Abstract: In some examples, an electronic device includes a processor to allow installation of an untrusted executable code to a virtual machine, monitor the installation and execution of the untrusted executable code, and, responsive to a determination that an executed amount of the untrusted executable code is less than a threshold amount, prompt a user to continue the execution of the untrusted executable code.

Abstract: A software system that has an embedded browser, an authenticator and a data channel module where the authenticator is adapted to authenticate a user, to authenticate a data channel and to bind the user authentication with the authenticated channel is disclosed. The authenticator is further adapted to communicate with the user via a graphical user interface of the embedded browser using graphical and control primitives of the authenticator and/or using a stand-alone graphical user interface of the authenticator, and the data channel module is adapted to communicate with service provider servers via a secure protocol, to communicate with the embedded browser and to communicate with the authenticator. A method of authentication using this system increases security and user comfort when accessing services and data requiring authentication is also disclosed.

Abstract: The present specification discloses a computer tangible medium containing instructions to regulate creation and distribution of blockchain blocks based upon system utilization. The method includes determining utilization of a computer resource and creating a virtual blockchain block based on a data object when utilization exceeds a first threshold. The virtual blockchain block includes file metadata on the data object, but does not include blockchain cryptographic information. The method includes creating a real blockchain block based on the data object when utilization does not exceed the first threshold. The virtual blockchain block is converted to the real blockchain block when utilization drops below the first threshold.

Abstract: Zero trust network security is provided without modifying the underlying network infrastructure. Unique intermediate certificates created based on a primary certificate are sent to each of a plurality of entities. Each entity of the plurality of entities is installed on a respective node of a plurality of nodes in a network environment of a cloud provider. An agent is deployed to each of the plurality of nodes, and the agent is configured to enforce at least one network firewall policy based on the intermediate certificate sent to the corresponding entity.

Abstract: An embodiment for recursively adapting a sensitive content masking technique is provided. The embodiment may include receiving a request from a primary user to share an original document. The embodiment may also include receiving an identity of a secondary user who needs access to a masked version of the original document. The embodiment may further include scanning the original document for sensitive information and identifying sensitive information in the original document. The identified sensitive information may be displayed to the primary user. The embodiment may also include generating a masked value for each piece of identified sensitive information. The embodiment may further include suggesting one or more groups of secondary users if there are additional secondary users. The embodiment may also include presenting the masked version of the original document to the secondary user. The embodiment may further include indexing the masked version of the original document.

Abstract: Systems, methods, and storage media for creating secured computer code from original computer code are disclosed. The secured computer code is created from original computer code and has a secured interface between a first code domain and a second code domain of the original computer code, the first code domain including code in a first coding language and the second code domain including code in a second coding language, the first code domain being compiled separately from the second code domain. Exemplary implementations may: identify a code method defined in the first code domain that is declared in the second code domain; create a corresponding code method in the second code domain that has a signature that corresponds to a signature of the code method; and create a transformed code method in the first code domain.

Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Abstract: Methods, systems, and computer programs are presented for analyzing a program to be executed on a computer to detect vulnerability for malicious attacks using the program. One method includes an operation for performing dynamic vulnerability detection of a driver when the driver is loaded in a computing system. The dynamic vulnerability detection comprises detecting at least one offset made available by the driver for access to the driver, and detecting application programming interface (API) calls made by the driver. Further, the method includes performing static vulnerability detection of the driver by analyzing binary code of the driver. The static vulnerability detection comprises determining the at least one offset available for access to the driver, and identifying vulnerable code paths to functions accessing kernel functionality.

Abstract: A novel compiler is described. The compiler is able to view source code of the application in its entirety and can do so from the inside. Unlike other tools which examine the forensic data from an application crash after the fact, from the outside, the compiler of the present invention can provide novel data on function call stacks and function profiles during runtime. The application may be stopped immediately during runtime to prevent further or potential damage, but the forensic data that is collected is focused and can be used to show where vulnerabilities exists in the application and how they were exploited. Hashes are taken of function call stacks and used as unique identifiers or thumbprints which can be used to reduce the volume of forensic data that needs to be analyzed after an attack.

Abstract: Methods, systems, and devices for leveraging data already collected on a user in a secure and private manner, in particular to verify user credentials for third parties. The methods, systems, and devices innovate beyond traditional security and privacy platforms in computer systems by processing the data to create a useable metric for the purposes of the third parties, in which the useable metric preserves the security and privacy of the underlying data.

Abstract: An encoding method for enabling privacy-preserving aggregation of private data can include obtaining private data including a private value, determining a probabilistic status defining one of a first condition and a second condition, producing a multiset including a plurality of multiset values, and providing the multiset for aggregation with a plurality of additional multisets respectively generated for a plurality of additional private values. In response to the probabilistic status having the first condition, the plurality of multiset values is based at least in part on the private value, and in response to the probabilistic status having the second condition, the plurality of multiset values is a noise message. The noise message is produced based at least in part on a noise distribution that comprises a discretization of a continuous unimodal distribution supported on a range from zero to a number of multiset values included in the plurality of multiset values.

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Abstract: A device may provide a verification indicator to a device associated with a website. The verification indicator may be associated with verifying access to the website. The device may detect that the verification indicator has been associated with code associated with the website based on processing the code. The device may provide a script to the device. The script may be included in the code. The script may be associated with monitoring operations of the website. The device may receive data related to the operations. The device may analyze the data using a model. The model may be associated with making a prediction related to at least one of: a value to be received via the website, or traffic associated with the website. The device may perform one or more actions related to the website based on a result of the analyzing.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable medium for detecting data anomalies on a device. The method may include determining data patterns for data input to the device, data output from the device, and/or data stored in a memory of the device; monitoring the data input, data output, and the data stored in the memory at least based on the determined data patterns in parallel with processing of the data input, data output, and/or the data stored in the memory; and detecting whether an anomaly exists in the data input, data output, and/or the data stored in the memory of the device based on the monitoring.

Abstract: Approaches presented herein enable a security risk manager embedded in an application to manage security vulnerabilities of the application. More specifically, the application comprises code entities such as components, packages, libraries, or microservices. The entities are modified as part of the application development process to have an enabled state, in which these entities are permitted to run normally when called, and a disabled state, in which these entities do not run when called but instead perform a back-out behavior such as generating an error message. At runtime, the application periodically accesses a security vulnerabilities database to check for security alerts. When a relevant security alert is found, the application changes any code entities that are affected by the security alert to the disabled state pending investigation by an operations team. The application notifies the operations team by sending a notification of the security alert to an external security monitoring tool.

Abstract: A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.

Abstract: Systems and methods for cloud-based management of digital forensic evidence and, in particular, to systems and methods for enabling cloud-based digital forensic investigations.

Abstract: An intelligent electronic device (IED) of an electric power distribution system includes processing circuitry and a memory having instructions. The instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to determine establishment of setup criteria to operate in a passive mode, operate in the passive mode to communicate data without initiation of a media access control security key agreement (MKA) protocol in response to determination of the establishment of the setup criteria, receive activation data during operation in the passive mode, the activation data being indicative that a media access control security (MACsec) communication link is to be established, and operate in an active mode in response to receipt of the activation data to initiate the MKA protocol to establish the MACsec communication link.