Abstract: Techniques for generating malware signatures based on developer fingerprints in debug information are disclosed. In some embodiments, a system, process, and/or computer program product for generating malware signatures based on developer fingerprints in debug information includes receiving a sample, in which the sample includes a binary executable file; matching one or more paths in content of the binary executable file based on a plurality of patterns; extracting meta information from the one or more matched paths; and automatically generating a signature based on the extracted meta information.

Abstract: A method of fabricating a printed circuit board (PCB) is presented. The PCB includes a glass security layer. The method includes forming the glass security layer upon a PCB wiring layer. The method includes optically attaching an optical electromagnetic radiation (EM) emitter upon the glass security layer. The method includes optically attaching an optical EM receiver upon the glass security layer. The method further includes electrically connecting an optical monitor device to the optical EM receiver.

Abstract: Embodiments of the present invention address delivery of content, including advertising, in an online or networked digital environment. Undesirable content or content that needs to be removed from the digital environment may be eliminated through invocation of a ‘kill switch’ that terminates further delivery of the aforementioned content. The ‘kill switch’ may also eliminate certain instantiations of that content already delivered to end-user client devices. In order to lessen the need for termination of content following delivery to the digital environment, content developers and content providers may view content scheduled for delivery in digital environment ‘mock ups’ prior to actual delivery. Content developers and content providers, too, may control certain attributes related to content scheduled for delivery to further obviate post-delivery termination or modification.

Abstract: A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

Abstract: Apparatus and methods performing secure communications in an energy delivery system. Energy delivery systems may include phasor measurement units (PMU), phasor data concentrators (PDC) along with power generation, transmission and consumption equipment. The PMU and PDC may communicate in a grid network over secured wired or wireless communication protocols. Embodiments may include utilizing spread spectrum communication between PMU devices and PDC devices to sustain energy delivery functionality during a communications attack. Communications security may include a cryptographic key management scheme for secure PMU and PDC communication and identification. Embodiments may include clustering of PMU and PDC data for analysis and real-time presentation to grid operators. Embodiments may include clustering of PMU devices in a hexagonal geometry to provide for frequency reuse among devices with directional antenna.

Abstract: The disclosed computer-implemented method for responding to electronic security incidents may include (i) identifying a plurality of security incidents that each occurred within a computing environment and call for a security response, (ii) establishing relationships among the plurality of security incidents by, for each security incident, (a) calculating a feature vector indicating at least one feature of the security incident, (b) using the feature vector to calculate a degree of similarity between the security incident and an additional security and (c) creating an association between the security incident and the additional security incident that reflects the degree of similarity between the security incident and the additional security incident, and (iii) triggering, based on the relationships among the plurality of security incidents, a security action that responds to at least the security incident and the additional security incident.

Abstract: A method, system, and computer usable program product for verifying and enforcing certificate use are provided in the illustrative embodiments. A certificate is received from a sender. The certificate is validated before communicating a message associated with the certificate to a receiver. If the certificate is invalid, a policy is selected based on a type of invalidity of the certificate. An action is taken to enforce the policy for using the certificate. The certificate may be received from the sender at a proxy. The validating may further include verifying the validity of the certificate using a certificate from a certificate database accessible to the proxy over a network. the proxy may copy a part of the certificate database to a second certificate database local to the proxy. The validating may further include verifying the validity of the certificate using a certificate revocation list accessible to the proxy over a network.

Abstract: In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.

Abstract: A method for performing security functions in a computer system hosting a network-facing server application includes receiving, by a service request processor, a service request to an application adapted to process the service request; responsive to the service request being a first request for the application to communicate over a network, processing the service request with a first process isolated in memory from the application; responsive to the service request being a second request for the application to access a physical storage device, processing the service request with a second process isolated in memory from the application; and responsive to a determination that the processed service request will not adversely affect the application, providing the processed service request to the application.

Abstract: Systems, methods, and software can be used to process certificate validation warnings. In some aspect, a connection to a Virtual Private Network (VPN) server is initiated at an electronic device. The VPN server is associated with a VPN profile. In response to initiating the connection, a certificate associated with the VPN server is received at the electronic device. A validation warning associated with the certificate is received. A fingerprint of the certificate is generated. A validation action is selected based on the validation warning, the fingerprint, and the VPN profile. The selected validation action is executed.

