Abstract: Methods and systems for monitoring the behavior of a process. A profile of a software module is obtained. An association request is received from a process. The association request includes an identifier. In response to receiving the association request, successfully validating the identifier based on the profile and establishing an association of a token to data associated with the identifier. A disassociation request is received from the process. The disassociation request includes a token. In response to receiving the disassociation request, using the token to retrieve the data associated with the identifier, determining that the disassociation request is invalid based on the profile and the data associated with the identifier, and based on the determination that the disassociation request is invalid, taking an action.

Abstract: Systems, methods, and software can be used to detect software errors in a binary code. In some aspects, a method comprises: obtaining a binary code; generating a base memory-write profile for the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of the binary code according to a base input; for each of a plurality of test inputs, generating a test memory-write profile for the binary code, wherein the test memory-write profile comprises a count of memory updates for each memory location during an execution of the binary code according to the test input; comparing the base memory-write profile and the plurality of test memory-write profiles; and generating a notification based on the comparison, wherein the notification indicates whether there is a difference between the base memory-write profile and the plurality of test memory-write profiles.

Abstract: Systems, methods, and software can be used to identify API use in a binary code. In some aspects, a method comprises: obtaining a base memory-write profile description for a binary code, wherein the description comprises: a base memory-write profile for each of a plurality of API calls in the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of a corresponding API call; receiving an execution request that invokes the binary code; generating an execution memory-write profile for the request, wherein the execution memory-write profile comprises a count of memory updates for each memory location during an execution of the request; determining, based on a comparison between the execution memory-write profile and the base memory-write profiles in the description, an API call corresponding to the request; and generating a notification indicating the determined API call.

Abstract: A method at a remote proxy on a first node, the method including receiving, at the remote proxy, a first message from a first module on the first node, the first message being directed to a second module on a second node; verifying the first message at the remote proxy utilizing operating system verification; determining, based on a manifest at the remote proxy, the second node; signing, using a private key for the first node, the first message; and sending the first message to the second node.

Abstract: A computer-implemented method is disclosed. The method includes: identifying a set of program variables associated with a computer program; generating a profile of variable writes for the computer program based on tracking, for each variable in the set of program variables: a count of memory write operations for writing to the variable; and timestamps associated with the memory write operations; detecting a trigger condition associated with the set of program variables, the detecting including: monitoring a pattern of memory accesses by the computer program, the pattern of memory accesses indicating accesses of memory allocated to variables in the set of program variables; and detecting a deviation of the pattern of memory accesses from the profile of variable writes; and in response to detecting the trigger condition, generating a notification indicating an attack status on the computer program.

Abstract: Systems, methods, and software can be used to share content. In some aspect, a first user input for copying a content is received at a first application on a mobile device. A token that is associated with the content is generated. A Uniform Resource Identifier (URI) is sent from the first application to a clipboard application. A second user input for pasting the content is received at a second application on the mobile device. The token is received at the second application from the clipboard application. A request for the content is received from the second application. The request includes the token. Whether the second application is authorized to receive the content is determined at the first application. In response to determining that the second application is authorized to receive the content, the content is provided to the second application.

Abstract: Software vulnerabilities affecting devices can be determined using a vulnerability identifier uniquely identifying a vulnerability and version check information for use in determining software versions affected by the vulnerability. The version check information comprises one or more version rules providing a definition of how a software version number is tokenized and one or more Boolean expressions on those tokens to identify impacted versions of software according to the one or more version rules. In checking software for a vulnerability, the software version is determined and checked using the Boolean expression according to the version definition.

Abstract: A system and method to control access to data are disclosed. A request for a subject to perform an action on an object is received. A determination is made whether a policy for the subject limits the action to an object with integrity protection. The action is performed based on determining the object has integrity protection. The request is rejected based on determining the object does not have integrity protection.

Abstract: Systems and methods for enforcing label-based mandatory access control are provided. A first label may be assigned to a resource. An event associated with a resource may be detected. The resource may be relabeled, in response to detection of the event, from a first label to a second label in accordance with a transition rule. The transition rule may be included in a security policy. The transition rule may indicate that the resource is to be relabeled to the second label if the event is detected. Access to the resource may be controlled according to an access rule in the security policy. The access rule may be applicable to the resource based on the access rule identifying the second label assigned to the resource.

Abstract: A system and method to control access to data are disclosed. A command to mount a specified file system as a trusted file system is received. Whether the specified file system is marked as a trustable file system is determined, where marking as a trustable file system based on verifying integrity protection for the specified file system. The specified file system is mounted as a trusted file system based on determining that the specified file system is marked as a trustable file system. A command to access data on the specified file system is received. A determination is made as to whether the specified file system was mounted with a specification to be a trusted file system. Access to the data is permitted or denied based on determining that the mounting specified mounting as a trusted file system.

