Abstract: A security platform of a data network is provided that includes security services for computing devices in communication with the data network. The security platform may apply a security policy to the computing devices when accessing the Internet via a home network (or other customer network) and when accessing the Internet via a public or third party network. To provide security services to computing devices via the home network, the security platform may communicate with a security agent application executed on the router (or other gateway device) of the home network. In addition, each of the devices identified by the security profile for the home network may be instructed or otherwise be provided a security agent application for execution on the computing devices. The security agent application may communicate with the security platform when the computing device connects to the Internet over a third party or public access point.

Abstract: A Peripheral Component Interconnect Express (PCIe) function includes an access identification information controller generating first access identification information for allowing an access to the PCIe function, and providing the first access identification information to an assigned system image to which the PCIe function has been assigned, the assigned system image being one of a plurality of system images, a data packet receiver receiving a data packet including target identification information indicating a target system image selected from the plurality of system images from the target system image, and an access allowance determiner determining whether or not to allow an access of the target system image based on the first access identification information and the target identification information.

Abstract: In some examples, a method comprises determining, at an electronic device having a first component of a first component type, a unique identifier associated with the first component. In some examples, in accordance with a determination that the unique identifier does not match the expected identifier of the component of the first component type in the electronic device, determining that the first component associated with the unique identifier satisfies one or more eligibility criteria. In some examples, in accordance with the determination that the first component associated with the unique identifier satisfies the one or more eligibility criteria, authenticating an association of the first component with the electronic device, including updating an installation counter associated with the first component, and updating the expected identifier for the component of the first type based on the unique identifier of the first component.

Abstract: System and methods are provided for building intelligence around IoT devices that can prioritize an attack attack sphere, such that scanning and protection can be focused on risky spheres before others that may be less at risk. The attack spheres include specific device types, vendors, geographic locations, demographics, or organizations. Priority based vulnerability scanning and protection is utilized along with the concept of attack spheres to define priority zones which may be unique. Priority computation based on trend analysis and predictive analysis is used to determine the vulnerability of specific devices and groups of devices. This will significantly reduce the attack exposure and ensures the proactive damage control.

Abstract: Provided are a method and an apparatus for enhancing the security of a quantum key distribution network. The quantum key distribution network includes a first node, a second node, and at least one relay node, by means of which the first node and the second node implement a first stage of quantum key distribution; the first node and the second node share a first key pool, which includes at least one key; and the method is executed on either the first node or the second node. The method includes: acquiring a first key obtained after the first stage of quantum key distribution; determining the seed key from the first key pool; generating a first random string by applying, based on the seed key, a first algorithm predetermined with a correspondent node, the first random string having a length equal to that of the first key; and acquiring a second key by performing a preset first bit operation on the first key and the first random string.

Abstract: Embodiments of this application provide example communication methods and apparatuses. One example communication method is applied to a communications device, where a subscriber identification module (SIM) card is installed in the communications device, and where the example communication method includes determining, by the communications device, that the SIM card is removed. The communications device can then send alarm information to a network device, where the alarm information indicates that the SIM card in the communications device is removed, and where security protection is performed on the alarm information based on security context stored in the communications device. The communications device can then delete the security context.

Abstract: Risk modeling for cyberspace control deficiencies includes characterizing a subject organization and loading a baseline set of controls, each control mapping to one or more threats to the subject organization. For each of the threats, a baseline risk value is computed from a hypothetical implementation of the baseline set of controls. Concurrently, risk assessment data is uploaded for the subject organization and an implemented set of controls for the organization extracted therefrom. For each of the threats, one or more of the implemented set of controls are mapped thereto and a risk value computed. Thereafter, the baseline risk value compared to the computed risk value producing a risk deficit value. On condition that the risk deficit value exceeds a threshold value, a flag is written in association with the risk assessment data indicating a necessity to modify the implemented set of controls.

Abstract: A system and method are provided to facilitate securing windows discretionary access control. During operation, the system determines a Windows domain model including capability assignments of principals on resources, wherein a respective capability assignment comprises a permission of a respective principal to a respective resource and wherein a respective principal comprises a user or a group of users. The system specifies desired effective permissions of each principal to each resource. The system generates, based on the specified desired effective permissions, access control entries for the respective principal to the respective resource. The system generates, based on the specified desired effective permissions, group memberships indicating which users belong to which groups.

Abstract: In one embodiment, a device may determine a compliance status of a communication of a type of data between a first workload and a second workload based on a data compliancy policy and a verified node location of at least one of the first workload and the second workload. The device may send, based on the compliance status of the communication, an instruction for handling the communication to at least one of a node executing the first workload and a node executing the second workload.

