Abstract: Provided are a computer program product, system, and method for determining a frequency at which to execute trap code in an execution path of a process executing a program to generate a trap address range to detect potential malicious code. Trap code is executed in response to processing a specified type of command in application code to allocate a trap address range used to detect potentially malicious code. A determination is whether to modify a frequency of executing the trap code in response to processing a specified type of command. The frequency of executing the trap code is modified in response to processing the specified type of command in response to determining to determining to modify the frequency of executing the trap code.

Abstract: A method of securing, by a managing node, communication in a network of member nodes including a first member node. Communication is secured using a (k, n1) secret sharing scheme during a first phase. The managing node announces a phase shift to a subsequent phase relative to the first phase. The managing node secures communication in the network during the subsequent phase using a (k+x, n2) secret sharing scheme. Each of the member nodes is previously in possession of exactly one corresponding unique share for the second key. The first member node is previously in possession of a first unique share for the second key. The managing node deletes the first member node from the subsequent phase by broadcasting the first unique share for the second key.

Abstract: A network traffic sending method and apparatus, and a hybrid honeypot system are provided. The method includes receiving a first attack traffic flow; determining that a request type of the first attack traffic flow is a first request type and determining maturity of a virtual honeypot model for the first request type. Upon the maturity of the virtual honeypot model for the first request type being higher than a threshold set for the first request type, the method includes forwarding the first attack traffic flow to a virtual honeypot using the model, or forwarding the first attack traffic flow to a virtual honeypot using the model and a physical honeypot. Otherwise, it includes forwarding the first attack traffic flow to a physical honeypot. Therefore, a virtual honeypot using a virtual honeypot model of relatively high maturity is used to respond to an attack traffic flow.

Abstract: Example implementations include generating a guard service for a secure service at a secure region of a processing system by detecting a call to a secure service at a secure region of a processing device, obtaining a secure interface associated with the secure service, generating a guard interface based at least partially on the secure interface, generating a guard service based at least partially on the guard interface, locating the guard service at a secure region, and locating the guard interface at a secure address at the secure region.

Abstract: The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.

Abstract: Embodiments of the present disclosure provide a method for control-flow integrity protection, including: changing preset bits of all legal target addresses of a current indirect branch instruction in a control flow of a program to be protected to be same; and rewriting preset bits of a current target address of the current indirect branch instruction to be same as the preset bits of the legal target addresses, so that the program to be protected terminates when the current target address is tampered with. By changing the preset bits of all the legal target addresses of the current indirect branch instruction to be same and rewriting the preset bits of the current target address to be consistent with the preset bits of the legal target addresses, traditional label comparison is replaced by the preset bit overlap operation, reducing performance overhead and improving attack defense efficiency.

Abstract: A computer-implemented method for detecting a code injection threat may include: performing a search process on a memory of a computer system to identify property list files; in response to an identification of a property list file, retrieving the property list file; performing an analysis process on the property list file to identify a target identifier; in response to an identification of the target identifier in the property list file, determining whether the target identifier corresponds to an electronic application stored in the memory of the computer system; in response to determining that the target identifier corresponds to the electronic application, determining that the property list file is indicative of a code injection threat to the electronic application; and in response to the determination that the property list file is indicative of a code injection threat to the electronic application, performing a security action based on the property list.

Abstract: Systems and methods for attesting an enclave in a network. A method includes receiving, by a first device, proof information from an application provider entity that the enclave is secure, wherein the proof information includes a public part, Ga, of information used by the enclave to derive a Diffie-Hellman key in a key generation process with the application provider entity, processing, by the first device, the proof information to verify that the enclave is secure and ensuring that Ga is authentic and/or valid, deriving, by the first device, a new Diffie-Hellman key, based on Ga and x, wherein x is a private part of information used by the first device to derive the new Diffie-Hellman key, and sending, by the first device, a message including Ga and a public part, Gx, of the information used by the first device to derive the new Diffie-Hellman key to the enclave.

Abstract: Computing systems with dynamic architectures may be used to secure against code-injection attacks and other exploits. A system may generate multiple representations of instructions or other data associated with each of a set of configurations of the system. The system may periodically or randomly change configurations such that malicious code that is executable in one configuration cannot be executed in another configuration. A system may also detect malicious code by comparing code previously generated in one representation with different representations of the same code. If, during execution of a representation of a program code, the system determines that the representation specifies instructions that differ from other representations of the same program code, they system may stop executing the compromised program code, change its configuration, and continue to execute another representation of the program code that has not been compromised.

Abstract: Methods of half-duplex communication systems or full-duplex communication systems are provided. The half-duplex communication system includes n number user units-including a transmitting unit of transmitting units, wherein the transmitting unit including a channel estimation module, an identity update module and a modulation module; a receiving unit of receiving units including a demodulation module, a post-processing module and a reconciliation and verification module; a memory unit for storing prime identities, data to be transmitted and shared secret key; a control unit; an antenna connected to each of the transmitting units and each of the receiving units; and the methods are used for realizing a generation of shared secret keys, and an integrated identity verification and a data transmission using the half-duplex communication systems and the full-duplex communication systems.

