Abstract: A computer-implemented method for using event-correlation graphs to generate remediation procedures may include (1) detecting a suspicious event involving a first actor within a computing system, (2) constructing, in response to detecting the suspicious event involving the first actor, an event-correlation graph that includes (i) a first node that represents the first actor, (ii) a second node that represents a second actor, and (iii) an edge that interconnects the first node and the second node and represents an additional suspicious event involving the first actor and the second actor, and (3) using the event-correlation graph to generate a procedure for remediating an effect of an attack on the computing system that is reflected in the event-correlation graph. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration.

Abstract: Provided are methods and systems for preventing hardware Trojan insertion. An example method can comprise determining unused space in an integrated circuit (IC), selecting a plurality of built-in self-authentication (BISA) filler cells based on the determined unused space, and placing the selected plurality of BISA filler cells onto the unused space. The plurality of BISA filler cells can be connected to form a plurality of BISA blocks. The plurality of BISA blocks can correspond to a plurality of signatures. A modification of one or more BISA filler cell can lead to an alteration of one or more signatures.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or data isolation. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a rootkit defense mechanism (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it), inter alia, for detection and/or prevention of malicious code, for example, in a manner/context that is isolated and not able to be corrupted, detected, prevented, bypassed, and/or otherwise affected by the malicious code.

Abstract: Methods and systems are provided for turning on and off features at run time. The method includes providing a unique enabling predicate (e.g., an “if enabled” statement) for one or more executable features (blocks of code), configuring a permissions library, and caching the configured permissions library. The method further includes interrogating the cache with the first “if enabled” predicate, executing the block of code (feature) if the cache yields “true” for the requesting user, and not executing the code block if the cache yields “false” for the requesting user.

Abstract: A data security system that includes a first memory device to store message data to be secured, a second memory device to store microcode including an instruction set defining a cryptographic algorithm for use in securing the message data, and a processing unit to execute the microcode to implement the cryptographic algorithm.

Abstract: A monitoring device for monitoring transactions on a bus includes content-addressable memory (“CAM”) and a response policy unit. The CAM includes an input coupled to receive a bus transaction tag based on bus traffic on the bus. The CAM stores data tags associated with rules of a security policy to compare the bus transaction tag to the data tags. The CAM generates an output signal indicating whether one or more matches occurred. The response policy unit is coupled to the CAM to receive the output signal from the CAM and to execute a policy action in response to the output signal.

Abstract: The present invention provides a technique, in a network storage system, for a key management module (KMM) managing security operations within the storage server using an authenticated storage module (ASM) such as a smart card of the storage server. The KMM may process encryption key information (key information) generated by an encryption engine of the storage server to associate a key with a storage object of the storage server. The processed key information may then be stored by the KMM to a key map of the ASM, for which the ASM performs security services prior to storing information to the key map. The KMM may then request key information stored in the key map from the ASM, and forward the key information to the encryption engine for performing cryptographic operations on data of the storage object.