Abstract: An apparatus and method to implement shared virtual memory in a trust zone.

Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.

Abstract: A method for generating a secure single-tap authentication user interface includes obtaining a screenshot of content from an application operating in an execution environment outside of a trusted execution environment, generating graphical elements of a single-tap authentication user interface, and generating a progress switching layer. Additionally, the method includes responsive to an authentication request, generating a composited display, the composited display comprising the screenshot of content from the application, the graphical elements of the single-tap authentication user interface, and the progress switching layer, passing the composited display from outside the trusted execution environment to the trusted execution environment and displaying, by the trusted execution environment, the composited display as part of a trusted user interface (TUI).

Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.

Abstract: A computer-implemented method, a device, and a non-transitory computer-readable storage medium of automatically determining an interactive GUI element in a graphic user interface (GUI) to be interacted. The method includes: detecting, by the processor, one or more candidate interactive GUI elements in the GUI based on a plurality of algorithms; determining, by the processor, a likelihood indicator for each of the one or more candidate interactive GUI elements, a likelihood indicator indicating the likelihood that a candidate interactive GUI element associated with the likelihood indicator is an interactive GUI element to be interacted; and determining, by the processor, an interactive GUI element to be interacted from the one or more candidate interactive GUI elements based on the likelihood indicators.

Abstract: A system for monitoring file integrity in a host computing device having a process and a storage device storing computer executable code. The computer executable code is configured to: provide containers, an agent external to the containers, and a policy file configuring policy for the containers; intercept a system call indicating mounting, and construct a first correspondence between a container file path and a host file path having mounting correspondence; intercept a system call of the container indicating opening of the policy file, and construct a second correspondence between the container file path and the violation of the container file path; aggregate the first and second correspondences to obtain a correspondence between the host file path and the violation; and monitor file integrity of the container by detecting violation of the host file path.

Abstract: A method for generating a secure single-tap authentication user interface includes obtaining a screenshot of content from an application operating in an execution environment outside of a trusted execution environment, generating graphical elements of a single-tap authentication user interface, and generating a progress switching layer. Additionally, the method includes responsive to an authentication request, generating a composited display, the composited display comprising the screenshot of content from the application, the graphical elements of the single-tap authentication user interface, and the progress switching layer, passing the composited display from outside the trusted execution environment to the trusted execution environment and displaying, by the trusted execution environment, the composited display as part of a trusted user interface (TUI).