Abstract: A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

Abstract: A method for operating an electronic device, the method including spawning a name space tool (NST) as part of a boot process of a host OS, wherein the NST is a process with a plurality of root privileges of the host OS. The method further includes spawning, by the NST, a container for a guest OS, wherein the container for the guest OS is mapped to a dedicated domain in the host OS, and dropping, by the NST, a root privilege of the host OS in response to spawning the container for the guest OS.

Abstract: This disclosure relates to an electronic device including a memory and at least one processor coupled to the memory. The at least one processor is configured to execute a daemon process in one of a container or a host operating system, wherein the daemon process is configured to manage data transfer between the container and the host operating system, create, via the daemon process, an inter-process communication (IPC) channel between the container and the host operating system, receive incoming audio data, and buffer the incoming audio data to the IPC channel.

Abstract: A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state.

Abstract: A method is presented for analyzing an original software program as a potentially evasive malware. The method may comprise discovering at least one revealed instruction in the original software program, where the revealed instructions are not executed when the original software program is run without modification; modifying the original software program to create a modified program that will execute at least one revealed instruction when the modified program is run; and exploring the at least one revealed instruction by running the modified program.

Abstract: A hybrid static/dynamic binary rewrite method is presented, comprising: a one-time configuration step for instrumentation of an unmodified executable binary, invoking the executable binary by copying the unmodified executable binary into a system memory image and running the binary from the system memory image, and rewriting the system memory image by inserting at a safe location one or more new instructions in place of existing instructions, where the one or more new instructions transfer execution control to instrumentation instructions located elsewhere within the system memory image, and where the instrumentation instructions that were at least in part not contained in the unmodified executable binary.