Abstract: Aspects of the subject technology relate to administration of wireless peripheral devices. A computer-implemented method includes connecting to a peripheral device through a first connection, and determining a peripheral identifier corresponding to the peripheral device. The method further includes associating the peripheral identifier with a device identifier corresponding to a user device and sending an updated policy based on the association between the peripheral identifier and the device identifier to the peripheral device through the first connection. The method further includes pairing, through the first connection, the peripheral device and the user device based on the updated policy to establish a second connection between the peripheral device and the user device.

Abstract: A real-time asynchronous event aggregation system, method, and network device are configured to capture real-time asynchronous events, and to pass them as input to one or more aggregation engines to determine a reputation for a target. The aggregation engine(s) may then send out notifications where a reputation category changes for a target, indicating that an action may be taken to inhibit spam messages from the target, highlight a display of content from the target, or the like. As such, the event-driven aggregation engines may be designed to capture real-time asynchronous events, such as reputation reports for a wide variety of activities, including, but not limited to spam and/or not-spam messages, determining a reputation on a posting of comments to a movie, a blog posting, a play list posting, or the like. In one embodiment, a reputation of the sender of the reputation event may also be determined.

Abstract: A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior.

Abstract: An information management apparatus includes a memory and a processor configured to execute a process. The process includes registering schedule information entered by a user, storing the registered schedule information in the memory, obtaining current environmental information from a mobile terminal of the user, and when the registered schedule information is changed, determining whether the user of the mobile terminal is a genuine user based on the current environmental information and past environmental information obtained from past schedule information stored in the memory.

Abstract: One embodiment of the present invention provides a system for delivering a content piece over a network using a set of reconstructable objects. During operation, the system obtains a metadata file that includes a set of rules; generates the set of reconstructable objects for the content piece based on the set of rules included in the metadata file; cryptographically signs the set of reconstructable objects to obtain a set of signed reconstructable objects; and delivers, over the network, the set of signed reconstructable objects along with the metadata file to a recipient, thereby enabling the recipient to extract and store a copy of the content piece and then to reconstruct the set of signed reconstructable objects from the stored copy of the content piece and the metadata file.

Abstract: Sensitive data is sent through insecure network regions across different software defined networks (SDNs) over an encrypted path without requiring encryption applications at the source or destination hosts. One or more special-purpose encryptors are strategically placed within each SDN, which can act as an encryptor or decryptor, of both the data packet content and the header. Using the controller and a special encryption service application, the encrypted IP packets are forwarded from an encryptor, closest to the source, towards a decryptor, closest to the destination, utilizing a tagging method. Each encryptor has a static and globally unique tag. Each controller advertises to other controllers its encryptor information: IP of the encryptor, the IP block of the users the encryptor is responsible for and the unique encryptor tag(s). Each forwarder along the flow path is instructed by its respective controller how to forward packets towards the destination according to the tag.

Abstract: A system provides cloud-based identity and access management. The system receives a request for performing an identity management service, where the request includes a call to an application programming interface (“API”) that identifies the identity management service and a microservice configured to perform the identity management service. The system authenticates the request, accesses the microservice, and performs the identity management service by the microservice.

Abstract: In one embodiment, a computing device determines a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA). The CAPTCHA includes a first static image that has image sections that are arranged in a first order. Each of the image sections corresponds to a unique identifier. The CAPTCHA further includes a second static image that includes each of the image sections of the first static image that are arranged in a second order. The computing device generates web-browser-executable code for converting the second static image to the first static image based on the first static image, the first order, and the unique identifiers. The computing device sends the second static image and the web-browser-executable code to a client device.

Abstract: The device and system for secure network communications disclosed herein can simultaneously operate one or more secure computing components in a single housing and integrating multiple secure networks. The device can operate networking and other software applications. The disclosed device can have physically and electromagnetically separated computing components in separate enclosures within the device, with physical attributes of the device designed to minimize spurious electronic emissions between enclosures. The device can have one or more shielded covers allowing removal and replacement of computing components within each enclosure. The device can allow simultaneous operations of multiple electromagnetically separated enclosures for multiple secure computers in a single space to integrate multiple secure networks.

Abstract: An electronic key system includes an onboard apparatus and a portable apparatus. The electronic key system establishes wireless communication with a secret key common between the onboard apparatus and the portable apparatus, and authenticates the portable apparatus registered as the portable apparatus of an authorized user. The portable apparatus includes a portable apparatus code transmitter that transmits a portable apparatus code. The onboard apparatus includes an onboard code transmitter that transmits an onboard code. The onboard apparatus further includes a portable apparatus code receiver, and an onboard-side key generation portion. The portable apparatus further includes an onboard code receiver, and a portable-apparatus-side key generation portion.