Abstract: A method for executing an operation by a circuit, may include executing a first operation to process an input data, the circuit generating during the execution of the first operation a first signal, and executing in the circuit a second operation receiving the input data and configured to add to the first signal, between first and second instants during the execution of the first operation, a continuous second signal. A combination of the first and second signal forming a resultant signal in which the second signal may be indistinctly measurable with the first signal from outside of the circuit. The second signal and the resultant signal varying as a function of the input data.

Abstract: Described herein are systems, methods, and software to enhance network traffic management for virtual machines. In one implementation, a network policy controller may maintain firewall rules at one or more hosts of a computing environment, wherein the firewall rules define network packet forwarding policies for application groups available to virtual machines in the environment. The network policy controller further identifies an application group for attachment to one or more virtual machines, and in response to the identification, adds the one or more virtual machines to a security group for a firewall wall rule corresponding to the application group.

Abstract: A building system including one or more memory devices configured to store instructions thereon, the instructions causing one or more processors to generate a space graph based on building data, wherein the space graph is a graph data structure comprising nodes representing entities, edges between the nodes representing relationships between the entities, receive new building data from one or more building data sources, generate, based on the new building data, a new relationship between a first entity of the entities and a second entity of the entities, and update the space graph with the new relationship by causing the space graph to store a new edge between a first node of the nodes representing the first entity and a second node of the nodes representing the second entity.

Abstract: Systems and methods for applying k-anonymity to data from a database are provided. An initial extraction of data from a database is performed. Initial anonymized data is produced based on the extracted data and a configuration of quasi-identifiers. An actual k-anonymity level is calculated based on the initial anonymized data. The actual k-anonymity level is compared to a desired k-anonymity level. The configuration of quasi-identifiers is adjusted based on the comparison. The calculating, comparing, and adjusting are iteratively repeated until the actual k-anonymity level equals the desired k-anonymity level or the adjusted configuration of quasi-identifiers has reached a limit. Final anonymized data is produced based on the adjusted configuration of quasi-identifiers. A subsequent extraction of data from the database is performed. Subsequent anonymized data is produced based on the extracted subsequent data and the adjusted configuration of quasi-identifiers.

Abstract: A trusted deployment and communications gateway for deployment, trusted execution, and secure communications system includes a trusted platform for deployment of trusted applications. The trusted platform may include a secure user profile comprising user data specifications that is stored in a secure storage location of the trusted platform, a kernel development engine configured to receive various application program instructions within a trusted environment, a testing and signing module configured to generate signed application program instructions in response to determining that the application program instructions do not violate one or more of the data specifications, a compiler configured to compile the signed application program instructions to generate a signed application kernel, and a kernel store configured to store the signed application kernels that are executable in the trusted platform.

Abstract: Methods, apparatuses, and computer readable media for location measurement reporting in a wireless network are disclosed. An apparatus of an initiator station (ISTA), where the apparatus comprises processing circuitry configured to decode a null data packet (NDP) announce (NDPA) frame from an initiator station (ISTA), the NDPA frame comprising a dialog token and an identification of a temporary key. The processing circuitry may be further configured to decode a first NDP from the ISTA, the NDP comprising first long training fields (LTFs), and wherein the NDP is received on a channel and encode a second NDP, the second NDP comprising second LTFs, wherein the second LTFs are determined based at least on the temporary key. The processing circuitry may be further configured to encode a location measurement report (LMR), the LMR comprising the dialog token and an indication of the temporary key.

Abstract: A building system for operating a building and managing building information, the building system comprising one or more memory devices configured to store instructions thereon. The instructions causing one or more processors to receive building data from one or more building data sources and generate a space graph based on the building data, wherein the space graph is a graph data structure comprising nodes representing entities and edges between the entities representing relationships between the entities. The instructions cause the one or more processors to ingest data values of the building data into the space graph, the data values associated with the entities, and perform one or more operations with the space graph based on both the relationships of the entities and the ingested data values.

Abstract: A method for providing user access to a network switch appliance, includes: receiving from a user a request to access configuration item for the network switch appliance, the network switch appliance configured to pass packets received from a network to network monitoring instruments; and determining, using a processing unit, whether to allow the user to access the configuration item for the network switch appliance based on information regarding the user.

Abstract: A building system including one or more memory devices configured to store instructions thereon, the instructions causing one or more processors to generate a space graph based on building data, generate a control algorithm based on the space graph and operate one or more pieces of building equipment based on the control algorithm, and receive new building data from one or more building data sources. The instructions cause the one or more processors to generate one or more new relationships between a first entity of entities and a second entity of the entities, update the space graph with the new relationship by causing the space graph to store a new edge between a first node of nodes representing the first entity and a second node of the nodes representing the second entity, and update the control algorithm based on the new edge of the updated space graph.

