Abstract: The disclosed computer-implemented method for generating device-specific security policies for applications may include (1) installing, onto a computing device, an application requested by the computing device, (2) while the application is running on the computing device, monitoring interactions between the application and a computing environment in which the computing device operates to identify (A) computing resources within the computing environment required by the application and (B) potential security concerns related to the application within the computing environment, and then (3) generating, based on the monitored interactions, a set of device-specific security policies to enforce for the application while the application runs on the computing device that allow the application to access the required computing resources while mitigating the potential security concerns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to protecting computer systems from installation of rogue shared libraries when executable files are launched. An example method generally includes detecting that a downloaded file has been written to an insecure location on the computing device. A computing device determines that the downloaded file includes at least a first executable component and, upon determining that the downloaded file includes executable components, generates a copy of the executable component in a protected repository on the computing device. The computing device overwrites the contents of the executable component with at least instructions to launch the copy of the downloaded file from the protected repository.

Abstract: Systems and methods of administering computer activities based upon user emotional intelligence are provided. One method may include receiving a user request for a computer activity and sensing emotional context data associated with the user, such as voice stress analysis of use a communication, eye motion, pupil dilation, mood and stress changes, sporadic user movement, and video contexts indicating micro-expressions (i.e. anxiety, anger, amusement, and the like). The method may further include retrieving a policy associated with the requested computer activity and applying the sensed emotional context data to the policy. In response to policy permission, the system may enable full or restricted access to the requested computer activity based upon the sensed emotional context. In the alternative, in response to policy violation, the system may deny access to the computer activity. The system may solicit feedback such that parental or third party controls may be established using emotional intelligence.

Abstract: Verifying that influence of a user data point has been removed from a machine learning classifier. In some embodiments, a method may include training a machine learning classifier using a training set of data points that includes a user data point, calculating a first loss of the machine learning classifier, updating the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point, calculating a second loss of the machine learning classifier, calculating an expected difference in loss of the machine learning classifier, and verifying that the influence of the user data point has been removed from the machine learning classifier by determining that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

Abstract: Techniques of obfuscation for enterprise data center services are disclosed. In one embodiment, the techniques may be realized as a system for obfuscation comprising one or more processors. The one or more processors may be configured to receive a command from at least one of a user and an application and determine whether the command is authorized. If the command is determined to be unauthorized, the one or more processors may be further configured to generate a rewritten output of the command that is different from an original output of the command and return the rewritten output in response to the command.

Abstract: The disclosed computer-implemented method for determining whether malicious files are targeted may include (i) applying, to a malware detection structure, a plurality of sample data points, each sample data point corresponding to at least one of a malicious file known to be targeted and a malicious file known to be non-targeted, (ii) identifying one or more boundaries of the sample data points within the malware detection structure, (iii) determining, after identifying the sample boundaries, that a new data point falls outside of the boundaries, and (iv) classifying a malicious file associated with the new data point as non-targeted in response to determining that the new data point falls outside of the sample boundaries. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A first mobile device securely transmits selected verified attributes concerning the corresponding user to a second mobile device. The first device broadcasts verified, signed biometric information concerning its user, and the user's public key. The second device confirms the received broadcasted biometric information, based on sensor input. For example, sensors on the second device generate images of the first user, who is physically proximate, and information gleaned from the images is compared to broadcasted biometric information. In response to confirming the broadcasted biometric information, the second device transmits a request to establish a secure channel, and both devices generate a session key. The first device selects specific verified attributes to provide to the second device, based on context, policy and/or user directive. The first device then encrypts the attributes using the session key, and transmits them to the second device. The second device receives and decrypts the attributes.

Abstract: Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and cause the second network communication to be sent.

Abstract: A computer-implemented method for determining security reputations of wireless network access points may include (1) receiving a unique identifier for a wireless network access point to which a mobile device has connected and security information that identifies the security posture of the mobile device after connecting to the wireless network access point, (2) adding the unique identifier and the security information to a security database, (3) correlating the security information with an additional set of security information that identifies the security posture of an additional mobile device after connecting to the wireless network access point, (4) assigning a security reputation to the wireless network access point, and (5) enabling a requesting mobile device to determine whether to connect to the wireless network access point by providing the security reputation of the wireless network access point to the requesting mobile device.

Abstract: The disclosed computer-implemented method for detecting malicious processes that encrypt files may include (i) identifying a backup file created by a backup process on the computing device, (ii) detecting an attempt to alter the backup file by a process that is not the backup process, (iii) determining, based at least in part on the attempt to alter the backup file being made by the process that is not the backup process, that the process is a malicious process designed to encrypt files on the computing device so that a legitimate owner of the files cannot access the files, and (iv) performing a security action in response to determining that the process is malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are described for network security. One method includes identifying a network-access boundary associated with a network for a location, generating a credential for the network based at least in part on the identified network-access boundary, receiving a request from a user equipment (UE) to access the network associated with the location, and transmitting the credential associated with the network based at least in part on the network-access boundary.

