Abstract: Provided are a network attack detection method and device.

Abstract: In an aspect, a wireless communication between a transmitter and a receiver involves determining updated keys according to a key management process for MAC layer encryption. Such key is propagated to a transmitter MAC and though a receiver key management process to a receiver MAC. After a delay, transmitter MAC device begins using the updated key, instead of a prior key, for payload encryption. Receiver MAC continues to use the prior key until a packet that was accurately received fails a message integrity/authentication check. Then, the receiver MAC swaps in the updated key and continues to process received packets. The packet data that failed the message integrity check is discarded. Transmitter MAC retries the failed packet at a later time, and if the packet was accurately received and was encrypted by the transmitter MAC using the updated key, then the receiver will determine that the message is authentic and will receive it and acknowledge it.

Abstract: A controller and an accessory controllable by the controller can communicate using secure read and write procedures. The procedures can include encrypting identifiers of accessory characteristics targeted by a read or write operation as well as any data being read or written. The procedures can also include the accessory returning a cryptographically signed response verifying receipt and execution of the read or write instruction. In some instances, a write procedure can be implemented as a timed write in which a first instruction containing the write data is sent separately from a second instruction to execute the write operation; the accessory can disregard the write data if the second instruction is not received within a timeout period after receiving the first instruction.

Abstract: A method for detecting a ROP attack comprising processing of an object within a virtual machine managed by a virtual machine monitor (VMM), intercepting an attempted execution by the object of an instruction, the instruction stored on a page in memory that is accessed by the virtual machine, responsive to determining the page includes instructions corresponding to one of a predefined set of function calls, (i) inserting a first transition event into the memory at a starting address location of a function call, and (ii) setting a permission of the page to be execute only, and responsive to triggering the first transition event, halting, by the VMM, the processing of the object and analyzing, by logic within the VMM, content of last branch records associated with the virtual machine to determine whether the processing of the object displays characteristics of a ROP attack is shown.

Abstract: Described technologies automatically detect candidate networks having external nodes which communicate with nodes of a local network; a candidate external network can be identified even when the external nodes are owned by a different entity than the local network's owner. A list of network addresses which communicated with local network nodes is culled to obtain addresses likely to communicate in the future. A graph of local and external nodes is built, and connection strengths are assessed. A candidate network is identified, based on criteria such as connection frequency and duration, domain membership, address stability, address proximity, and others, using cutoff values that are set by default or by user action. The candidate network identification is then utilized as a basis for improved security though virtual private network establishment, improved bandwidth allocation, improved traffic anomaly detection, or network consolidation, for example.

Abstract: Methods, systems, and computer readable media for monitoring, adjusting, and utilizing latency associated with accessing distributed computing resources are disclosed. One method includes measuring a first latency associated with accessing a first computing resource located at a first site. The method further includes the measuring a second latency associated with accessing a second computing resource located at a second site different from the first site. The method further includes selectively impairing transmission of packets to or processing of packets by at least one of the first and second computing resources in accordance with a performance, network security, or diagnostic goal.

Abstract: A secure and fault-tolerant, or variation-tolerant, method and system to turn a set of N shares into an identifier even when only M shares from this set have a correct value. A secret sharing algorithm is used to generate a number of candidate identifiers from subsets of shares associated with asset parameters of a collection of assets. The most frequently occurring candidate identifier is then determined to be the final identifier. The method has particular applicability in the fields of node locking and fingerprinting.

Abstract: A malicious code analysis method and system, a data processing apparatus, and an electronic apparatus are provided. A behavior characteristic data corresponding to a suspicious file is received from the electronic apparatus via the data processing apparatus to analyze the behavior characteristic data. The behavior characteristic data corresponding to the suspicious file is compared with a malware characteristic data of each of a plurality of malicious codes to obtain a comparison result. And based on the comparison result, a representative attack code corresponding to the suspicious file is obtained and a precaution corresponding to the representative attack code is transmitted to the electronic apparatus.

Abstract: Systems and methods are provided for securing data using a mobile device. The method may include determining securing global positioning data values of the mobile device; measuring a securing direction of the mobile device relative to a magnetic north direction; capturing a securing password by the mobile device; and securing the data against unauthorized access using the determined global positioning data values, the securing password, and the securing direction as a combined password.

Abstract: A mobile secret communications method based on a quantum key distribution network, comprises the following steps: a mobile terminal registering to access the network and establishing a binding relationship with a certain centralized control station in the quantum key distribution network; after a communication service is initiated, the mobile terminals participating in the current communication applying for service keys from the quantum key distribution network; the quantum key distribution network obtaining addresses of the centralized control stations participating in service key distribution during the current communication, designating a service key generation centralized control station according to a current state indicator of each centralized control station; the service key generation centralized control station generating service keys required in the current communication and distributing the keys to the mobile terminals participating in the current communication.

Abstract: Technologies for control flow validation a computing device having a processor with real-time instruction tracing support. The processor generates trace data indicative of control flow of a protected application. The computing device identifies an indirect branch target based on the trace data and determines whether the indirect branch target is included in the same module as a previous indirect branch target. If the indirect branch target and the previous indirect branch target are not included in the same module, the computing device determines whether an inter-module transfer policy is satisfied. If satisfied, the indirect branch target is stored as the previous indirect branch target and the protected application continues to execute. If the policy is not satisfied, the computing device generates an exception. The policy may be satisfied, for example, if the indirect branch target is an exported function. Other embodiments are described and claimed.

