Abstract: Particular embodiments described herein provide for an electronic device that can be configured to establish a connection with a router, obtain identification for the router, communicate the identification of the router to a network element, receive a hash of at least a portion of a certificate for the router, and disconnect the connection and establish a new connection with the router, where the hash is used to authenticate network services received from the router during the new connection. In an example, the hash is part of a subject public key infrastructure (SPKI) pin set.

Abstract: A router includes a processor-readable medium including code representing instructions to cause a processor to perform operations. The operations include routing received information communicated from a first network to a component associated with a service within a second network, responsive to a determination that the received information is to be handled by a service that exists within the second network. The operations also include routing the received information to a predetermined component, responsive to a determination that the received information is to be handled by a service that does not exist within the second network.

Abstract: Methods, apparatus, systems and articles of manufacture to perform backup and recovery of data files using hard links are disclosed. Example methods disclosed herein include determining whether a first operation to be performed on a target file by a thread of a process is a file deletion operation, wherein the target file is referenced by a first hard link. Disclosed example methods also include creating, in response to the first operation being a file deletion operation, a second hard link to the target file, where the creation of the target hard link occurs while the thread of the process performing the deletion is blocked. Disclosed example methods further include returning control to the thread of the process performing the deletion after the second hard link is created to enable the operation to be performed on the target file.

Abstract: Systems and methods for utilizing statistical relational learning techniques in order to predict factors for nodes of a node graph, such as a node graph that represents attacks and incidents to a computing system, are described. In some embodiments, the systems and methods identify certain nodes (of a node graph) as representing malicious attributes of an email or other threat artifact received by a computing system or network and utilize relational learning to predict the maliciousness of attributes represented by other nodes (of the node graph).

Abstract: Device users today are increasingly using multiple smart connected devices simultaneously in order to manage their online lives and increase their productivity. This makes it difficult for users to accurately gauge or feel confident about their overall online security and privacy levels, and it also increases potential attack avenues for malicious actors. Interconnections and relationships between such smart connected devices may also further increase and complicate the security implications of the user's multi-device connected world. The systems and methods disclosed herein provide a single reference point to users that allows them to evaluate the security and privacy aspects of their various online activities and multi-device ecosystem via a single Security and Privacy Score (SPS) value.

Abstract: A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed.

Abstract: A network security platform (NSP) device and interaction method are disclosed. The interaction method provides network packet analysis for secure transmission protocols using ephemeral keys or keys that are negotiated dynamically. The NSP may be part of an Intrusion Protection System, or firewall. The disclosed approach does not use man-in-the-middle proxy. Instead, it includes monitoring connections ends: client and/or server, to intercept the required data or negotiated (or changed) encryption keys. Decrypted data may be sent to an NSP sensor in a secure manner for analysis. Alternatively, intercepted keys used for the encrypt/decrypt operations may be sent to an NSP sensor in a secure manner every time they are changed. The NSP sensor may then use the obtained keys to decrypt traffic prior to providing it to the inspection engines. Embodiments focused on inbound traffic to a web server may coordinate between a web server and an NSP.

Abstract: A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.

Abstract: Methods, systems, and media for storing and retrieving data from distributed vaults are provided. In some embodiments, a method for storing and retrieving data from distributed vaults is provided, the method comprising: generating, by a first user device, a plurality of pieces of a data item, wherein a count N of the plurality of pieces equals a count of vault devices in a group of vault devices, wherein the data item can be reconstructed from a subset of the plurality of pieces, and wherein the data item corresponds to a key to access secure content; for each piece of the data item, transmitting the piece of the data item to a unique vault device; requesting, by a second user device, the subset of the plurality of pieces; generating the data item using the subset of the plurality of pieces; and using the data item to access the secure content.

Abstract: Embodiments of the present disclosure are directed to updating categorization of online content. An analytics engine implemented at least partially in hardware can receive an engagement indicator across a network interface; identify a type of the engagement indicator, the type of the engagement indicator comprising one of a positive engagement indicator or a negative engagement indicator; and update the reputation data stored in memory based on the type of the engagement indicator. A safe harbor time window is described during with user activity with online content is not reported to system administrators.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to analyze data related to a digital certificate and assign a reputation to the digital certificate, where the reputation includes an indication if the data is proper. The analysis of the data can include determining if code signing for the digital certificate matches binary code for the digital certificate, if the digital certificate has been grafted to the data by modifying a portable executable file header, or the digital certificate is the same as another trusted digital certificate associated with different data.

Abstract: In an example, there is disclosed a computing apparatus, having a computing resource; a bespoke sensor for measuring at least one parameter of usage of the computing resource; and one or more logic elements providing a trusted compute meter (TCM) agent to: receive an external workload; provision a workload enclave; execute the external workload within the TCM enclave; and measure resource usage of the external workload via the bespoke sensor. There is also disclosed a computer-readable medium having stored thereon executable instructions for providing a TCM agent, and a method of providing a TCM agent.

Abstract: A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain.

Abstract: In an example, there is disclosed a monolithic reputation update on a data exchange layer (DXL). According to one embodiment, designating a set of objects as good or bad can be achieved via a single administrative action by leveraging persistent client initiated connections to the DXL framework. This may enable communication of the reputation updates across a heterogeneous infrastructure, including systems potentially unreachable by the server, such as those behind a firewall or NAT.

Abstract: A system, method, and computer program product are provided for identifying a file utilized to automatically launch content as unwanted. In one embodiment, a file is identified in response to a detection of unwanted code, the file utilized to automatically launch content. Additionally, it is determined whether an identifier associated with the unwanted code is included in the file. Further, the file is identified as unwanted based on the determination.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A method for proactively detecting shared libraries suspected of association with malware includes the steps of determining one or more shared libraries loaded on an electronic device, determining that one or more of the shared libraries include suspicious shared libraries by determining that the shared library is associated with indications that the shared library may have been maliciously injected, loaded, and/or operating on the electronic device, and identifying the suspicious shared libraries to a reputation server.

Abstract: There is disclosed in one example a sentinel device, including: a hardware platform including at least a processor and configured to provide a trusted execution environment (TEE); and a security engine operable to instruct the hardware platform to: determine that an internet of things (IoT) device in a first realm R1 requires a secure communication channel with a second device in a second realm R2; query a key server for a service appliance key for the secure communication channel; establish a secure communication channel with the endpoint device using the service appliance key and the TEE; and provide a security service function within R1 including brokering communication via the secure communication channel between the IoT device and the second device.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive registration data for a local network device, receive registration data for an electronic device, receive a request to pair the local network device and the electronic device, where the request to pair the devices includes a pairing code, and allow the pairing if the registration data for the local network device, the registration data for the electronic device, and the pairing code satisfies predetermined conditions. In an example, the pairing code was to the local network device and the electronic device requested and received the pairing code from the local network device.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to capture an image on a display, where the image includes at least one user interface element and is part of an application, create a screen signature of the image, determine an exploration strategy for the image based on the screen signature, and perform the exploration strategy on the image. The image can be abstracted to create the screen signature and the exploration strategy includes interacting with each of the at least one user interface elements.