Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.

Abstract: Systems, methods, and devices are provided for eliminating binary-level exploitable vulnerabilities in computer systems, making the computer systems more secure. Embodiments of the present disclosure can improve security using a computer system that can force user applications to be interpreted high-level language code, permitting the implementation of several well-defined security mechanisms in the computer system.

Abstract: An embodiment of the present invention is directed to quantifying the value of an individual log source sent to the SIEM. Through vendor-agnostic measurement, an algorithmic model utilized by a Log Quality Value (LQV) index enables security engineers and incident response (IR) teams to determine which logs provide the most value for security investigations. An embodiment of the present invention recognizes a positive correlation between the LQV index and critical logs used to investigate the attack. An embodiment of the present invention may be extended to evaluate the LQV algorithms against a more extensive dataset from live production environments and to further measure the tool effectiveness through periodically comparing the LQV index to logs used to detect security incidents.

Abstract: Systems, methods, and related technologies for entity visibility are described. In certain aspects, information associated with a type of entity is accessed and a network is scanned for a plurality of entities. One or more entities are selected from plurality of entities based on the type of entity. Properties associated with the one or more selected entities are accessed. The information associated with the one or more selected entities and the one or more properties associated with the selected one or more entities are stored.

Abstract: A decryption method includes: receiving a homomorphic ciphertext; and obtaining a result value added an error value at a message from the received homomorphic ciphertext. The error is disposed on the least significant bit (LSB) side in the homogeneous ciphertext, and the message is disposed at a position adjacent to the error.

Abstract: An encryption method of a terminal device includes: setting a scaling factor; and reflecting the scaling factor in a message to be encrypted, and performing encryption using a public key to generate a homomorphic ciphertext. The homomorphic encryption is, based on a decryption being performed, in a form that a result value obtained by adding an error value to a value obtained by reflecting the scaling factor in the message is restored.

Abstract: This invention is directed to a secure computation apparatus that protects a security against the malicious behavior while maintaining a processing amount small.

Abstract: A masking system and method for automatically masking sensitive user information on a webpage is provided. The method includes the steps of identifying a location of the first user data of the first type of sensitive user information on the webpage, updating an initial path to the first user data to account for changes to the initial path detected in response to repeated visits to the webpage, wherein the updated initial path to the first user data is stored as a stable path, locating a second user data associated with a second type of sensitive user information on the webpage, by accessing a central database containing path information to a location of the second user data on the webpage, and masking the first user data and the second user data on the webpage, using the stable path and the path information obtained from the central database.

Abstract: The present document relates to transcoding of metadata, and in particular to a method and system for transcoding metadata with reduced computational complexity. A transcoder configured to transcode an inbound bitstream comprising an inbound content frame and an associated inbound metadata frame into an outbound bitstream comprising an outbound content frame and an associated outbound metadata frame is described. The inbound content frame is indicative of a signal encoded according to a first codec system and the outbound content frame is indicative of the signal encoded according to a second codec system. The transcoder is configured to identify an inbound block of metadata from the inbound metadata frame, the inbound block of metadata associated with an inbound descriptor indicative of one or more properties of metadata comprised within the inbound block of metadata, and to generate the outbound metadata frame from the inbound metadata frame based on the inbound descriptor.

Abstract: Disclosed are systems, apparatuses and techniques for replicating data between different cloud computing platforms. Examples include storage replicator components operable in different cloud computing platforms. The first storage replicator component may identify the second cloud computing platform as a location to copy a data file in response to an event related to the data file stored in a first cloud computing platform. The first storage replicator component may request a copy of the data file via an application programming interface of the first cloud computing platform. The attributes of the copy of the data file which involve modification to conform to data management conventions of the second cloud computing platform may be determined and modified to comply with conventions of the second cloud computing platform. The modified copy of the data file may be forwarded to the second cloud computing platform for storage.

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

Abstract: A system is described for controlling an actuating unit that restricts physical access such as a motorized garage door actuator unit. The system comprises a mobile wireless communication device, an electro-mechanical access control security device, and a receiving unit controlling the electro-mechanical access control security device, the receiving unit paired with the mobile wireless communication device for receiving user input for activating the electro-mechanical access control security device via a peer-to-peer communication directly with the mobile wireless communication device, and a pre-authorization of communication of the receiving unit with the mobile wireless communication device, the mobile wireless communication device receiving the pre-authorization from a central security server.

Abstract: A server in a captive portal accepts a connection from a user device to the IP address of the server and receives a HTTP or HTTPS request over the connection. The connection may be a result of the user device being previously determined to be not logged in, and consequently provided the IP address of the server as a DNS resolved IP address, the user device thereafter caching the IP address of the server. The server responds with requested content if the target host of the request is a local host. If the target host is a remote destination, the server queries a login database to determine whether the user device is logged in. The server acts as a transparent proxy between the user device and the remote destination if the user device is logged in, else the server sends alternate content to the user device over the connection.

Abstract: Malicious activity data is obtained, that is indicative of attempted attacks on a computing system. Clusters of targets are identified and it is determined whether the malicious activity preferentially targets one cluster of targets over other. Also, low prevalence attacks are identified and it is determined whether a low prevalence attack has a high concentration in one or more of the target clusters. If the malicious activity either preferentially targets a cluster, or a low prevalence attack has a high concentration in a cluster, then the attack is identified as a targeted attack, so that remediation steps can be taken.

Abstract: Disclosed is a physical unclonable function generator circuit and method.

Abstract: A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data from these scans. The security management system may also receive data from other sources, and, as a result, the system may handle data having many different formats and attributes. When the security management system tries to associate data to assets, there may not be a globally unique identifier that is applicable for all received data. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly correlate data with assets based on attribute information.

Abstract: The described technology provides a capability to perform in-session updates to entitlements associated with a user's access to content served by a web application. The content may be from one or more external servers. The technology provides for automatically detecting changes to entitlements, and without requiring a user of an active session to initiate a new session, updating entitlement data in a memory such that subsequent requests for data made by the client in the same active session are serviced using the updated entitlements.

Abstract: Techniques manage an encryption key in a storage system. The techniques involve: transmitting an encryption key request from a storage management component to a key management service component; obtaining, via the key management service component, an encryption key encrypted by the key management service component based on the encryption key request; providing the obtained encrypted encryption key to the storage management component; maintaining, in the storage management component, correspondence between the encrypted encryption key and a storage device; and registering, according to the correspondence, the encrypted encryption key corresponding to the storage device to an encryption hardware unit, such that the encryption hardware unit can decrypt the encrypted encryption key to obtain the encryption key corresponding to the storage device. Effective management of the encryption key is thus realized.

Abstract: According to one embodiment, an information management device includes a Bloom filter generator configured to generate a Bloom filter based on information on a revoked certificate; a data distributor configured to send the Bloom filter to an authentication device, the authentication device authenticates a device with a certificate provided by the device; and an examiner configured to determine, when an examination request is received from the authentication device, whether an certificate designated by the examination request has been revoked based on revocation management information that contains information on the revoked certificate, and to send an examination result indicating whether the designated certificate has been revoked to the authentication device.

Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.