Abstract: A method, apparatus, electronic device, storage medium and program product of code management are provided. In response to a request for building an executable file, corresponding developed code is obtained from a code library. The developed code is compiled into intermediate code to determine security of the intermediate code. In response to determining that the intermediate code is secure, an executable file is generated based on the intermediate code.

Abstract: Systems and method for watermarking portions of code for the purposes of identification are described. A computer-implemented method of watermarking a portion of code with identification data includes: determining, by a computing device, a number of existing whitespace characters in the portion of code; encoding, by the computing device, the identification data using a set of reference whitespace characters; and embedding, by the computing device, the encoded identification data into the portion of code, wherein the embedding the encoded identification data includes, based on the determined number of existing whitespace characters, either replacing existing whitespace characters in the portion of code with the encoded identification data or inserting the encoded identification data characters into the portion of code.

Abstract: Systems and methods for privacy-protecting hybrid cloud and premise stream processing are disclosed. In one embodiment, in an information processing device comprising at least one computer processor, a method for processing a voice communication including restricted content may include: (1) receiving from an electronic device, a customer communication; (2) identifying restricted content in the customer communication; (3) masking or marking the restricted content in the customer communication; (4) communicating the customer communication with the masked or marked restricted content to a cloud processor; (5) receiving a processed responsive communication comprising the masked or marked restricted content from the cloud processor; (6) unmasking or unmarking the restricted content in the processed responsive communication; and (7) communicating the processed responsive communication comprising the unmasked or unmarked restricted content to the electronic device.

Abstract: Systems and methods for establishing secure remote connections to media devices establish a secure shell (SSH) connection between two machines which are located in two different private networks, such as between a remote debugging computer and a receiving device. The receiving device has a persistent outbound connection with a message server. The remote debugging computer connects to a relay manager and obtains a relay instance IP address and port. The relay manager then forwards the relay instance IP address and port to the receiving device via the message server. After receiving the connection request from the message server, the receiving device connects to the relay instance IP and port and waits for the input data. The remote debugging computer performs an SSH handshake and the receiving device directly authenticates the SSH connection.

Abstract: Providing an isolation system that allows analysts to analyze suspicious information in way that aids in preventing harmful information from spreading to other applications and systems on a network. A plurality of virtual containers may be used by analysts to analyze suspicious information. The suspicious information may first be checked for signatures or patterns before being analyzed by the analyst or the isolation system. The identified signatures or patterns are then compared with the stored signatures or patterns to determine whether the suspicious information comprises harmful information or not. When the identified signatures or patterns are matched with stored signatures or patterns, the system may determine that the suspicious information comprises harmful information and performs one or more mitigation actions.

Abstract: This specification discloses techniques for risk identification. One example method includes receiving, by a client device, a risk identification request identifying a requested service operation and service data associated with the requested service operation; retrieving, by the client device, service data corresponding to the risk identification request; determining, by the client device, service indicator data associated with the service data; analyzing, by the client device, one or more of the service data and the service indicator based on a risk identification rule or a risk identification model to produce a risk result; and determining, by the client device, whether the requested service operation is a high risk operation based at least in part on the risk result.

Abstract: A malware monitoring method includes: obtaining a malware sample; extracting operational parameters corresponding to the malware sample; configuring an emulator application corresponding to the malware sample using the operational parameters; executing a plurality of instances of the configured emulator application; collecting output data from each of the plurality of instances; and generating indicators of compromise (IOCs) based on the collected output data.

Abstract: An image for a containerized application is created. From the image, one or more main processes of the containerized application are identified. The one or more main processes comprise a first subset of a plurality of processes of the containerized application. Within a sandbox environment, the containerized application is started. Based on the started application within the sandbox environment, a second subset of processes within the plurality is determined. The second subset includes one or more dependent processes associated with the first subset. A third subset of processes within the plurality is determined. The third subset excludes the first and second subsets and is associated with a vulnerability list. According to the third subset, a mitigated image for the containerized application is generated.

