involve stalling their dispatch until all first-TC-dependent instructions have at least completed execution, or by tagging them and dispatching them to execution schedulers but preventing them from starting execution until all first-TC-dependent instructions have at least completed execution.

Abstract: A processor is disclosed that mitigates side channel attacks that exploit speculative store-to-load forwarding. The processor includes logic that conditions store-to-load forwarding of uncommitted store data in the store queue from an uncommitted store instruction to the load instruction upon circumstances associated with a translation context (TC) change or update. The TC comprises an address space identifier (ASID), a virtual machine identifier (VMID), a privilege mode (PM) or a combination of two or more of the ASID, VMID and PM or a derivative thereof. The logic is embedded or associated with any of several structures, such as a store queue (SQ), a memory dependence predictor (MDP), or a reorder buffer (ROB).

Abstract: Secure memory sharing between enclaves (virtual machines) and virtual input/output adapters includes, in response to a request for an enclave to create a virtual input/output adapter, creating a virtual input/output adapter associated with the enclave, creating a non-sharable micro-enclave, to contain only data, nested within the enclave to use with the virtual input/output adapter, generating a key by a memory encryption engine of an ultravisor for the virtual input/output adapter for use by only the virtual input/output adapter, in response to a request to obtain data from the enclave by the virtual input/output adapter, exchanging the key with the non-sharable micro-enclave, in response to receiving the key, decrypting memory of only the non-sharable micro-enclave associated with the virtual input/output adapter to obtain the data, and sending the data from the non-sharable micro-enclave nested within the enclave to the virtual input/output adapter.

Abstract: A gateway device for implementing data security is described herein. The gateway device is coupled between a client device and a server device, and generates a mapping between portions of data received from a client device and interface fields or data elements of the client device. Upon receiving subsequent data from the client device, the gateway device can access the generated mapping to identify portions of the subsequent data corresponding to particular interface fields or data elements of the client device using the mapping, and can encode the identified portions of the subsequent data, for instance based on data protection techniques defined by a security policy. The encoded data can then be outputted by the gateway device to the server device.

Abstract: Systems and methods for identifying and remedying password insecurities are disclosed. The systems and methods include crawling websites to identify popular cultural terms and saving the cultural terms in a backend system. The cultural terms can include names of celebrities, politicians, movies, and the like. An identification system receives a password and compares the received password to the cultural terms using a similarity score. If the number of similarities is above a predetermined threshold, or if the number of differences is below a predetermined threshold, the identification system denies the password. A recommendation system can generate a suggested password, which can also be compared to the cultural terms. The systems and methods also provide the ability to calculate a similarity score if the cultural terms or passwords are saved in an encrypted or hashed format.

Abstract: The present disclosure is directed to methods that provide a secure communication protocol by utilizing one step process of authenticating and encrypting data without having to exchange symmetric keys or needing to renew or re-issue digital identities fundamental to asymmetric encryption methodology.

Abstract: A method and system for securing an operating domain that spans one or more distributed information technology networks is disclosed. In the present invention, a state machine reference monitor, comprising a monitor port operatively connected to one or more network traffic capture devices positioned across a distributed network of an operating domain, with each traffic capture interception network device in communication with a central server. Each interception network device along with the central server having a processor and a memory comprising instructions, which when executed by each device processor perform the method of extracting logic state data and deducting ancillary logic state data across the distributed operating domain.

Abstract: In one aspect, an embedded controller (EC) in a device may receive a firmware update for another component in the device and determine whether the firmware update has been previously applied at the component. If the firmware update has not been previously applied, the EC may assign an identifier to the firmware update and digitally sign the identifier. The EC may then provide the firmware update and the digitally-signed identifier to the component so that the component may apply the firmware update.

Abstract: Intrusion detection systems and methods monitor legal control messages in an operational control system to detect subtly malicious sequences of control messages with undesirable emergent effects on devices in the operational control system. A message provenance component may investigate system-level correlations between messages rather than detecting if individual messages are anomalous. A semantic fuzzing component may search, based on the operational effect of candidate message sequences, the space of legal messages for sequences that cause actual harm. Behavior oracles may be used to test message sequences to identify sequences that induce drift towards a failure state. The intrusion detection system is able to prevent harm and disruption arising from control messages that individually appear legitimate and benign but that, in combination with other messages, can cause undesirable outcomes.

Abstract: The concepts and technologies disclosed herein are directed to quantum key distribution (“QKD”) networking as a service. According to one aspect disclosed herein, a microservices controller can establish a plurality of quantum connections with a plurality of virtual quantum connection managers (“vQCMs”) deployed in association with a set of quantum user nodes (“QUNs”) in a QKD network. The microservices controller can receive a request to initialize the QKD network. The microservices controller can coordinate with the plurality of vQCMs to handle initialization of the QKD network. The microservices controller can receive a QKD service request from a QKD network operator. The microservices controller can invoke a plurality of microservices to handle the QKD service request.

