Abstract: Embodiments described herein provide a system for facilitating dynamic content distribution in an enterprise environment. During operation, the system determines a set of logical groups based on a set of grouping criteria. A respective logical group can include one or more devices managed by a controller and a network that provides connections among the one or more devices. The system categorizes the set of logical groups based on exogenous information associated with a respective logical group and determines a corresponding condition of measurement for a respective category of links in the enterprise environment. The system then schedules a link for measurement based on the condition of measurement and the categorization of the set of logical groups.

Abstract: A system is provided for determining vulnerability metrics for graph-based configuration security. During operation, the system generates a multi-layer graph for a system with a plurality of interconnected components. The system determines, based on the multi-layer subgraph, a model for a multi-step attack on the system by: calculating, based on a first set of variables and a first set of tunable parameters, a likelihood of exploiting a vulnerability in the system; and calculating, based on a second set of variables and a second set of tunable parameters, an exposure factor indicating an impact of exploiting a vulnerability on the utility of an associated component. The system determines, based on the model, a set of attack paths that can be used in the multi-step attack and recommends a configuration change in the system, thereby facilitating optimization of system security to mitigate attacks on the system while preserving system functionality.

Abstract: Embodiments provide a system and method for modeling a shared resource in a multi-layer reasoning graph based on configuration security. During operation, the system can obtain a multi-layer graph for a system with a plurality of components that can include a set of subgroups of components. The system can generate, based on the multi-layer graph, an abstract component to represent a shared resource model for a respective subgroup of components. The shared resource model can be associated with a set of resource constraints. The system can generate a set of values for resource configuration parameters that satisfy the resource constraints. The system can map the shared resource model to a respective component and can then determine, based on the mapping and the set of values for the resource configuration parameters, a set of values for the component configuration parameters thereby facilitating optimization of a security objective function.

Abstract: A system determines an on/off feature and vulnerability and dependency nodes in a graph which represents a system of components. The feature enables vulnerability nodes based on a probability that a vulnerability will be exploited, and a vulnerability degrades a utility of one or more components based on an exposure factor. The system calculates, for a path in the graph to a component, a loss of utility of a given dimension of multiple dimensions based on a combiner operator and a logic operator. The combiner operator takes inputs which represent a weighted probability that the given dimension is degraded, and the logic operator defines the inputs based on a probability and exposure factor. The system aggregates calculated losses of utility across the multiple dimensions for the system components. The system selects a combination of possible on/off feature values which results in a lowest loss of utility for the components.

Abstract: A system determines, in a graph which represents a system of components: vulnerability nodes representing known vulnerabilities to the system, including exposed and non-exposed vulnerability nodes associated with an exploitation likelihood; and dependency nodes representing components in the system, including direct and indirect dependency nodes associated with an exposure factor indicating an amount of degradation based on exploitation of an associated vulnerability. The system calculates, across all non-exposed vulnerability nodes and all direct dependency nodes, a score which indicates an attack volume based on at least: a respective second likelihood associated with a non-exposed vulnerability node; an exposure factor associated with a dependency node which represents a component directly degraded based on exploitation of a vulnerability; and a loss of utility of the component.

Abstract: Embodiments provide a system and method for extracting configuration-related information for reasoning about the security and functionality of a composed system. During operation, the system determines, by a computing device, information sources associated with hardware and software components of a system, wherein the information sources include at least specification sheets, standard operating procedures, user manuals, and vulnerability databases. The system selects a set of categories of vulnerabilities in a vulnerability database, and ingests the information sources to obtain data in a normalized format. The system extracts, from the ingested information sources, configuration information, vulnerability information, dependency information, and functionality requirements to create a model for the system.

Abstract: Embodiments described herein provide a round-trip engineering system. During operation, the system can maintain an intermediate system representation (ISR) for a set of artifacts of a piece of software. The set of artifacts can include a piece of code and a development model. The ISR can remain persistent upon synchronization of the set of artifacts. The system can incorporate, in a respective component of the ISR, a reference to a code block in the piece of code and a corresponding element in the development model. If the system determines a first update in a first segment of a first artifact of the set of artifacts, the system can identify a second segment in a second artifact from the set of artifacts based on a corresponding component in the ISR. The system can then propagate a second update to the second segment to reflect the first update in the first segment.

Abstract: A system and method are provided to facilitate securing windows discretionary access control. During operation, the system determines a Windows domain model including: user-specified desired effective permissions as capability assignments of principals on resources, wherein a respective capability assignment comprises a permission of a respective principal to a respective resource and wherein a respective principal comprises a user or a group of users; and user-specified policies and rules for relationships between principals, groups, and resources. The system creates a domain graph and an access control graph based on the Windows domain model. The domain graph maps paths between nodes representing users, groups, and resources based on the policies and rules. The access control graph allows for calculation of actual permissions of principals on resources based on the desired effective permissions.

Abstract: A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.

Abstract: A system is provided for determining vulnerability metrics for graph-based configuration security. During operation, the system generates a multi-layer graph for a system with a plurality of interconnected components. The system determines, based on the multi-layer subgraph, a model for a multi-step attack on the system by: calculating, based on a first set of variables and a first set of tunable parameters, a likelihood of exploiting a vulnerability in the system; and calculating, based on a second set of variables and a second set of tunable parameters, an exposure factor indicating an impact of exploiting a vulnerability on the utility of an associated component. The system determines, based on the model, a set of attack paths that can be used in the multi-step attack and recommends a configuration change in the system, thereby facilitating optimization of system security to mitigate attacks on the system while preserving system functionality.

