Abstract: A computer system and associated methods are disclosed for mitigating side-channel attacks using a shared cache. The computer system includes a host having a main memory and a shared cache. The host executes a virtual machine manager (VMM) that determines respective security keys for a plurality of co-located virtual machines (VMs). A cache controller for the shared cache includes a scrambling function that scrambles addresses of memory accesses performed by threads of the VMs according to the respective security keys. Different cache tiers may implement different scrambling functions optimized to the architecture of each cache tier. Security keys may be periodically updated to further reduce predictability of shared cache to memory address mappings.

Abstract: A method, system, and computer program product for managing communication privacy in a conversation system are provided. The method detects an utterance on a public channel by a user of a computing device. A privacy nature of the utterance is determined. Based on the privacy nature, a classification confidence is determined for the utterance. The method generates a privacy question to be presented to the user based on the privacy nature and the classification confidence. In response to a confirmation response, a privacy channel is established. The method switches from the public channel to the privacy channel.

Abstract: In some implementations, a first endpoint device may assign a first metric to a first Internet Protocol security (IPsec) tunnel and a second metric to a second IPsec tunnel. The first IPsec tunnel may be a first communication channel for transmitting data between the first endpoint device and a second endpoint device, and the second IPsec tunnel may be a second communication channel for transmitting the data between the first endpoint device and the second endpoint device. The first endpoint device may select, based on the first metric and the second metric, the first IPsec tunnel or the second IPsec tunnel as a selected IPsec tunnel for transmitting the data toward the second endpoint device. The first endpoint device may transmit the data toward the second endpoint device via the selected IPsec tunnel.

Abstract: Disclosed are systems and methods for vehicle charging. A charging system can include a component to convey power to a vehicle to charge the vehicle. The charging system can include a module to store a certificate via a cryptographic technique. The charging system can include a data processing system coupled to the module, the data processing system including one or more processors, coupled with memory, to retrieve the certificate from the module, transmit, to a second data processing system, a request to establish a communication connection, the request including the certificate, and establish the communication connection with the second data processing system responsive to a verification of the certificate by the second data processing system. The data processing system can transmit, to the second data processing system, data corresponding to power conveyed by the component to the vehicle subsequent to verification of the certificate.

Abstract: A method and a system implement a thermal context manager (hereinafter “TCM”) that detects a thermal state and a position of a computing device. Based on the detected thermal state(s) and the detected position(s) of the computing device, the TCM initiates an action associated with the computing device. The TCM continually monitors the computing device in order to create a thermal state profile of the computing device. To create the thermal state profile, the TCM stores data representing each detected instance of the thermal state of the computing device and data representing each detected position of the computing device.

Abstract: A method for project-oriented authentication of a device in a control system for a technical installation as part of an engineering project, wherein the control system includes at least one local registration service, at least one software inventory and a certification center, where information by the at least one local registration service with respect to what communication protocols and/or applications are supported by the device and/or are active is ascertained during authentication of the device within the control system, a project-oriented device certificate is requested from the first hierarchy of the certification center by the local registration service, and the project-oriented device certificate is deposited in an inventory element, associated with the engineering project, of the software inventory of the control system, the device certificates being issuable by the first hierarchy of the certification center have a unique project identifier.

Abstract: Systems and methods are described for providing calendar-based simulated phishing attacks to users of an organization. Initially, a context is identified for a calendar-based simulated phishing attack directed towards a user. An electronic calendar invitation for the calendar-based simulated phishing attack is then generated using the context. Thereafter, the electronic calendar invitation may be communicated to an electronic calendar of the user.

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

Abstract: Described herein are methods and systems for generating shared collaborative maps for planting or harvesting operations. A method of generating a collaborative shared map between machines includes generating a first map for a first machine based on a first set of data and generating a second map for a second machine based on a second set of data. The method further includes generating at least one shared collaborative map for at least one of the first and second machines based on the first and second maps.

Abstract: Representative embodiments are disclosed for providing network and system security. A representative apparatus includes an input-output connector coupleable to a data network; a network interface circuit having a communication port; a nonvolatile memory storing a configuration bit image; and a field programmable gate array (“FPGA”) coupled to the network interface circuit through the communication port, the FPGA configurable to appear solely as a communication device to the first network interface circuit, and to bidirectionally monitor all data packets transferred between the input-output connector and the first network interface circuit and any coupled host computing system. In another embodiment, the FPGA is further configurable for only a partial implementation of a communication protocol, such as a PCIe data link and/or physical layers. The FPGA may also monitor host memory and provide encryption and decryption functionality.