Abstract: An information handling system may include a management controller; and a plurality of target information handling systems each including a target management controller that is communicatively coupled to the management controller. The information handling system may be configured to: receive, at a particular target management controller and from a client information handling system, a request for management associated with the particular target management controller; perform, at the management controller, validation of a token associated with the request; and based on the validation, cause the particular target management controller to service the request.

Abstract: A method of providing, by a computing device, access to a user of sections of an electronic document. The method includes receiving, by a computing device, a computerized image of a user accessing an electronic document. The computing device further accesses a facial recognition database and compares the computerized image to one or more entries in the facial recognition database to determine an identity of the user. The user is provided access to one or more sections of the electronic document based upon the identity of the user.

Abstract: A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.

Abstract: Methods, computer-readable media, and devices for auditing digital content to validate that the digital content is authentic, secure, and reaching the intended audience are disclosed. In one example, a method performed by a processing system including at least one processor includes launching a web browser application, wherein the launching includes instantiating a simulated user profile, and wherein the simulated user profile includes a simulated web browsing history, detecting, by the processing system, an item of digital content that is presented to the web browser application in response to the simulated user profile, determining, by the processing system, a relevance of the item of digital content to the simulated user profile, and generating, by the processing system, a report that indicates the relevance of the item of digital content to the user profile.

Abstract: An apparatus and method for detecting a change in electrical properties in a system is disclosed. Embodiments of the disclosure enable the detection of a change in electrical properties in a system by, in response to a load generated on a power delivery network power in at least part of the system, measuring noise induced in the power delivery network in response to the load. Based on the measured noise, a dynamic-response property of the power delivery network is determined and the dynamic-response property is compared to a stored reference dynamic-response property of the power delivery network based on a predetermined load. In the event of a difference between the dynamic-response property and the reference dynamic-response property, a response to the event is triggered to indicate tampering with the power delivery network.

Abstract: There is a system for controlling access to an electronic device. This system can comprise at least one server having at least one microprocessor. There can be at least one remote device having at least one microprocessor, and at least one GPS location device, wherein the one remote device is configured to communicate a location of the at least one remote device. This remote device further comprises any one of at least one transceiver configured to communicate wirelessly, at least one biometric reader configured to read a biometric of a user and/or at least one hardware reader configured to read an identification piece. Thus, the electronic device is selectively unlocked via either an internal lock or via the server authenticating a location of the remote device, a Wifi signal of the remote device, a biometric reading of the remote device and a reading of the hardware reader of the remote device.

Abstract: A method of validating the contents of an electronic file. The method comprises requesting an electronic file by an application executing on a computer system by providing a multi-segment filename, wherein the multi-segment filename comprises a unique delimiter between each of the segments of the multi-segment filename and one of the segments of the multi-segment filename is a hash of a content of the electronic file referenced by the multi-segment filename, receiving by the application the electronic file referenced by the multi-segment filename, determining a hash over the content of the electronic file by the application, comparing by the application the hash determined by the application to the hash of the content stored in the one of the segments of the multi-segment filename, and, based on the two hashes agreeing, opening by the application the contents of the electronic file for use.

Abstract: A computing device determines an onboarding algorithm to use for onboarding a wireless device. The computing device determines, based on the onboarding algorithm, a first set of predefined information and a second set of dynamically generated information to use as inputs to the onboarding algorithm. The computing device generates, via the onboarding algorithm, a set of credentials based on the first set of predefined information and the second set of dynamically generated information, and uses the set of credentials to secure a connection for onboarding the wireless device.

Abstract: An aggregate sum is efficiently obtained while keeping confidentiality. A prefix-sum part computes a prefix-sum from a share of a sorted value attribute. A flag converting part converts a format of a share of a flag representing the last element of a group. A flag applying part generates a share of a vector in which a prefix-sum is set when a flag representing the last element of a group is true, and a sum of the whole is set when the flag is false. A sorting part generates a share of a sorted vector obtained by sorting a vector with a permutation which moves elements so that the last elements of each group are sequentially arranged from beginning. A sum computing part generates a share of a vector representing a sum for each group.

Abstract: There is disclosed a method of preventing privileged web browser extensions installed in a web browser from interfering in interactions between a user of the web browser and a web application server accessible via the web browser, the method including transmitting a web browser-intelligible file to the web browser (including a custom element designating an enclave portion); creating a sandboxed page; copying at least part of the enclave portion to the sandboxed page to create a local enclave; embedding the sandboxed page in a first iframe for rendering; embedding the first iframe in a second iframe; providing an API for the local enclave using web-accessible resources for access to entities outside the local enclave; providing a software agent in the second iframe to act as a proxy between the first iframe and external entities; and encapsulating the second iframe in a shadow document object model associated with a host page.