Abstract: Methods, systems, devices, and tangible non-transitory computer readable media for generating and implementing security policies are provided. The disclosed technology can include accessing a security request associated with generating a security policy based in part on organizational data that includes one or more organizational records. The security request can include one or more rules associated with the security policy. Based at least in part on the security request, the one or more rules that are in compliance with one or more policies associated with the organizational data can be determined. Furthermore, the security policy can be generated based at least in part on the one or more rules that are in compliance with the one or more policies. Furthermore, operations associated with implementing the security policy can be performed.

Abstract: A system may include an interface configured to couple to a network, and includes a processor and a memory accessible to the processor. The memory may be configured to store instructions that, when executed, cause the processor to process search results corresponding to multiple data owners to selectively filter personally identifiable information (PII) associated with one or more consumers from the set of search results according to data sharing permissions for each of the data owners to produce filtered results. The instructions may further cause the processor to provide the filtered results to a user device through the network.

Abstract: A vehicle processing device authenticates that an authorized user has requested an action by the vehicle and generates an authentication acknowledgement message. At least two security devices being present within the cabin of, or close to, the vehicle during a predetermined period following an authentication trigger event that occurs while the user performs a predetermined sequence of authentication activities (i.e., button presses, operating the vehicle or a part of it, etc.) provides a basis for the authentication acknowledgement message. Typically, information unique to each security device has been associated with the vehicle at a service provider's server. The authentication acknowledgement may include an activation code that results from processing the information, unique to each security device, received from the security devices and other random information, such as date.

Abstract: Techniques for updating blockchains using a proof of work determined serially include receiving a block of data for inclusion in a new block of a blockchain; deterministically determining an initial nonce, hashing a combination of the block of data and the initial nonce to create a hashed value; iteratively deterministically determining an updated nonce based on a combination of the hashed value and updating the hashed value by hashing the updated nonce until the updated hashed value satisfies a proof of work criteria; creating the new block based on the block of data, the initial nonce, and the updated hashed value that satisfies the proof of work criteria; and having the new block stored in the blockchain.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to provide phishing attack protection based on identity provider verification. The at least one processor is further configured to capture an image of a browser web page to which the user has navigated and identify the domain name associated with the browser web page. The at least one processor is further configured to determine that the captured image matches an image of a known identity provider web page. The at least one processor is further configured to detect a phishing attempt in response to the determination that the images match and that the domain name associated with the browser web page differs from the domain name associated with the identity provider web page.

Abstract: Mechanisms for detecting fraudulent activity based on hardware events are provided. In accordance with some embodiments of the disclosed subject matter, the method comprises: receiving a request for advertising content to be placed on a website; receiving data describing physical activity at one or more user input hardware devices; receiving data describing interactions with the website; correlating the data describing interactions with the website with the data describing physical activity at one or more user input hardware devices; determining whether at least a portion of the interactions with the website are indicative of fraudulent behavior based on the correlation; and responding to the request for advertising content on the website by inhibiting the advertising content to be transmitted to the website in response to the determination that at least a portion of the interactions with the website indicates fraudulent behavior.

Abstract: A system for improving data security for computing devices receives a data input stream indicating changes to data security threats posed to the computing devices. The system detects, based at least in part on the changes to the data security threats, a new data security threat posed to the computing devices. The system determines one or more available data security controls that align with the new data security threat. The one or more available data security controls comprise security countermeasures available to the computing devices for resolving the new data security threat. After determining that a security vulnerability rating is greater than a threshold value, at least one of the one or more available data security controls may be automatically implemented at the computing devices.

Abstract: A security platform architecture is described herein. A user identity platform architecture which uses a multitude of biometric analytics to create an identity token unique to an individual human. This token is derived on biometric factors like human behaviors, motion analytics, human physical characteristics like facial patterns, voice recognition prints, usage of device patterns, user location actions and other human behaviors which can derive a token or be used as a dynamic password identifying the unique individual with high calculated confidence. Because of the dynamic nature and the many different factors, this method is extremely difficult to spoof or hack by malicious actors or malware software.

Abstract: A plurality of memory image data is obtained. Respective ones of the memory image data may include captured memory contents from an executing process. Training data including feature vectors and classification values are provided to a machine learning (ML) training model executing on a processing device. The feature vectors may include indications of patterns within the memory image data. The ML training model is trained based on the training data to generate an ML production model. The training may include computing a plurality of model parameters that relate the feature vectors of the training data to the classification values of the training data.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A processor implementing techniques for processor extensions to protect stacks during ring transitions is provided. In one embodiment, the processor includes a plurality of registers and a processor core, operatively coupled to the plurality of registers. The plurality of registers is used to store data used in privilege level transitions. Each register of the plurality of registers is associated with a privilege level. An indicator to change a first privilege level of a currently active application to a second privilege level is received. In view of the second privilege level, a shadow stack pointer (SSP) stored in a register of the plurality of registers is selected. The register is associated with the second privilege level. By using the SSP, a shadow stack for use by the processor at the second privilege level is identified.