Abstract: The disclosed computer-implemented method for dynamically customizing software programs may include (i) receiving, from a client device, a request for a software program with client-specific customization requirements and (ii) providing, to the client device, a digitally signed download manager for downloading a client-specific version of the software program that satisfies the client-specific customization requirements, where the digitally signed download manager provides the client-specific version of the software program to the client device by (a) downloading, from the backend computing system, both the software program and client-specific data that satisfies the client-specific customization requirements and (b) customizing, using the client-specific data, the software program in a manner that satisfies the client-specific customization requirements. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for efficiently establishing patterns of behavior for location-aware monitoring applications. An administrator registers a trackable entity with a tracking service by providing identification of at least the trackable entity, a point of origin and a destination. To identify and select paths between the point of origin and the destination, the tracking service accesses crowdsourced information corresponding to the history of movements of trackable entities between the point of origin and the destination. The tracking service identifies intermediate locales along the selected paths and determines an expected duration of stay for each of the intermediate locales based on the history of movements.

Abstract: Techniques disclosed herein provide a geolocation-based two-factor authentication process. An authentication service receives a first authentication factor associated with an account. Upon validating the first authentication factor, the authentication service requests a second authentication factor from an application executing on a mobile device associated with the account. The second authentication factor identifies at least a location of the mobile device. The authentication service determines a location of the client device. Upon determining that the locations of the mobile device and of the client device are within a specified proximity of one another, the authentication service grants access to the account.

Abstract: The disclosed computer-implemented method for automated whitelisting of files may include (1) obtaining telemetry information that identifies files located on a set of computing systems, (2) establishing a whitelist of files for the set of computing systems by, for each file identified by the telemetry information, (A) calculating an amount by which a cost for using the whitelist will increase if the file is included in the whitelist, (B) calculating an amount by which whitelist coverage of files in the set of computing devices will increase if the file is included in the whitelist, (C) determining whether to include the file in the whitelist by balancing the increase in the cost against the increase in whitelist coverage, and (3) using the whitelist to protect the set of computing systems from undesirable files. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed method for creating credential vaults that use multi-factor authentication to automatically authenticate users to online services may include (1) detecting a user account for an online service that uses multi-factor authentication comprising a token that generates a cryptographic authentication code, (2) creating a virtual representation of the token that is capable of generating the cryptographic authentication code, (3) storing the virtual representation of the token and a set of credentials for the user account in a credential vault for a user, (4) sending a message to the online service that associates the virtual representation of the token with the user account, (5) authenticating the user to the credential vault, and (6) automating the multi-factor authentication process for the online service by providing the cryptographic authentication code and the set of credentials to the online service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for detecting malicious files are disclosed. In one embodiment, the techniques may be realized as a system for detecting malicious files comprising one or more computer processors. The one or more computer processors may be configured to collect at least one of a file or an attribute of the file. The one or more computer processors may further be configured to determine if the file is malicious. The one or more computer processors may further be configured to identify, if the file is determined to be malicious, a Uniform Resource Locator (URL) and a time frame associated with the file. The one or more computer processors may further be configured to detect a threat based on the URL and the time frame.

Abstract: The disclosed computer-implemented method for detecting obscure cyclic application-layer message sequences in transport-layer message sequences may include (i) collecting a composite sequence of transport-layer messages that are exchanged between a first computing device and a second computing device over a single long-standing transport-layer connection, (ii) constructing a sequence graph from the composite sequence, (iii) traversing the sequence graph to discover a first obscure cyclic sequence of application-layer messages in the composite sequence, and (iv) performing a security action using a representation of the first obscure cyclic sequence. In some examples, the composite sequence may include the first obscure cyclic sequence and a second obscure cyclic sequence of application-layer messages that were exchanged by the first computing device and the second computing device, and each message in the composite sequence may include a distinguishing feature.

Abstract: The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for reducing network traffic by using delta transfers may include (1) receiving, from a client device, an original request message that requests at least one action from a server, (2) storing the original request message to serve as a foundation for a delta transfer that includes the original request message and at least one subsequent request message that builds upon the original request message, (3) receiving, from the client device, a subsequent request message that excludes at least a portion of the original request message to reduce redundancy between the original request message and the subsequent request message, and (4) applying the subsequent request message to the original request message to achieve the delta transfer while reducing the redundancy between the original request message and the subsequent request message. Various other methods, systems, and computer-readable media are also disclosed.