Abstract: Embodiments include a method for secure data storage including constructing an encryption key from a plurality of key elements, the constructing including distributing the plurality of key elements to a plurality of key maintenance entities, each of the plurality of key maintenance entities employing a plurality of independent safe guards for their respective key elements of the plurality of key elements; and requiring access to the plurality of key elements to construct the encryption key. The method includes receiving a subset of the plurality of key elements via a twice-encrypted communications channel; and regenerating the encryption key at the client node; and after encrypting data, deleting the subset of the plurality of key elements received over the twice-encrypted communications channel, retaining any of the plurality of key elements previously stored at the client node.

Abstract: A system for detecting security threats in a computing device receives a first set of signals from components of the computing device. The first set of signals includes intercommunication electrical signals between the components of the computing device and electromagnetic radiation signals propagated from the components of the computing device. The system extracts baseline features from the first set of signals. The baseline features represent a unique electrical signature of the computing device. The system extracts test features from a second set of signals received from the component of the system. The system determines whether there is a deviation between the test features and baseline features. If the system detects the deviation, the system determines that the computing device is associated with a particular anomaly that makes the computing device vulnerable to unauthorized access.

Abstract: An encrypted sequence that includes an authentication key may be received. A base key stored at a device may be identified and the encrypted sequence may be decrypted with the base key to obtain the authentication key. A challenge value may be received and the authentication key may be combined with the challenge value to generate a device ephemeral key. An authentication result may be generated for the device based on a combination of the device ephemeral key and the challenge value. Furthermore, the authentication result may be transmitted to a mobile network to authenticate the device.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining first system-defined platform information concerning a first security-relevant subsystem within a computing platform; obtaining at least a second system-defined platform information concerning at least a second security-relevant subsystem within the computing platform; combining the first system-defined platform information and the at least a second system-defined platform information to form system-defined consolidated platform information; and generating a security profile based, at least in part, upon the system-defined consolidated platform information.

Abstract: Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Abstract: Disclosed are an electronic device and a method of performing digital key provisioning of an electronic device. The electronic device according to an embodiment includes a communication unit, a memory that stores programs and data for performing digital key provisioning, and a processor configured to, by executing the programs stored in the memory, perform device authentication on a target device by performing short-range communication with the target device, identify a digital key service access right of the target device through a server by obtaining user information, and control generation and storing of a digital key in response to a digital key generation request from the target device.

Abstract: The disclosed computer-implemented method for identifying and mitigating phishing attacks may include (i) receiving a request for sensitive data utilized to access a network service, (ii) launching an autofill provider for providing the sensitive data to the network service, (iii) identifying, utilizing the autofill provider, a domain for the network service and a data type associated with the sensitive data utilized to access the network service, (iv) determining, utilizing the autofill provider, a reputation for the network service based on the domain and the data type, and (v) performing a security action that protects against a phishing attack based on the reputation determined for the network service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Abstract: Systems and methods are provided for managing false positives in a network anomaly detection system. The methods may include receiving a plurality of anomaly reports; extracting fields, and values for the fields, from each of the anomaly reports; grouping the anomaly reports into a plurality of groups according to association rule learning, wherein each group is defined by a respective rule; for each group, creating a cluster based on common values for the fields; and marking each cluster as a possible false positive anomaly cluster.

Abstract: A technology is provided for using a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.

Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

Abstract: Embodiments of the invention are directed assessing reliability between two computing devices. A distributed database may maintain reliability associations between pairs of computing devices. Each reliability association may indicate a particular device has determined (e.g., locally) that another device is reliable. In order to determine an amount of reliability between a first computing device and a second computing device, an ordered combination of the reliability associations may be determined utilizing the distributed database. The ordered combination of reliability associations may identify a reliability path between the first computing device and the second computing device. An amount of reliability may be determined based on the reliability path. An interaction between the devices may be allowed or restricted based at least in part on the amount of reliability between the computing devices.