Abstract: A data management server may receive data associated with a blockchain unit generated on a blockchain. The data received may include on-chain data and off-chain data. The data management server may create a data collection associated with the blockchain unit. The data collection may include the received data that is stored in one or more entries of transactions associated with the blockchain unit. One of the entries of transactions may include the on-chain data that is stored on the blockchain. The data management server may store, off-chain, the data collection associated with the blockchain unit. The data management server may generate an off-chain address for a user to retrieve the data collection. The off-chain address allows the user to review one of the entries of transactions off-chain.

Abstract: Systems and methods for automatically prioritizing computing resource configurations for remediation include receiving information describing configuration issues that may result in impaired system performance or unauthorized access, parsing that information and automatically analyzing configuration details of a user's private computing environment to determine that assets provide an environment in which configuration issues may be exploited to produce undesired results. Such systems and methods can generate assessments indicating the likelihood an issue can be exploited and potential impacts of the issue being exploited. Such systems and methods can use these assessments to generate a report prioritizing remediation of specific configuration issues for specific vulnerable assets based on the actual configuration of the user's computing resources and the data managed using those resources.

Abstract: An automated security assessment service of a service provider network may identify, and notify a customer of, misconfigured VM instances that can be access (e.g., via the Internet). A scanner tool may call an automated reasoning service to identify any VM instances of a customer that can be accessed, and may receive information from the automated reasoning service that is usable to exchange packets with those identified instances. The scanner tool can use the information to send requests to the identified instances. After receiving responses from the identified instances, the scanner tool can store, in storage of a network-based storage service, and in association with a customer account of the customer, encrypted data about the results of the scan (e.g., any VM instances that are vulnerable to attackers), and this encrypted data is thereby accessible to the customer with proper decrypt permissions.

Abstract: Systems and methods are disclosed to implement an application that can automatically download new digital certificates to verify signed code updates received by the application. In embodiments, under normal circumstances, the application uses a pinned certificate in the application's executable code to verify received updates signed using the certificate. However, if the code signing certificate changes, the application will automatically retrieve the new certificate from a certificate publishing service. Accordingly, the new certificate does not have to be included as part of the code update package, and the retrieval of the new certificate can be managed more robustly by the application updater. In embodiments, downloads from the certificate publishing service may be secured using a nonce and a shared secret that is known to the service and also pinned to the application. In this way, the download process can be protected from hijacking attacks.

Abstract: A system for context-aware application group management in a container deployment environment is presented. The system includes a memory storing one or more processor-executable routines and a processor. The processor is configured to execute the one or more processor-executable routines to receive an instance identifier (ID) corresponding to an application group based on a re-registration request for the application group by the user; identify an instance corresponding to the instance ID from an instance database and a context based on the instance from a context database; generate a re-registration token comprising a context ID corresponding to the context, and initiate a re-registration workflow to create a new instance of the application group based on the re-registration token and the context ID. A related method is also presented.

Abstract: A system for automatically identifying an application group in a container deployment environment is presented. The system includes a reference detection module configured to detect and store one or more reference paths corresponding to each resource type of a plurality of resources in the container deployment environment. The system further includes a resource classification module configured to assign a resource class to each resource type of the plurality of resources. The system moreover includes a resource grouping module configured to group the plurality of resources into one or more resource groups, for each namespace, based on the corresponding resource type, resource class, and one or more reference paths. The system furthermore includes an application group definition module configured to generate an application group definition based on the one or more resource groups. A related method is also presented.

Abstract: A system to optimize scheduling of a data backup and/or restore of a backup data in a data backup/restore environment is presented. The system includes a training module configured to train an artificial intelligence (AI) model based on historical data corresponding to data backup and/or restore of one or more training datasets. The system further includes a time estimator configured to estimate an estimated time taken for the data backup and/or restore of the backup data to a data backup server or a restore location based on the trained AI model and operating data corresponding to operating states of one or more resources in the data backup/restore environment. A related method is also presented.

Abstract: A system for dynamic resource allocation during a data backup and/or restore of a backup data is presented. The system includes a resource allocation map generator configured to generate a resource allocation map for the current data backup and/or restore based on a mathematical model, real-time operating data corresponding to operating states of one or more resources, and historical data corresponding to data back-up and restore of one or more historical datasets. The system further includes a resource allocation recommender configured to generate a recommendation for resource allocation for the current data backup and/or restore based on the resource allocation map and a threshold value corresponding to a particular resource. The system moreover includes a resource allocator configured to dynamically initiate a change in resource allocation based on the generated recommendation. A related method is also presented.