Abstract: A blacklist generating device acquires a malicious communication log and a normal communication log. A malicious communication profile extracting function calculates statistics on communication patterns included in the malicious communication log and outputs a communication pattern satisfying a certain condition to a potential blacklist. A normal communication profile extracting function calculates statistics on communication patterns included in the normal communication log and outputs a communication pattern satisfying a certain condition to a whitelist. A blacklist creating function searches the potential blacklist for a value with the value on the whitelist, excludes a coincident communication pattern from the potential blacklist, and creates a blacklist.

Abstract: A cloud-based identity and access management system that implements single sign-on (“SSO”) receives a first request for an identity management service configured to allow for accessing applications. Embodiments send the first request to a first microservice, where the first microservice performs the identity management service by generating a token. The first microservice generates the token at least in part by sending a second request to a SSO. The SSO microservice implements an SSO and generates a cookie that includes a global state and is used for communicating with different microservices. Embodiments receive a single log-out (SLO) of the SSO and use the cookie to iteratively log-out of the applications, where, after each log-out of an application of a first protocol, a redirect is performed to the SSO microservice to trigger log-out of applications of a different protocol.

Abstract: A secure method connects to an application run on a server from a client computer device, by a user who does not have the authentication data of the account declared in the application, the account including at least one proxy ID. The disclosure also relates to the application and associated authentication data, implementing a proxy [mandatary gateway] including a memory for recording, for each user declared by a primary account comprising at least one user ID, the list of resource targets C and accounts to which the user has access.

Abstract: A method for long range communications using sensors with bidirectional communication capability includes installing a plurality of sensors configured to communicate with a central node configured to send and receive packets in working slots on two frequencies; selecting a frequency with the strongest signal from each particular sensor; and avoiding collisions between the two-way sensors by changing working slots of the two-way sensors in each new frame by (a) creating a super-frame comprising multiple ordinary frames; (b) clocking all five multiple frames through; (c) returning the working slots to their initial positions; (d) creating a new super-frame; and (e) changing the working slot position throughout the new super-frame. Bidirectional communication guarantees that reception will be confirmed, or increases the chances that the signal will be received. Thus, it is possible to transfer information both ways, i.e., it is possible to write data (settings, etc.) into sensors.

Abstract: A third party system generates a group of users and a function that identifies users in the group as well as additional users not in the group when applied to user identifying information. The third party system transmits the function to an online system, which applies the function to user identifying information associated with various users of the online system. Applying the function to the user identifying information generates a set of users including users in the group and one or more additional users who are not in the group. The online system transmits information associated with users in the set and information identifying users in the set to the third party system, which determines obtained information associated with users of the group. In some embodiments, the information identifying users in the set is obfuscated user identifying information associated with the users in the set by the online system.

Abstract: Processor system with a general purpose processor and a cryptographic processor dedicated to performing cryptographic operations and enforcing the security of critical security parameters. The cryptographic processor prevents exposure of critical security parameters outside the cryptographic processor itself, and instead implements a limited scripting engine, which can be used by the general purpose processor to execute operations that require the critical security parameters.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide password encryption for hybrid cloud services. A workspace cloud connector internally residing with an entity may intercept user credentials associated with an internal application being transmitted to an external cloud service. The workspace cloud connector may generate an encryption key and encrypt the user credentials via a reversible encryption methodology. The workspace cloud connector may encrypt the encryption key using an irreversible encryption methodology (e.g., use a hashing function to produce a first hash). The workspace cloud connector may transmit the encrypted user credentials and the first hash to a virtual delivery agent via a first path (e.g., via the external cloud service). In response, the workspace cloud connector may receive an address of the virtual delivery agent and, using the address, may send the encryption key to the virtual delivery agent via a second path different from the first path.

Abstract: A system and method for performing licensing monitoring and compliance within a service provider platform are provided. The system comprises a memory and a processor configured to execute instructions stored within the memory. The system further comprises a central instance that executes on the processor and comprises a license repository containing licensing data for application components. The system further comprises a customer instance that includes a third-party application component installed within the customer instance from an application store. The system further includes a licensing module. The third-party application component is switchable between a monitor mode in which the licensing module reports usage of the third-party application component to the central instance and an enforcement mode in which the usage is controlled on the customer instance based on the license repository.

Abstract: The embodiments herein provide a system and method for an authentication-driven secret installation and access to applications and data on handheld computing devices. The secret storage is installed and accessed by a directly installed application or a host application on the device. The system comprises an authentication module for authenticating a user to access a data stored in the secret storage area, and a security module for detecting an intrusion of user's privacy during an accessing of the secret storage area. The authentication module automatically shuts down the application when a privacy intrusion is detected continuously for a preset period of time. A secret storage application is run to create a clone of one or more applications installed outside the secret storage area while the created clone of the one or more applications are stored in the secret storage area.