Abstract: Disclosed herein are systems and methods for providing a security policy for an electronic control unit (ECU) implementing an Autosar Adaptive Platform (AAP) standard. In one aspect, an exemplary method comprises maintaining a list of allowed interactions, the allowed interactions being between control applications and a basic component, the basic component including at least a program element defined by the AAP standard. In one aspect, when a request for a verdict as to whether or not access for an interaction of a first control application with the basic component is received from an operating system (OS) kernel, the method comprises performing a search in the list of allowed interactions, and when the interaction for which the request is received is found in the list, the method comprises providing a verdict to the OS kernel allowing the interaction.

Abstract: Systems, methods, and media for authentication are provided. In accordance with some implementations, the system comprises: a hardware processor that is programmed to: receive, from a device, a message relating to an authentication status of a user account associated with the device; transmit an authentication request to the device that is transmitted to an authentication server; receive, from the device, a response to the authentication request that includes authentication data relating to a session corresponding to the user account on the authentication server; cause an interface to be presented that requests authorization to authenticate the device with the authentication server using the user account; and transmit the authentication data to the device that causes the device to retrieve a corresponding authentication token from the authentication server, wherein the corresponding authentication token authenticates the user account on the device.

Abstract: In some embodiments, a request to filter information associated with activities within a network environment is received in response to a user interaction with a graph that comprises a plurality of nodes. At least one node included in the graph is associated with an activity within a network environment. As one example, the request to filter is triggered by a user interaction with a visual representation of at least a portion of the graph. As another example, the request to filter is triggered by a user interaction with a query field. In response to receiving the filter request, a query is generated based on a join using a query service.

Abstract: An indexable authentication system is provided for authenticating users and/or groups across multiple sessions. The indexable authentication system may include an authentication server, security component, communication component, credential database, authentication credential, credential index medium, origin terminal, access provisioning component, content filtering component, payment processing component, and provider aspects. Authorized sessions may be stored on a user device for future authentication actions. A method for authenticating users across multiple sessions using the indexable authentication system is also provided.

Abstract: A system that enables hanging lawful interception (LI) resources to be cleaned up includes a triggering function set comprising a plurality of triggering functions. The system also includes a data store comprising a plurality of auditing records corresponding to the plurality of triggering functions in the triggering function set. Each auditing record comprises a claimant attribute. Each triggering function sends an update request to the data store in response to being notified about a failed triggering function within the triggering function set. Each update request comprises a request to change ownership of the auditing record corresponding to the failed triggering function. A triggering function is selected as a new owner of the auditing record corresponding to the failed triggering function based at least in part on a match between the claimant attribute in the auditing record and a claimant field in the update request sent by the triggering function.

Abstract: Provided is a method and a computer device for performing the method for defending a perimeter against a small unmanned aerial system (sUAS). The method includes detecting a presence of a wireless access point (WAP) associated with a sUAS; analyzing data packets intercepted from the WAP; determining the type of sUAS based on the data packets that were intercepted using a machine learning classifier; determining one or more exploits from a library of exploits to initiate against the sUAS based on the type of sUAS determined by the machine learning classifier; and transmitting the one or more exploits to the sUAS.

Abstract: Generally discussed herein are devices, systems, and methods for improving phishing webpage content detection. A method can include identifying first webpage content comprises phishing content, determining, using a reinforcement learning (RL) agent, at least one action, generating, based on the determined at least one action and the identified first webpage content, altered first webpage content, identifying that the altered first webpage content is benign, generating, based on the determined at least one action and second webpage content, altered second webpage content, and training, based on the altered second webpage content and a corresponding label of phishing, a phishing detector.

Abstract: A customer of a policy management service may use an interface with a configuration and management service to interact with policies that may be applicable to the customer's one or more resources. The customer may create and/or modify the policies and the configuration and management service may notify one or more other entities of the created and/or modified policies. The one or more other entities may be operated by user authorized to approve the created and/or modified policies. Interactions with the configuration and management service may be the same as the interactions with the policy management service.

Abstract: A data loss prevention device that includes a data loss prevention engine implemented by a processor. The data loss prevention engine is configured to receive data in transit to a target network device and to identify content within the data. The data loss prevention engine is configured to determine the content of the data comprises an image and to determine an image type for the image based on objects within the image, and to determine whether the image type matches a restricted image type from a set of restricted image types. The data loss prevention engine is further configured to block transmission of the data to the target network device in response to determining that the image type matches a restricted image type and forward the data to the target network device in response to determining that the image type does not match a restricted image type.