Abstract: A building system including one or more memory devices configured to store instructions thereon, the instructions causing one or more processors to generate a temporary relationship between a first entity and a second entity of a space graph, cause the space graph to include the temporary relationship, perform one or more control operations based on the space graph including the temporary edge, receive new building data from the one or more building data sources, determine whether to generate a permanent relationship to replace the temporary relationship based on the new building data, and update the space graph by causing the permanent relationship to replace the temporary relationship of the space graph in response to a determination to generate the permanent relationship to replace the temporary relationship by causing a permanent edge to replace the temporary edge.

Abstract: A building system including one or more memory devices configured to store instructions thereon, the instructions causing one or more processors to receive building data from one or more building data sources, identify, based on the building data, an indirect relationship between a first entity and a second entity of a space graph, the indirect relationship caused by a control algorithm of the space graph, update the space graph with the indirect relationship by causing the space graph to include an indirect relationship edge between a first node of nodes representing the first entity and a second node of the nodes representing the second entity, update the control algorithm of the space graph based on the indirect relationship edge, and operate one or more pieces of building equipment based on the updated control algorithm.

Abstract: A network security device mediates communications between a client computing device and a network. The network security device includes a memory storing packet header verification rules defining parameters for structure and content of packet headers. The network security device further includes a communications interface to connect to the client computing device and the network. The network security device further includes a processor interconnected with the memory and the communications interface. The processor is configured to: in response to receiving an incoming packet from the network for transmission to the client computing device, extract an incoming header from the incoming packet. The processor is further configured to perform a verification of structure and content of the incoming header according to the packet header verification rules.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.

Abstract: An IoT E2E Service Layer Security Management system supports methods and procedures to allow an application to establish, use, and teardown an IoT SL communication session that has application specified E2E security preferences and that targets one or more SL addressable targets (e.g., an IoT application, device, or gateway SL addressable resource). E2E SL Session based methods and procedures described herein achieve a required overall E2E security level, by allowing IoT SL instances to influence and coordinate hop security for a multi-hop communication path spanning across multiple intermediary nodes. The methods and procedures described herein reduce overhead, simplify and obviate the need for E2E service level nodes (initiation and termination nodes) from having to perform security service negotiation, in order to establish secure hop-by-hop security associations aligned with an E2E security requirement.

Abstract: A method for assessing a network environment includes obtaining, by the network assessment computing device, device information for one or more devices each with an Internet Protocol address currently on a defined network in a network environment from a network appliance device coupled to the network environment. Each of the identified devices are assessed, by the network assessment computing device, for one or more vulnerabilities. Network status data and any actionable items for the identified devices for the one or more vulnerabilities is generated, by the network assessment computing device, based on the assessing. The generated status data and any actionable items are provided by the network assessment computing device.

Abstract: A machine-implemented method of encoding/decoding data is described. The encoding method comprises steps of receiving a message of a given size, the message being represented by a series of units of data, configuring multiple encoding elements (50) in an arrangement having a given frame size, and encoding the message by passing each unit of data through the arrangement so that each unit is processed by at least one of the encoding elements. The frame size of the arrangement is the maximum number of units of data that can pass through the arrangement without any unit of data passing through the arrangement and being processed in the same way as another unit of data.

Abstract: A method and system for authorizing a subject user to perform an action within an electronic service, receiving, a request to access the electronic service, the request including an indication of the subject user, of an object, and of the action that the subject user is desirous of performing on the object within the electronic service, based on at least one of the indication of the subject user and the object, retrieving, by the server, a set of predetermined rules each predetermined rule having been coded and stored, by the server, as a respective bytecode portion, executing the set of predetermined rules, analyzing an outcome rendered by the execution of each rule of the set of predetermined rules, and responsive to the outcome being indicative of a positive result, authorizing the subject to perform the action on the object.

Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the e

Abstract: A security device for securing a peripheral link between a computing device and a peripheral comprising is interposed on the peripheral link, between said computing device and said peripheral. The security device queries an identifier of a peripheral, and imitating said peripheral to said computing device by way of a host port of said security device. Once interposed the security device intercepts data transferred between the computing device and the peripheral device; and obfuscates selected portions of said data intercepted by the security device. Obfuscation may be performed by transferring the data to a tokenizing server, and replacing the data with a corresponding token received from the tokenizing server. The data may be securely stored at the tokenizing server, for later retrieval using the token.

Abstract: Systems and methods for generating secure data for transport are presented. A data storage controller is electronically coupled with the data source. A first data storage device is electronically coupled with the data storage controller, the first data storage device configured to store encrypted data. A second data storage device is electronically coupled with the data storage controller, the second data storage device configured to store key data. A random bit size generator generates a random bit size corresponding with every write request of the data source of a size equal to the random bit size. A random key generator generates a random key equal to or greater in size than the random bit size. An encryption operator encrypts the data source of the size with the random key.