Abstract: Approaches presented herein enable a security risk manager embedded in an application to manage security vulnerabilities of the application. More specifically, the application comprises code entities such as components, packages, libraries, or microservices. The entities are modified as part of the application development process to have an enabled state, in which these entities are permitted to run normally when called, and a disabled state, in which these entities do not run when called but instead perform a back-out behavior such as generating an error message. At runtime, the application periodically accesses a security vulnerabilities database to check for security alerts. When a relevant security alert is found, the application changes any code entities that are affected by the security alert to the disabled state pending investigation by an operations team. The application notifies the operations team by sending a notification of the security alert to an external security monitoring tool.

Abstract: A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

Abstract: Systems and methods mediate permissions for applications on user devices using predictive models. Data communications are monitored on a user device for permission requests and responses. A predictive model is trained with these permission requests and responses until a threshold is met. Then, a default permission response is provided on behalf of the user device in response to a permission request.

Abstract: Malware uses various techniques to detect a sandbox environment so that malicious code can avoid execution in closely monitored contexts that might otherwise trigger detection and remediation. A security system is dynamically updated to exploit these anti-sandbox techniques, e.g., by causing endpoints to mimic sandbox environments in a manner that discourages malware execution on the endpoint, and by updating sandboxes to alter or hide sandbox detection triggers.

Abstract: Systems and methods for cloud-based management of digital forensic evidence and, in particular, to systems and methods for enabling cloud-based digital forensic investigations.

Abstract: An intelligent electronic device (IED) of an electric power distribution system includes processing circuitry and a memory having instructions. The instructions, when executed by the processing circuitry, are configured to cause the processing circuitry to determine establishment of setup criteria to operate in a passive mode, operate in the passive mode to communicate data without initiation of a media access control security key agreement (MKA) protocol in response to determination of the establishment of the setup criteria, receive activation data during operation in the passive mode, the activation data being indicative that a media access control security (MACsec) communication link is to be established, and operate in an active mode in response to receipt of the activation data to initiate the MKA protocol to establish the MACsec communication link.

Abstract: A method, apparatus and product for sub-networks based cyber security. One method comprises detecting a device connecting to a local network which is divided into subnets; determining a usage profile of the device; automatically selecting a subnet to connect the device based on the usage profile; and connecting the device to the selected subnet in the local network. Another method comprises monitoring communication traffic of devices in each of the subnets of a local network; performing anomaly detection to detect an abnormal communication of a device connected to a subnet; blocking the abnormal communication of the device; and removing the device from the subnet and connecting the device to a quarantine subnet of the local network, whereby reducing connectivity of the device with other devices connected to the local network.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: Systems and methods for detecting and handling attacks on processes executing within a trusted execution environment (TEE) are disclosed. In one implementation, a processing device may detect by a first process an event indicating that a first process executing in a TEE of a host computer system is under attack from a second process executing on the host computer system. the processing device may set a flag within a memory region of the TEE indicating that the first process is under attack. The processing device may further perform, in view of an attack response policy associated with the first process, an action responsive to detecting the event.

Abstract: Various embodiments discussed generally relate to securing applications that work across networks, and more particularly to systems and methods for mitigating malicious behavior integrated within an application that directly calls a separate cloud based malicious behavior mitigation system.

Abstract: Methods and systems for identifying personally identifiable information (PII) are disclosed. In some aspects, frequency maps of fields storing known PII information are generated. The frequency maps may count occurrences of unique bigrams in the PII fields. A field of interest may then be analyzed to generate a second frequency map. Correlations between the first frequency maps and the second frequency map may be generated. If one of the correlations meets certain criterion, the disclosed embodiments may determine that the field of interest does or does not include PII. Access control for the field of interest may then be based on whether the field includes PII. In some aspects, a storage location of data included in the field of interest may be based on whether the field includes PII.

Abstract: An approach to workflow management in response to a detected security incident in a computer system. The approach may include an inference driven response based on prior artifacts. The inference driven response may predict the condition of the system and the outcomes of actions in response to the security incident. The predictions made by the inference drive response may be based on a machine learning model. The inference driven response may pause or prevent scheduled actions of the system based on the predictions. The inference driven response may continue to monitor the system and dynamically update its predictions for the condition of the system. In response to the updated predictions, the inference driven response may cancel or execute the previously scheduled actions of the system.