Abstract: Embodiments are disclosed for a method for private transfer learning. The method includes generating a machine learning model comprising a training application programming interface (API) and an inferencing API. The method further includes encrypting the machine learning model using a predetermined encryption mechanism. The method additionally includes copying the encrypted machine learning model to a trusted execution environment. The method also includes executing the machine learning model in the trusted execution environment using the inferencing API.

Abstract: An example operation may include one or more of identifying blockchain transactions for a particular blockchain, identifying blockchain transaction metrics from the blockchain transactions, determining whether the blockchain transaction metrics require a change to current blockchain operating rules, and when the blockchain transaction metrics require the change to the current blockchain operating rules, modifying the current blockchain operating rules.

Abstract: The technology disclosed herein provides network bound encryption that enables a node management device to orchestrate workloads with encrypted data without sharing the decryption key. An example method may include: obtaining an asymmetric key pair comprising a public asymmetric key and a private asymmetric key; establishing a symmetric key using a key establishment service, wherein the symmetric key is established in view of the private asymmetric key of a first computing device and a public asymmetric key of the key establishment service; transmitting sensitive data encrypted using the symmetric key to a persistent storage device accessible to a second computing device; initiating a creation of an execution environment on the second computing device; and providing, by the first computing device, the public asymmetric key and the location data to the second computing device, wherein the location data corresponds to the key establishment service.

Abstract: A method for mitigating network abuse includes obtaining a first set of network traffic messages of network traffic currently received by a network service and determining, via a first model, whether network abuse is occurring based on the first set of network traffic messages. When the network abuse is occurring, the method includes obtaining a second set of current network traffic messages. The method also includes, for each network traffic message in the second set of network traffic messages, labeling, via a second model, the network traffic message as an abusing network traffic message or a non-abusing network traffic message. The method also includes generating, via a third model, at least one network traffic rule. Each network traffic rule, when implemented, reduces an effect of the abusing network traffic messages.

Abstract: One or more computing devices, systems, and/or methods are provided. Event information associated with a plurality of events may be identified. The plurality of events may be associated with first entities corresponding to a first entity type and second entities associated with a second entity type. A first network profile associated with the first entities and the second entities may be generated based upon the event information. An arrangement of particles corresponding to the first entities and the second entities may be generated. Charges associated with the particles may be determined based upon the first network profile. The particles may be rearranged to a second arrangement of particles based upon the charges. One or more clusters of particles in the second arrangement of particles may be identified. One or more coalition networks associated with fraudulent activity may be identified based upon the one or more clusters of particles.

Abstract: A method for hyper security encoding includes receiving data to be encrypted, and padding the data to be encrypted with padding data to avoid un-obfuscated bits after encryption. The method also includes encrypting, with a Mojette Transform, the data to be encrypted after the data to be encrypted is padded with the padding data, and outputting a result of the encryption as encrypted data.

Abstract: Systems and methods are described that enable trusted communications between two entities. In one implementation, a controller of a vehicle may include one or more processors configured to receive data and a controller signature from a second controller of the vehicle. The controller signature may be generated based on at least a first portion of the data. The one or more processors may be further configured to transmit the data and the controller signature to a gateway of the vehicle and receive a gateway signature from the gateway. The gateway signature may be generated based on at least a second portion of the data and transmitted to the controller after the gateway verified the controller signature. In addition, the one or more processors may be configured to verify the gateway signature and process the data.

Abstract: A method for providing access to media content from a media content provider is performed at an electronic device. The method includes receiving, from a client device, a request for access to a media item. The request for access includes a self-describing user-identifier. The method includes, in response to the request for access to the media item, initiating an analysis to determine whether the client device is authorized to access the media item, the analysis including an examination of a media consumption log associated with the client device. The media consumption log stores data representing self-describing user-identifiers. The analysis includes, based on the examination of the media consumption log, detecting multiple requests from different self-describing user identifiers corresponding to the client device to determine whether the client device has reached an access limit and, when the client device has reached the access limit, terminating access to the media item.

Abstract: Methods and systems are provided for identifying suspect Internet Protocol (IP) addresses, in accordance with embodiments described herein. In particular, embodiments described herein include obtaining a set of login pairs comprising login identifiers (e.g., user identifiers) and IP addresses used in attempts to login to a source. A set of IP clusters is generated using the set of login pairs. Each IP cluster can include one or more IP addresses identified as related based on a login identifier being used to attempt to login to the source via multiple IP addresses or an IP address being used to attempt to login to the source via multiple login identifiers. Thereafter, it is determined that a particular IP cluster exceeds a threshold amount of IP addresses. Each of the IP addresses within the particular IP cluster is designated as a suspect IP address.

Abstract: In one example, a non-transitory computer readable medium for component verification and revocation includes instructions for a processor to verify that a component in a device is valid using a verification service and consequently enable a premium service. The processor may later use information from the verification service that the component is no longer valid and consequently alter the premium service.