Abstract: Systems and methods for enforcing label-based mandatory access control are provided. A first label may be assigned to a resource. An event associated with a resource may be detected. The resource may be relabeled, in response to detection of the event, from a first label to a second label in accordance with a transition rule. The transition rule may be included in a security policy. The transition rule may indicate that the resource is to be relabeled to the second label if the event is detected. Access to the resource may be controlled according to an access rule in the security policy. The access rule may be applicable to the resource based on the access rule identifying the second label assigned to the resource.

Abstract: An electronic device may maintain separate OS domains associated with security permissions. The OS domain may implement separate corresponding clipboard services. A clipboard agent or clipboard mediator service may receive a clipboard data request from a first application. The clipboard agent may determine which OS domain has most recently processed a store command associated with storing data in a corresponding clipboard service of the OS domain. The clipboard agent associated with the OS domain that most recently stored content may determine whether to send the data from the corresponding clipboard service based at least in part on permissions associated with the OS domain. Security of the clipboard access may be enforced on a per domain basis. Access to clipboard content may be mediated at the time of the request without a need to share data prior to the request.

Abstract: A method in an access control server of controlling access to an enterprise network includes: receiving, at the access control server from a client computing device outside the enterprise network, a request to establish a connection between the client computing device and an enterprise server in the enterprise network; at the access control server, responsive to receiving the request, obtaining a security attribute of the enterprise server from a central repository outside the enterprise network; determining, based on the security attribute, whether the enterprise server meets a predefined security threshold; and when the enterprise server does not meet the predefined security threshold, denying the request to establish a connection between the client computing device and the enterprise server.

Abstract: A hardware sensor and a hardware user-input component are integrated in a portable electronic device. The hardware sensor is operable to produce hardware sensor output indicative of orientation or motion or both of the device within its environment. The hardware user-input component has multiple elements operable to accept user input through touch. A user-input driver and the device's operating system are jointly operable to detect touch events involving the elements. A software application stored in the device's memory is executable by the device's processor as a process. A sensor driver or the operating system or both are configured to control what hardware sensor output, if any, is receivable by the process. This control may thwart an attack based on analysis of the hardware sensor output, the attack designed to deduce what user input has been made via multiple elements of the hardware user-input component.

Abstract: A system and method to control access to data are disclosed. A request for a subject to perform an action on an object is received. A determination is made whether a policy for the subject limits the action to an object with integrity protection. The action is performed based on determining the object has integrity protection. The request is rejected based on determining the object does not have integrity protection.

Abstract: Systems, methods, and software can be used to share content. In some aspect, a first user input for copying a content is received at a first application on a mobile device. A token that is associated with the content is generated. A Uniform Resource Identifier (URI) is sent from the first application to a clipboard application. A second user input for pasting the content is received at a second application on the mobile device. The token is received at the second application from the clipboard application. A request for the content is received from the second application. The request includes the token. Whether the second application is authorized to receive the content is determined at the first application. In response to determining that the second application is authorized to receive the content, the content is provided to the second application.

Abstract: A system and method to control access to data are disclosed. A command to mount a specified file system as a trusted file system is received. Whether the specified file system is marked as a trustable file system is determined, where marking as a trustable file system based on verifying integrity protection for the specified file system. The specified file system is mounted as a trusted file system based on determining that the specified file system is marked as a trustable file system. A command to access data on the specified file system is received. A determination is made as to whether the specified file system was mounted with a specification to be a trusted file system. Access to the data is permitted or denied based on determining that the mounting specified mounting as a trusted file system.

Abstract: A hardware sensor and a hardware user-input component are integrated in a portable electronic device. The hardware sensor is operable to produce hardware sensor output indicative of orientation or motion or both of the device within its environment. The hardware user-input component has multiple elements operable to accept user input through touch. A user-input driver and the device's operating system are jointly operable to detect touch events involving the elements. A software application stored in the device's memory is executable by the device's processor as a process. A sensor driver or the operating system or both are configured to control what hardware sensor output, if any, is receivable by the process. This control may thwart an attack based on analysis of the hardware sensor output, the attack designed to deduce what user input has been made via multiple elements of the hardware user-input component.

Abstract: A hardware sensor and a hardware user-input component are integrated in a portable electronic device. The hardware sensor is operable to produce hardware sensor output indicative of orientation or motion or both of the device within its environment. The hardware user-input component has multiple elements operable to accept user input through touch. A user-input driver and the device's operating system are jointly operable to detect touch events involving the elements. A software application stored in the device's memory is executable by the device's processor as a process. A sensor driver or the operating system or both are configured to control what hardware sensor output, if any, is receivable by the process. This control may thwart an attack based on analysis of the hardware sensor output, the attack designed to deduce what user input has been made via multiple elements of the hardware user-input component.

Abstract: Various embodiments are provided in which intra-application permissions may be granted on an electronic device. An application may access data from another application if the application has the proper permission signed by a permissions server. In one embodiment, a request is received by a first application that is installed on a device. The request is from a second application for permission to access data associated with the first application. A permissions record for the second application may be stored in an application package of the second application. The first application may access the permissions record to determine whether the second application has permission to access the data associated with the first application. The first application may provide the second application with access to the data associated with the first application based, at least in part, on the permissions record stored in the application package of the second application.