Abstract: A communication system (100) comprises a thin-client mobile terminal (MT) having a device identity (MT_ID), a thin-client service terminal (ST), and a remote system server resource (SS). The thin-client mobile terminal (MT) is configured for receiving (101) from the service terminal (ST) a short-range wireless communication signal (BA) representing an identification request (ID_REQ), and in response communicating (102) with the remote server resource (SS) by long-range broadband data communication to report the identification request (ID_REQ) as well as the device identity (MT_ID) of the mobile terminal (MT).

Abstract: A computer implemented method to determine a security configuration for a target virtual machine (VM) in a virtualized computing environment, the method including training a machine learning algorithm to determine a vector of security vulnerabilities for the target VM based on a vector of configuration characteristics for the target VM, the machine learning algorithm being trained using training examples each including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each training example further includes an identification of one of set of security configurations for the training VM; selecting at least a subset of the set of security configurations and, for each security configuration in the subset, executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a

Abstract: Disclosed herein are systems and method for protecting files indirectly related to user activity. In one exemplary aspect, a method may comprise identifying, on a computing device, a file that is directly accessed by a user of the computing device. The method may comprise determining an application that provides access to the file. The method may comprise identifying a plurality of program files that the application utilizes during execution. For each respective program file of the plurality of program files, the method may comprise determining whether the respective program file is required by the application to provide access to the file and in response to determining that the respective program file is required, determining a type of threat that can target the respective program file. The method may further comprise performing a data protection action on the respective program file based on the type of threat.

Abstract: Aspects of the disclosure relate to a system and method for cryptographically transmitting and storing identity tokens and/or activity data among spatially distributed computing devices. The system may comprise a plurality of chains, such as an identity chain and an activity chain. In some aspects, identity data associated with a user may be used to generate an identity token for the user. The identity token may be transmitted to a plurality of computing devices for verification. Based on a verification of the identity token, the identity token may be stored in the identity chain. A request to perform an activity may also be received, and identity data associated with the user may be received in order to authenticate the user. The computing device may generate, based on the received identity data, an identity token for the user. The identity token may be compared to the identity token stored in the identity chain, and the user may be authenticated based on the comparison.

Abstract: Techniques are disclosed relating to automated operations management. In various embodiments, a computer system accesses operational information that defines commands for an operational scenario and accesses blueprints that describe operational entities in a target computer environment related to the operational scenario. The computer system implements the operational scenario for the target computer environment. The implementing may include executing a hierarchy of controller modules that include an orchestrator controller module at top level of the hierarchy that is executable to carry out the commands by issuing instructions to controller modules at a next level. The controller modules may be executable to manage the operational entities according to the blueprints to complete the operational scenario.

Abstract: The invention relates to an embedded system (1) comprising a processor (2) operated by means of a kernel (3) executable by said processor, a hardware peripheral (8, 9), a memory (5) and an application-related software program (6) recorded in said memory (5), said application-related software program (6) being executed by means of said kernel (3) executable by said processor (2), as well as a securing method. The invention is characterized in that the kernel (3) executable by said processor (2) controls said hardware peripheral (8, 9), obliges said application-related software program (6) to execute a policy, which is neither defined nor controlled by said program, for controlling access to said communication peripheral (8, 9), and is formally proven to satisfy at least one security property.

Abstract: A security application on the terminal uses a client application in a rich execution environment (REE), a general trusted application in a trusted execution environment (TEE), and a secure element (SE) application in a SE. The general trusted application is shared by a plurality of security applications. A method includes receiving, by the general trusted application, a first request from a first client application, determining a corresponding first SE application, sending the first request to the first SE application, sending, by the first SE application, a first command to the general trusted application, executing, by the general trusted application, the first command, returning a first execution result to the first SE application, sending, by the first SE application, a first response to the general trusted application based on the first execution result, and sending, by the general trusted application, the first response to the first client application.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for preserving user privacy when collecting and analyzing user data. Methods include discarding user data after generating a privacy enhanced representation of user data and storing this privacy enhanced representation in a probabilistic data structure. Methods further preserve user privacy by inserting false negatives in the probabilistic data structure. Methods also include storing continuous value attributes in the data structure. Methods include storing date values associated with one or more user attributes. The date values may specify the date when one or more user attributes was last received.