Abstract: The disclosed computer-implemented method for evaluating unfamiliar executables may include (i) identifying, on the computing device, (a) a code object that is generated from source code written in a programming language, that is specified in an intermediate language different from the programming language, and that can be compiled into an executable file by a just-in-time compiler on the computing device and (b) an executable file that lacks an assigned reputation in a reputation system that distinguishes benign and malicious files, (ii) determining that the executable file was produced by the just-in-time compiler compiling the code object on the computing device, (iii) retrieving, from the reputation system, a reputation for the code object, and (iv) performing a security action on the executable file that is based on the reputation of the code object. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Techniques for application code obfuscation are disclosed. In one embodiment, the techniques may be realized as a method including receiving application code and testing data associated with the application; automatically generating obfuscated application code from the received application code; automatically testing the obfuscated application code by running the obfuscated application code and inputting at least the recorded inputs from the testing data while recording associated outputs; in response to determining that the associated outputs from automatically testing the obfuscation code do not match the testing data outputs, modifying the obfuscated application code and automatically testing the modified obfuscated application code against the testing data; and, in response to determining that outputs from automatically testing the modified obfuscated application code match the testing data outputs, transmitting the modified obfuscated application code as a successful obfuscation of the application.

Abstract: A computer-implemented method for enabling biometric authentication options may include (1) identifying a device that includes a biometric authentication option that provides access to a protected feature of the device and that is based on a biometric trait and an initial authentication option that provides access to the protected feature and that is not based on the biometric trait, (2) detecting an authentication action that is performed by a user on the device that provides access to the protected feature via the initial authentication option, (3) capturing biometric data describing the biometric trait of the user in connection with the user performing the authentication action on the device, and (4) using the biometric data as training data for the biometric authentication option to enable the user to access the protected feature of the device via the biometric authentication option. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for filtering interprocess communications may include (1) identifying a service process that provides a service on the computing device, (2) authenticating the service process, (3) identifying a request by a client process to use the service provided by the service process, (4) authenticating the client process, (5) receiving an interprocess communication from the client process directed toward the service process, (6) determining that the interprocess communication is malicious, and (7) in response to determining that the interprocess communication is malicious, blocking the interprocess communication from being communicated to the service process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various embodiments of a method and an apparatus for identifying invariants to detect software tampering is disclosed. In one embodiment, a method of identifying invariants associated with a software package comprises applying a machine learning technique to a plurality of images associated with a software package to identify a memory location within the plurality of images to be a candidate invariant, wherein the plurality of images comprises images of memory used during execution of the software package and determining an invariant based on the candidate invariant.