Abstract: A security threat detection system is used to monitor the physical resource usage of a hosted application in a PaaS service in order to detect anomalous behavior indicative of a security threat. The system analyzes the historical usage of the application's physical resources in order to determine the normal range of consumption of a resource by the application. A security threat alert is then provided when the application's resource consumption exceeds the normal range of consumption.

Abstract: Technologies are provided for clockless physically unclonable functions (PUFs) in reconfigurable devices. Embodiments of the disclosed technologies include processing circuitry configured to perform numerous operations. The operations can include receiving a challenge continuous pulse signal, and generating a response continuous pulse signal by iteratively extending the challenge continuous pulse signal in time-domain. In some configurations, the iteratively extending includes generating a next continuous pulse signal by operating on a prior continuous pulse signal according to a stretching function, and generating a second next continuous pulse width signal by operating on the next continuous pulse signal according to a folding function.

Abstract: Some embodiments provide a method for securing communication of data messages of a particular machine that includes a dynamic first level address. The method identifies a fixed second level address for a particular data. The fixed second level address is associated with an interface of the particular machine. Based on the fixed second level address, the method identifies a set of security policies for securing the communication of the particular data message. The method applies the set of security policies to the particular data message.

Abstract: Methods, apparatus, and processor-readable storage media for connecting configuration services using blockchain technology are provided herein. An example computer-implemented method includes obtaining at least one user request comprising configuration-related data pertaining to at least one item of hardware and at least one user network; encrypting at least a portion of the configuration-related data using one or more cryptographic hash functions; storing copies of the encrypted configuration-related data across multiple nodes within at least one distributed blockchain technology-based cloud storage system; and performing one or more automated actions, in connection with the at least one user request, using at least a portion of the stored data within the at least one distributed blockchain technology-based cloud storage system.

Abstract: Methods, systems and computer readable media for location-based endpoint security are described.

Abstract: A method for executing a cryptographic operation is provided comprising acts comprising: (i) sampling a first polynomial, wherein one or more (e.g., one, some and/or all) coefficients of the first polynomial are determined; (ii) sampling a second polynomial, wherein a selection of k coefficients of the second polynomial is determined; (iii) multiplying the first polynomial with the second polynomial to determine a result; and (iv) using the result of the multiplication in the cryptographic operation. A security device arranged to perform one, some and/or all of the acts is provided.

Abstract: A computing device and method of controlling access to a computing device. An application to be used when the computing device is in a locked state is selected, wherein in the locked state, only use of the selected application is permitted. The computing device enters the locked state. Use of the selected application without unlocking the computing device is allowed.

Abstract: An unauthorized use detection system includes apparatuses and a hash chain that records, for each piece of data, a data structure that includes a hash value of entire data and hash values calculated with respect to a plurality of partial areas obtained from a specific procedure using the hash value of the entire data. One of the apparatuses reads out the data structure associated with the data of one of comparison targets from the hash chain. The apparatus calculates, regarding data of the other one of the comparison targets, hash values of the plurality of partial areas obtained from the specific procedure using the hash value of the entire data included in the read data structure. The apparatus compares the hash values of the plurality of partial areas included in the read data structure with the calculated hash values of the plurality of partial areas related to the other one.

Abstract: A system that uses a computing device to encrypt data by obtaining multiple series of random numbers, and then time-correlating these series to form a series of composite elements. By selecting a section of the series of composite elements, the computing device can obtain a key for encrypting data.

Abstract: Aspects of the disclosure relate to a data integrity system for transmission of data. A computing platform may detect transmission of data to a second enterprise computing device, and may intercept the data content in transmission. Then, the computing platform may convert the data content to an electronic file in a standardized textual format. Then, the computing platform may add an alert message to a message queue indicating that the electronic file is available for processing. Subsequently, the computing platform may cause one or more content processors to process the electronic file to identify a portion of the data content for review prior to transmission, and output a notification message to the message queue providing information related to the identified portion. Then, the computing platform may modify the data content, generate a link to the modified data content, and provide the generated link to the second enterprise computing device.