Abstract: Embodiments of various systems and methods described herein provide an identity security database analytics system which is configured to provide security alerts to a user. The security alerts can include for personalized metrics related to potential identity theft incidents. The personalized metrics can include user specific information on security breaches of the user's personal information as well as depersonalized statistics generated based on information of other users having one or more similar characteristics of the user.

Abstract: A control device of the present embodiment has a communication I/F, a built-in non-volatile memory, a controller, an external-serial-memory I/F, a security management module, and an access controller. The communication I/F enables communication with outside. The built-in non-volatile memory has a first storage region, which stores an initialization program which carries out initialization operation, and a second storage region, which stores currently used firmware which is executed after the initialization operation and acquires firmware for update via the communication I/F. The controller executes the initialization program and the currently used firmware. The external-serial-memory I/F communicably connects the device of its own to an external non-volatile memory via a serial bus. The security-mode management module fixes an access control setting of the built-in non-volatile memory and the external non-volatile memory. The access controller outputs a level signal different from the serial bus.

Abstract: User identities, password, etc. represent the barrier between a user's confidential data and any other third party seeking to access this data. As multiple software applications, web applications, web services, etc. embody this confidential data it is a tradeoff between easy recollection of said identities, passwords, etc. and data security. However, malware by intercepting user credentials provides third parties access to even complex passwords, user credentials, security keys etc. even where these are changed/updated regularly. Within the prior art substantial work has gone into addressing malware. However, in many instances the user is at or very near the computer with a software application executing a transaction requiring credentials/authorisation with a portable electronic device or another device. Accordingly, it would be beneficial to provide users with an out-of-band communications channel for exchanging credentials and/or keys etc.

Abstract: Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Abstract: An integrated-circuit device comprises a bus system connected to a processor, a plurality of peripherals, each connected to the bus system, hardware filter logic; and a peripheral interconnect system, separate from the bus system and connected to the peripherals. For each peripheral, the hardware filter logic stores a respective value determining whether the peripheral is in a secure state. The peripheral interconnect system provides a set of one or more channels for signalling events between peripherals. At least one channel is a secure channel or is configurable to be a secure channel. The peripheral interconnect system is configured to allow an event signal from a peripheral in the secure state to be sent over a secure channel and to prevent an event signal from a peripheral that is not in the secure state from being sent over the secure channel.

Abstract: Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

Abstract: An NVMe-oF authentication system includes an authentication verification entity coupled to an NVMe subsystem that is coupled to an NVMe host device. The NVMe subsystem transmits a first challenge to the NVMe host device and, in response, receives a first challenge reply from the NVME host device. The NVMe subsystem then generates a first authentication verification request communication that includes a first response that was provided in the first challenge reply by the NVMe host device using a first instance of a first secret that is stored in the NVMe host device, and transmits the first authentication verification request communication to the authentication verification entity.

Abstract: Digital media that has been blockchained into a blockchain file format may be stored into a secondary file format like a Material eXchange Format (MXF) digital file by deconstructing the blockchain file and storing its subcomponent blockchain data and blockchain hash digests for each block within separate structures of the MXF digital file by generating a table for the blockchain hash digests that links to the blockchain data through data pointers. These separate structures of the MXF digital file are the generic container for a media file and a SDTI-CP (Serial Data Transport Interface—Content Package) compatible system item.

Abstract: Techniques and systems for determining a malicious derivative entity within a network are provided herein. A method for determining a malicious derivative entity may include receiving, by a network-based authentication system, a plurality of network transactions. A first attribute of a network transaction within the plurality of network transactions may be identified. The method may also include identifying a plurality of entities for the first attribute. The network-based authentication system may generate a first visual representation of a relationship between the first attribute and the plurality of derivative entities. Each of the derivative entities and the first attribute may be represented as nodes within the first visual representation. A first score for each of the nodes may be determined based on a degree of centrality of the nodes within the first visual representation. One network transaction may be blocked based on at least one node exceeding a first threshold.

Abstract: A system, method, and computer-readable medium are provided that engages in a data-driven and machine learning-based approach to arrive at high-value, system under test configurations for validation. Embodiments determine all the possible configurations for a computer platform, considering the variety of processors, boards, adapters, and the like, and then utilize a pseudo-ensemble clustering methodology that combines a k-means clustering technique with a neural-network based Kohenon self-organizing map competitive clustering technique to associate like configurations, and then utilizes a data-driven scoring methodology on the clustered configurations to prioritize those configurations to be validation tested.