Abstract: Systems, methods, and computer-readable media relate to providing a network management service. A system is configured to request first network information from a first component of a network using a public IP address for the first component, wherein the first network information includes private IP addresses for a second component in the network and translate, based on a mapping information for a private IP address space to a public IP address space, the private IP address for a second component to a public IP address for the second component. The system is further configured to request second network information from the second component using the public IP address and provide a network management service for the network based on the second network information.

Abstract: A disclosed example involves receiving a message with an action to be performed; determining the message type; and based on the message type, performing an action specified in the message.

Abstract: A method that is performed to access data nodes of a data cluster. The method includes obtaining, by a data access gateway (DAG), a request from a host, wherein the DAG is not executing on the host; in response to the request, obtaining discovery metadata from each data node of the data nodes in the data cluster; updating, based on the discovery metadata, a discovery metadata repository; identifying a first data node of the data nodes based on the discovery metadata; and sending the request to the first data node of the data nodes.

Abstract: A method—for biometric based person recognition systems is provided. The method provides an identification of a personalized bioelectric code and a personal ID code by identifying persons and gestures of a person with a benefit of behavioral biometric data of Electromyography (EMG) signals. The method includes the steps of: making the person wishing to create a password to wear a wristband, simultaneously recording of hand movements in eight bioelectric signals from eight EMG sensors in recordings of up to 10 seconds, repeating each selected movement type by the person at least ten times, clearing a recorded raw signal group from noise signals with a bandpass filter, separating a signal cleaned from the noise signals into to windows, creating a customized behavioral biometric data set with generated attributes for each transaction, obtaining the personalized bioelectrical code and the personal ID code.

Abstract: In some examples, a system creates a requirement including EPG selectors representing EPG pairs, a traffic selector, and a communication operator; determines that EPGs in distinct pairs are associated with different network contexts and, for each pair, which network context(s) contains associated policies; creates first data representing the pair, operator, and traffic selector; when only one network context contains the associated policies, creates second data representing a network model portion associated with the only network context and determines whether the first data is contained in the second data to yield a first check; when both network contexts contain the associated policies, also creates third data representing a network model portion associated with a second network context, and determines whether the first data is contained in the second and/or third data to yield a second check; and determines whether policies for the pairs comply with the requirement based on the checks.

Abstract: Various embodiments are generally directed to techniques for providing improved privacy protection against vehicle tracking for connected vehicles of a vehicular network. For example, at least one road side unit may: identify a set of vehicles that require pseudonym changes and send an invitation for a pseudonym change event to each of the vehicles, determine at least a total number of the acceptances, determine whether the total number meets or exceeds a predetermined threshold number, send acknowledgement messages to the accepting vehicles if the threshold number is met, and form a vehicle group to coordinate the pseudonym change event during a privacy period. During the privacy period, the RSU and the vehicles may communicate with each other in a confidential and private manner via key-session-based unicast transmission, and coordinate transmission power and vehicle trajectory adjustments to maximize the benefits for safety and obfuscation for privacy.

Abstract: A method is disclosed for accessing a primary account maintained in a cloud environment, receiving information defining a structure of the primary account, the structure including a plurality of assets, and deploying, inside the primary account or a secondary account for which trust is established with the primary account, at least one ephemeral scanner configured to scan at least one block storage volume and output metadata defining the at least one block storage volume, the output excluding raw data of the primary account. The method further comprises receiving a transmission of the metadata from the at least one ephemeral scanner, excluding raw data of the primary account, analyzing the metadata to identify cybersecurity vulnerabilities, correlating each of the cybersecurity vulnerabilities with one of the assets, and generating a report correlating the cybersecurity vulnerabilities with the assets. Systems and computer-readable media implementing the method are also disclosed.

Abstract: Systems and methods are described for collaborative work hypertext markup language assets. The assets may be stored on a remote server. The methods may include instantiating a portable software test framework between an application local to a user and the remote server in dependence upon a uniform resource locator associated with the HTML asset and a request to acquire the HTML asset in response to a request for an HTML asset.

Abstract: Provided is a method of a host device managing at least one external device connected to the host device through a management server. The method includes: obtaining measurement information measured by the at least one external device; requesting authorization by the management server; transmitting the obtained measurement information to the management server when the authentication succeeds; receiving management information for managing the at least one external device, where the management information is generated based on the measurement information by the management server; and managing the at least one external device based on the received management information.

Abstract: An apparatus includes a processor coupled to a memory. The processor calls a second function from a first function by coloring with an inaccessible color value a first memory area associated with the first function, branching to the second function, coloring with a second color value a second memory area associated with the second function, operating on the second memory area, and coloring with the inaccessible color value the second memory area. The processor then returns control to the first function, and colors with a first color value the first memory area. The coloring step includes branching to a coloring routine that includes a basic block beginning with a single branch target instruction, identifying and authorizing the calling routine, coloring with a hardcoded color value a memory area associated with the calling routine, and returning to the calling routine.