Abstract: A data processing system has a processor, a system memory, and a hypervisor. The system memory stores program code and data in a plurality of memory pages. The hypervisor controls SLAT (second level address translation) read, write, and execute access rights of the plurality of memory pages. A portion of the plurality of memory pages are classified as being in a secure enclave portion of the system memory and a portion is classified as being in an unsecure memory area. The portion of the memory pages classified in the secure enclave is encrypted and a hash is generated for each of the memory pages. During an access of a memory page, the hypervisor determines if the accessed memory page is in the secure enclave or in the unsecure memory area based on the hash. In another embodiment, a method for accessing a memory page in the secure enclave is provided.

Abstract: The present invention relates to a method and a detection device for detecting a DGA domain generation algorithm in a computer communication network (106) comprising at least one server (104) for resolving DNS requests from at least one client terminal (102). The computer communication network (106) further includes a detection module (108) coupled to the resolution server (104) and configured to analyse DNS queries according to the following steps: for each DNS request, associate the requested domain name and the identity of the requesting client terminal to form a tuple; combine tuples into homogeneous partitions according to the tuple community detection technique; and deduce for each homogeneous partition all the client terminals using a same DGA.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). Embodiments herein provide method and system for end-to-end security over signaling plane in a mission critical data (MCData) communication system. The proposed method includes various ways of securing MCData data payload transmitted over signaling plane using short data service (SDS). The proposed method allows usage of multiple security keys to encrypt the MCData SDS message as per the requirements. Various Keys such as, signaling plane key or media plane key or a dedicated MCData data payload signaling key can be used independently or in a combination thereof to achieve the desired security context. The proposed method allows protection of all the application level components with the signaling plane security context.

Abstract: A system continuously stores metadata results associated with a plurality of ransomware attacks, a plurality of inspection class policy definitions, a plurality of data protection operations, and operational forensics data as machine learning training data, continuously monitors for one of a new security condition and event, detects one of the new security condition and event, determines an appropriate inspection class policy based on the one of the new security condition and event, based on the inspection class policy, determines one to implement of a class of inspection operation, a cyber security analysis, and a data protection operation, and executes one of the class of inspection operation, the cyber security analysis, and the data protection operation based on the machine learning training data.

Abstract: A method for generating a synthetic dataset involves generating discretized synthetic data based on driving a model of a cumulative distribution function (CDF) with random numbers. The CDF is based on a source dataset. The method further includes generating the synthetic dataset from the discretized synthetic data by selecting, for inclusion into the synthetic dataset, values from a multitude of entries of the source dataset, based on the discretized synthetic data, and providing the synthetic dataset to a downstream application that is configured to operate on the source dataset.

Abstract: Disclosed are various examples for web application security through containerization. In one example, a web application is executed within a container application. The container application includes a management software development kit (SDK). A security policy for the web application is retrieved from a management service. The security policy is applied to the web application using the management SDK of the container application.

Abstract: Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.

Abstract: A provisioning client obtains an identifier from a public server and a one-time password from a trusted server. The provisioning client combines the one-time password with the identifier to create an activation code for a client device and presents the activation code to the client device. The activation code enables the client device to download trusted cryptographic information from the trusted server in a communication session that is secured using the one-time password.

Abstract: A conference management system (“system”) facilitates data compliance in recording conversations between users. A host user can send an electronic invitation for a meeting to participants. Upon accessing the invitation, the participants can be presented with two options to join the conference—a first option using which a participant can join the meeting by providing consent to recording the meeting and a second option using which the participant can join the meeting by opting-out of recording of the meeting. When a participant opts-out of the recording of the meeting, the conference management system ensures that the recording is performed in compliance with a data compliance policy applicable to the participant who opted out of recording.

Abstract: A method for phishing detection using uniform resource locators is discussed. The method includes accessing data from one or more of a monitored portion of website data and a monitored portion of emails, the data indicating a suspect Uniform Resource Locator (URL). The method includes assigning a rule score based on partial rule scores of each portion of the suspect URL, the rule score indicating a phishing potential based on URL rules. The method includes determining a uniqueness score of the suspect URL, the uniqueness score indicating a degree of uniqueness of the suspect URL from a plurality of known phishing URLs. The method also includes determining a URL phishing score based, at least in part, on the rules scores and the uniqueness score for the suspect URL.