Abstract: Embodiments provide a system and method for modeling a shared resource in a multi-layer reasoning graph based on configuration security. During operation, the system can obtain a multi-layer graph for a system with a plurality of components that can include a set of subgroups of components. The system can generate, based on the multi-layer graph, an abstract component to represent a shared resource model for a respective subgroup of components. The shared resource model can be associated with a set of resource constraints. The system can generate a set of values for resource configuration parameters that satisfy the resource constraints. The system can map the shared resource model to a respective component and can then determine, based on the mapping and the set of values for the resource configuration parameters, a set of values for the component configuration parameters thereby facilitating optimization of a security objective function.

Abstract: Embodiments described herein provide a round-trip engineering system. During operation, the system can maintain an intermediate system representation (ISR) for a set of artifacts of a piece of software. The set of artifacts can include a piece of code and a development model. The ISR can remain persistent upon synchronization of the set of artifacts. The system can incorporate, in a respective component of the ISR, a reference to a code block in the piece of code and a corresponding element in the development model. If the system determines a first update in a first segment of a first artifact of the set of artifacts, the system can identify a second segment in a second artifact from the set of artifacts based on a corresponding component in the ISR. The system can then propagate a second update to the second segment to reflect the first update in the first segment.

Abstract: A certified application is installed onto a content creation device and a mobile certified application is installed onto a mobile device, the applications establish first and second trust relationships with the cloud service. The certified application and mobile certified application establish the third trust relationship via a proximity network. The mobile certified application generates a first ephemeral key pair having a private part. The certified application generates a second ephemeral key pair having a private part. The mobile certified application requests a service from the content creation device involving the transfer of data between the content creation device and the cloud service. The data is protected by at least one of the first and second ephemeral key pairs in response to invocation of the service. The service results in the data being stored at the cloud service and/or rendered at the content creation device.

Abstract: One embodiment provides a system for facilitating device discovery. During operation, the system detects, by a computing device, a first message which is broadcast from a source device based on a network communication protocol. The system determines a classification which is a type for the source device based on a MAC address of the source device extracted from the first message. The system generates a second message which indicates the MAC address, an IP address of the source device obtained based on the first message, and the classification. The system sends the second message to a device management system, which causes the device management system to add the source device as a managed device. The system enhances device discovery by eliminating a direct scan of all devices on a sub-network by the device management system for devices of a same type as the type for the source device.

Abstract: Embodiments described herein provide a system for facilitating hierarchical geographic naming. During operation, the system receives a service request comprising location information associated with a requesting device and determines a hierarchical name corresponding to the location information. The hierarchical name can include a plurality of name segments. A respective name segment of the plurality of name segments can correspond to a recursively subdivided grid of geographic grid referencing. The system then performs a recursive search using the hierarchical name for a service requested by the service request.

Abstract: One embodiment provides a system that facilitates a flexible strategy for matching content objects and interests. During operation, the system receives, by a computing device, an interest which includes a set of attributes, wherein a respective attribute has one or more values. In response to not obtaining a matching entry for the interest in a pending interest table, the system adds to the pending interest table a first entry which indicates the interest based on the attributes and their values. The system determines whether a received content object satisfies the interest indicated in the first entry based on the attributes of the first entry and attributes of the content object. In response to determining that the content object satisfies the interest, the system forwards the content object, thereby facilitating a flexible strategy for matching content objects to interests.

Abstract: Embodiments described herein provide a system for facilitating a printer recommendation in an enterprise environment. During operation, the system receives, from a user device in the enterprise environment, a print task for a file. The system then determines a list of printers accessible from the enterprise environment based on metadata associated with the file from a printer database. The printer database stores information associated with a respective printer accessible from the enterprise environment. A respective printer in the list of printers can be available and feasible for the print task. The system then ranks the list of printers with respect to an objective of the print task and presents the ranked list as a printer recommendation for the print task in a user interface to the user.

Abstract: Embodiments provide a system and method for extracting configuration-related information for reasoning about the security and functionality of a composed system. During operation, the system determines, by a computing device, information sources associated with hardware and software components of a system, wherein the information sources include at least specification sheets, standard operating procedures, user manuals, and vulnerability databases. The system selects a set of categories of vulnerabilities in a vulnerability database, and ingests the information sources to obtain data in a normalized format. The system extracts, from the ingested information sources, configuration information, vulnerability information, dependency information, and functionality requirements to create a model for the system.

Abstract: A first bus interface is coupled to communicate with a first controller area network (CAN) bus. A second bus interface is coupled to communicate with a node device, the node device configured to communicate with a second CAN bus. A logic circuit is coupled between the first and second bus interfaces and is operable to monitor communications by the node device via the second bus interface. If the logic circuit determines that the node device is transmitting a message that is not allowed for the node device, it prevents the message from being transmitted onto the first CAN bus in response thereto.

Abstract: Embodiments described herein provide a system. The system stores, in a storage device, a first and a second data structures. The first data structure maps a logical Internet Protocol (IP) address of a device to a site IP address of the device at a customer site. The second data structure maps the logical IP address to a message queue (MQ) name identifying a queue, which is associated with the customer site and facilitated by a message queuing service. During operation, the system identifies a command packet for the device. The destination address of the command packet can be the logical IP address. The system then replaces, in the command packet, the logical IP address with the site IP address based on the first data structure to generate a modified packet and forwards an MQ message comprising the modified packet to the queue using the message queuing service.