Abstract: A processing unit determines a first mapping relationship and a second mapping relationship, where the first mapping relationship indicates that an access rule of a first physical address is access forbidden, and the second mapping relationship indicates that an access rule of the first physical address is access allowed. The processing unit determines that a target mapping relationship is the first mapping relationship, sends a first access request to a memory control unit. The processing unit receives first exception information sent by the memory control unit, where the first exception information is sent when the memory control unit determines that the access rule of the first physical address in the target mapping relationship is access forbidden. The processing unit monitors a process based on the first exception information, switches the target mapping relationship; and re-sends the first access request to the memory control unit.

Abstract: Secure circuitry detects a latency between when an interrupt occurred and when the interrupt was released in correspondence with handling of the interrupt. The secure circuitry detects an interval between consecutive occurrences of the interrupt. In response to either or both of the latency exceeding a latency limit and the interval exceeding an interval limit, the secure circuitry performs an action.

Abstract: A method, a computer system, and a computer program product for security risk analysis is provided. Embodiments of the present invention may include collecting operational data. Embodiments of the present invention may include building pipelines. Embodiments of the present invention may include localizing security issues using the operational data on an unsupervised model. Embodiments of the present invention may include constructing a semantic graph using shift-left data. Embodiments of the present invention may include constructing a mapping between the operational data and the shift-left data. Embodiments of the present invention may include clustering collected datasets. Embodiments of the present invention may include creating an active learning cycle using ground truth.

Abstract: A method including receiving, at a VPN server from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; utilizing, by the VPN server during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; and transmitting, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.

Abstract: A method, system, and computer program product to provide a synthetic device ID for a device is provided herein. The method includes receiving a request from the device to obtain a service from a vendor, where the device is associated with an internal device ID. The method further includes generating the synthetic device ID for the device and associating the device, the internal device ID, the vendor, and the synthetic device ID. The method also includes transmitting the synthetic device ID to the vendor, and internally tracking the request based on the association.

Abstract: An adaptive deception system is provided for defending a production network against cyber-attacks utilizing deception devices on the production network. The adaptive deception system includes a deception management system. The deception management system includes monitors for making observations regarding the deception devices including observations of an attacker's interaction with the deception device. The adaptive deception system further incudes a control system having sensors that receive the observations of the deception management system. The control system is configured to provide an adaption specification in response to the observations made. Actuators of the control system are activated in order to provide the adaption specification to the deception management system where monitors of the deception management system implement the specified adaption. Implementation of the adaption adapts the properties of the deception devices to interfere with the cyber-attacker.

Abstract: A host device, a storage device, and a method employ a vendor unique command (VUC) authentication system. The storage device includes a memory and a memory controller which includes a VUC authentication module and controls the memory. The VUC authentication module transmits first memory information about the memory to the host device, receives from the host device a one-time password generated by the first memory information, verifies the one-time password, and receives a vendor unique command from the host device when the one-time password is correct.

Abstract: Systems and methods are disclosed for authenticating a chunk of data identified in a query received by a data intake and query system. The data intake and query system receives a query that identifies a set of data and manner for processing the set of data, and identifies a chunk of data that is part of the set of data. The system generates a content identifier, such as a hash, of the chunk of data. The system further authenticates the chunk of data based on the generated content identifier and a content identifier stored by a distributed ledger system.

Abstract: In modern object-oriented programming, programs are written using typed objects like classes and instances that interact with one another via rules of composition, inheritance, encapsulation, message passing, and polymorphism. Some embodiments described herein can include a method for tokenizing such modern objects that maintains their interactive properties on a blockchain. It improves upon, and diverges from, the smart contract model used mainly on account-based blockchains today to create a generally-programmable token system that is native to UTXO-based blockchains, where individually-owned software objects interact with other software objects owned by other individuals. These tokenized objects are called jigs. Jigs, an abstraction like objects, enable applications to build their own digital assets that interact with other jigs from other applications. Jogs enable users to own their data as tokens and use their data independent of any one application's complete control.

Abstract: To facilitate improved email and device security, embodiments of systems and methods include intercepting, by a processor associated with an entity, an internet request, where the internet request is produced by a link received in an email at a first computing device. The processor determines that the link is externally bound relative to an entity network. The processor determines an existence of a sandbox environment instance in a set of existing sandbox environment instances. The processor routes the link through the sandbox environment instance. The processor updates the sandbox log in the database based on the sandbox environment instance and the link. The processor causes to display on a screen of the first computing device a user interface for interacting with the link in the sandbox environment instance, and the processor logs activities associated with interacting with the link in a security log.