Abstract: A system for identifying a plurality of resources that define an application in a container deployment environment is presented. The system includes a reference detection module configured to detect and store one or more reference paths corresponding to each resource type. The system includes a resource identification module configured to receive at least one information corresponding to an application definition from a user and identify each resource corresponding to at least one information. The system includes an application definition module configured to (a) scan one or more references at a reference path of each identified resource to identify one or more additional referenced resources; (b) repeat step (a) for the one or more additional referenced resources until all the resources of the plurality of resources that define the application are identified; and (c) generate an application definition based on all the resources identified. A related method is also presented.

Abstract: A system for secure recovery of an application group in a container deployment environment is presented. The system includes a backup controller configured to access an application group token and generate a corresponding backup token. The system further includes a backup module configured to initiate a backup based on the backup token and create a corresponding recovery point on a backup server. The system further includes a recovery access token module configured to access a recovery access token for a determined recovery point. The system further includes a recovery controller configured to generate a recovery token corresponding to the determined recovery point based on the recovery access token, and a recovery module configured to initiate a recovery of the application group from the backup server in a destination cluster based on the recovery token. A related method is also presented.

Abstract: A system for reference-aware application recreation in a container deployment environment is presented. The system includes a reference detection module configured to detect and store one or more reference paths corresponding to each resource type of a plurality of resources in the container deployment environment; a resource ordering module configured to generate a recreation sequence by ordering the plurality of resources based on corresponding references at the reference paths, such that a referenced resource is recreated before the referring resource; and an application recreation module configured to recreate an application based on the recreation sequence. A related method is also presented.

Abstract: Systems and methods for automatically prioritizing computing resource configurations for remediation include receiving information describing configuration issues that may result in impaired system performance or unauthorized access, parsing that information and automatically analyzing configuration details of a user's private computing environment to determine that assets provide an environment in which configuration issues may be exploited to produce undesired results. Such systems and methods can generate assessments indicating the likelihood an issue can be exploited and potential impacts of the issue being exploited. Such systems and methods can use these assessments to generate a report prioritizing remediation of specific configuration issues for specific vulnerable assets based on the actual configuration of the user's computing resources and the data managed using those resources.

Abstract: Disclosed are various embodiments for identifying devices that are part of a network. Devices are modeled based on physical characteristics. Devices are classified or device communications can be verified.

Abstract: A genomic data processing system can be configured to process next-generation sequencing information. The genomic data processing system described herein can accurately detect mutations in nucleic acid (e.g., cell free DNA (cfDNA) sequence reads associated with plasma nucleic acid samples. The genomic data processing system of the present disclosure also detects microsatellite instability in nucleic acid sequence reads with a higher degree of sensitivity compared to existing genomic data processing systems.

Abstract: Disclosed are various embodiments for identifying devices that are part of a network. Devices are modeled based on physical characteristics. Devices are classified or device communications can be verified.

Abstract: Customers of a computing resource service provider may operate one or more computing resource provided by the computing resource service provider. In addition, the customers may execute agent using the one or more computing resources provided by the computing resource service provider. Operational information from customer-operated computing resources may be obtained by the agents and evaluated for security threats. The operational information may be evaluated based at least in part on a set of security rules. The security rules may be generated at least in part on customer input to generate customer defined security rules.

Abstract: Disclosed are various embodiment's for fingerprinting devices that are part of a network. A network monitoring device monitors traffic between devices in the network. A fingerprint is generated based upon response times of the devices in the network. Embodiment's of the present disclosure provide for device fingerprinting in cyber-physical system, such as a control system environment. Embodiment's of the present disclosure can be used in conjunction with traditional intrusion detection system (IDS) in a control systems environment. Embodiment's of the present disclosure can be used to achieve device fingerprinting from software, hardware, and physics-based perspectives. Embodiment's of the present disclosure can prevent security compromises by accurately fingerprinting devices in a control system environment, and other networked environments, as may be appreciated. Embodiment's of the present disclosure can generate fingerprints of a device which reflects identifiable characteristics of a device, such as, e.