Abstract: A computer security architecture applies selected rules from among a set of rules defining one or more security policies to a given set of security context parameters to produce security verdicts, each representing whether a certain action requested by a subject entity is permissible. Each security policy is associated with a corresponding communication interface. A plurality of gateway engines are each associated with at least one of the subject entities and dedicated to interfacing with the security server. Each of the gateway engines carries out monitoring of requested actions by the associated subject entity and, for each requested action, identifies a security context. A security policy is determined for the requested action based on a corresponding security context, and a security verdict is obtained via a communication interface corresponding to the applicable security policy.

Abstract: Disclosed are systems, methods and computer program product for determining information security level for an enterprise. An example method comprising: collecting information relating to a structure of the enterprise, including a plurality of elements of the enterprise; creating a model to correspond to each element of the enterprise based on at least one function of each element; identifying criteria to evaluate an effectiveness of the at least one function of each element; simulating operation of the elements and determining effectiveness of the at least one function of each simulated element, wherein simulating includes determining different sequences of events and actions in response to the events for one or more simulation iterations based on the effectiveness of the at least one function of each element; and determining an information security level for the enterprise by maximizing the effectiveness of functions of the elements in response to events.

Abstract: Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device.

Abstract: A method for reducing the size of the AV database on a user computer by dynamically generating an AV database according to user parameters is provided. Critical user parameters that affect the content of the AV database required for this user are determined. The AV database for the single user is generated based on the user parameters. When the parameters of the user computer change or when new malware threats are detected, the user AV database is dynamically updated according to the new parameters and the new malware threats. The update procedure becomes more efficient since a need of updating large volumes of data is eliminated. The AV system, working with a small AV database, finds malware objects more efficiently and uses less of computer system resources.

Abstract: Disclosed a portable personal security device and methods for secure communication. In one example, the personal security device may wirelessly connect to a user device and collect information about the user device. The personal security device may then assess security characteristics of the user device based on the collected information. When the user device is determined to be unsecure, the personal security devices may instruct the user to use a secure internet application of the personal security device instead of an unsecure internet application of the user device. In addition, the personal security device may instruct the user to use a secure data input device of the personal security device instead of an unsecure data input device of the user device. The personal security device then receives via the secure data input device a user input data for the secure internet application, and transmit it to the user device.

Abstract: Disclosed a portable security device and methods for secure user authentication. The security device stores operating system agents that enable communication with user devices that have different operating systems. The security device also stores user authentication data for accessing different Internet resources by the user devices. The security devices connects to the user device using an operating system agent corresponding to the operating system of the user device, and receives from the user device a request to access an Internet resource. The security device select user authentication data associated with the requested Internet resource, and obtains the requested Internet resource using the selected user authentication data.

Abstract: In a computer system, processing of security-related tasks is delegated to various agent computers. According to various embodiments, a distributed computing service obtains task requests to be performed for the benefit of beneficiary computers, and delegates those tasks to one or more remote agent computers for processing. The delegation is based on a suitability determination as to whether each of the remote agent computers is suitable to perform the processing. Suitability can be based on an evaluation of such parameters as computing capacity and current availability of the remote agent computers against the various tasks to be performed and their corresponding computing resource requirements. This evaluation can be performed according to various embodiments by the agent computers, the distributed computing service, or by a combination thereof.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

Abstract: Disclosed herein are systems, methods and computer program products for providing secure Internet access to a user device in an unsecure network environment, such as a public wireless network. The system includes a portable security device configured to establishing a first secure direct wireless connection with the user device and a second secure network connection through the public wireless network to a security server, which provides Internet access. The security device provides Internet browser and e-mail application, which can be used instead of unsecure applications of the user device to access Web resources through the first and second secure network connections. In addition, the security device includes a secure keyboard, which can be used by the device user instead of the unsecure keyboard of the user device to enter user authentication data for accessing the desired Web resources.

Abstract: A method for reducing the size of the AV database on a user computer by dynamically generating an AV database according to user parameters is provided. Critical user parameters that affect the content of the AV database required for this user are determined. The AV database for the single user is generated based on the user parameters. When the parameters of the user computer change or when new malware threats are detected, the user AV database is dynamically updated according to the new parameters and the new malware threats. The update procedure becomes more efficient since a need of updating large volumes of data is eliminated. The AV system, working with a small AV database, finds malware objects more efficiently and uses less of computer system resources.

Abstract: Disclosed are systems, methods and computer program products for detecting unknown security threats. In one example, a system receives from an antivirus application deployed on a user's computer information about an unknown security event associated with a software executing on the computer and a user's verdict indicating that the software is harmful or clean. The system identifies the user of the computer and a role of the user. The role indicates user's level of expertise in the field of computer security. If the user has a high level of expertise in computer security, the system accepts the user's verdict. If the user has a low level of expertise, the system analyzes the information about the security event to verify that the user's verdict is correct. If the user's verdict was accepted or verified to be correct, the system updates an antivirus database associated with the antivirus application.

Abstract: Disclosed are systems, methods and computer program products for dynamically allocating computing resources for processing security information. In one example, the system receives from an antivirus application deployed on a user's computer information about user's actions related to the security of said computer. The system analyzes the received information to determine user's level of expertise in the field of computer security. The system then classifies the user into one of two or more different roles based on the determined level of expertise. The system automatically selects, based on the user's role, configuration setting of the antivirus application for collecting information about security threats detected by the user. The system also automatically allocates and configures, based on the user's role, computing resources and services for processing information collected by the antivirus application deployed on the user's computer about security threats detected by the user.

Abstract: Disclosed are systems, methods and computer program products for classifying users of antivirus software based on user's level of expertise in the field of computer security. In one example, the system receives from antivirus software deployed on a user's computer information about security of the computer and history of user's usage of the software. The system categorizes the received information into categories based on (i) a number of computer threats detected by the user, (ii) a frequency of malware infections of the user's computer, and (iii) a level of user's proficiency with the antivirus software. The system then selects condition-action rules for each category of information and applies the selected rules to the categorized information to determine user's level of expertise in computer security. Finally, the system classifies the user as one of an expert or typical user based on the user's level of expertise.

Abstract: In a computer system having a plurality of software components, a security system for controlling interactions between the software components, the security system including at least one constraint associated with the interaction; and at least one attribute associated with the software components. The attributes and interaction parameters are bound to the constraint. The security system reaches a verdict permitting or forbidding the interaction, by resolving the constraint, based on value of the attribute and values of the parameters. The security system uses constraints and attributes specified during different life stages of each software component, where constraints are incrementally added during each subsequent life stage.