Abstract: Methods and systems of segmenting computing devices in a wireless network having an access point broadcasting in a single domain are described. In an exemplary method, a request to join the wireless network is received from a computing device. The request is associated with an identifier. When the identifier is not associated with a virtual network within the wireless network, a virtual network is configured within the wireless network and the identifier is associated thereto and the computing device is assigned thereto. When the identifier is associated with an existing virtual network within the wireless network, the computing device is assigned to the existing virtual network.

Abstract: Two-way secure channels are provided between multiple services across service groups, where the certification is performed by a certificate authority associated with one of the service groups. One method comprises a first service providing a first handshake communication with a first token to a second service, wherein the first service obtains the first token by authenticating with an identity and access management service having a first certificate signed by a certificate authority, wherein the first handshake communication succeeds when the second service has a second certificate signed by the certificate authority, and wherein the second service obtains a second token by authenticating with the identity and access management service. The first service receives a second handshake communication from the second service with the second token.

Abstract: Disclosed are examples for providing functions to receive a media file to be stored in a media repository. In the examples, a location in the media repository may be assigned to the media file. A media file address in a blockchain platform may be assigned to the media file. Metadata including the assigned location in the media repository and the assigned media file address in the blockchain platform may be added to the media file. A media file hash value may be generated by applying a hash function to the media file including the metadata. The media file hash value may be included in a message and uploaded to the assigned media file address in the blockchain platform as a transaction in the blockchain. An indication that the media file is uploaded to the media repository may be delivered to a subscriber device from which the media file was received.

Abstract: A method for assessing a cybersecurity risk of a software object includes generating an abstract syntax tree (AST) for a software object, and determining that the AST is insufficient to identify, to a specified confidence level, a cybersecurity risk of the software object. In response to determining that the AST is insufficient to identify the cybersecurity risk of the software object, a graph convolutional neural network (gCNN) is executed, based on the AST, to produce a set of features for the AST and to produce a probability of maliciousness of the software object based on the set of features. A signal representing an alert is sent, based on the probability of maliciousness, if the probability of maliciousness exceeds a pre-defined threshold.

Abstract: An example operation includes one or more of encrypting, by a transport, received data based on a first biometric associated with an occupant, unencrypting, by the transport, the encrypted data, based on a verification of a second biometric, wherein the second biometric is a continuum of the first biometric, and providing, by the transport, the unencrypted data to the occupant.

Abstract: Preliminary program analysis of an executable may be performed. A security vulnerability level of a portion of the executable may be determined based on the preliminary program analysis. The security vulnerability level of the portion may be compared to a security vulnerability threshold. The precision of runtime monitoring of the portion may be tuned based on the comparison.

Abstract: A computer-implemented method of user authentication is provided. The method comprises combining, by a computer system, a user recurrent neural network with a system recurrent neural network to form a unique combined recurrent neural network. The user recurrent neural network is configured to generate a unique user key, and the system recurrent neural network is configured to generate a system key. The computer system inputs a predetermined input into the combined recurrent neural network, and the combined recurrent neural network generates a unique combined key from the input, wherein the combined key differs from both the user key and system key. The computer system then associates the combined key with a unique access authorization to authenticate a user.

Abstract: The present disclosure provides a data processing method for coping with ransomware, which encrypts data with a malicious intent and blocks an access to the data, to protect the data, and a program for executing the data processing method. In a computer apparatus that loads an application program stored in a memory onto a processor and carries out a predetermined processing according to the application program, on an operating system (OS) kernel which controls an access of the application program to hardware components of the computer apparatus, the processor reads the data stored in the memory, performs the predetermined processing at the request of the application program, determines whether a ransomware attack occurred for the data before storing the processed data back to the memory, and stores the processed data to the memory according to a determination result, thereby preventing the damage caused by the ransomware attack.

Abstract: A gateway device between a first and second communication network outside the gateway device handles communication between a first device in the first network and a second device in the second network. When the gateway receives a communication request from the first device, directed to the second device, for performing a first cryptographic data communication protocol, the gateway determines whether the first cryptographic data communication protocol is registered as unsafe in the gateway device, and/or registered as safe, in particular whether it is safe against key reconstruction by a quantum computer. When the first cryptographic data communication protocol is not registered as unsafe in the gateway device, and/or registered as safe, the gateway device forwards messages exchanged as part of execution of the first cryptographic data communication protocol between the first and second device.

Abstract: According to examples, an apparatus may include a processor may identify features in a plurality of data items, determine similarities and/or patterns in the identified features, and group the plurality of data items into a plurality of clusters of data items based on the determined similarities and/or patterns in the identified features in the plurality of data items. The processor may also evaluate the plurality of clusters to identify a potentially malicious pattern among the data items in the plurality of clusters. In addition, the processor may, based on a potentially malicious pattern being identified in a generated cluster of the generated clusters, execute an action with regard to the data items in the generated cluster.