Abstract: An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a cloud storage platform that authorizes a user to access the cloud storage platform. After access to the cloud storage platform is authorized, the cloud storage platform receives, from the user, a request to access, through the cloud storage platform, an application executing on a remote storage device. The cloud storage platform obtains an access token in response to receiving the request from the user. The cloud storage platform transmits the access token to the storage device for use by the storage device to validate the user and grant the user access, through the cloud storage platform, to the application executing on the storage device.

Abstract: Privately determining whether a password satisfies a constraint without having to divulge the password itself to a third party that evaluates the constraint, and without the third party even being aware of the result of the evaluation. After the user selects a password, private communication (e.g., private information retrieval) is used to determine whether the selected password satisfies password constraints. For instance, the password might be encrypted (e.g., homomorphically), and then the encrypted password and a function definition (e.g., a homomorphic function definition) is then provided to the third party. The third party then performs the function and returns an already encrypted result. The third party generated the encrypted result directly, without having access to the result in the clear. Upon receiving the encrypted result, the user's computing system may then decrypt the result, to find out whether the password satisfies the constraints, and thus is sufficiently safe.

Abstract: A process for detecting a threat for a file system is described. Audit events in the file system may be accessed, which may include unique file operations and duplicative file operations. The audit events may be de-duplicated to remove the duplicative file operations. Time series data may be generated that includes the unique file operations but not the duplicative file operations, and the time series data may be analyzed to determine whether a subset of the unique file operations includes file-access instructions. An observed pattern of the file-access instructions may be compared to a normal pattern of file-access instructions to determine whether the observed file-access instructions are abnormal. If the observed file-access instructions are abnormal, an alert may be generated.

Abstract: A fraud detection system may obtain a number of known fraudulent end-user profiles and/or otherwise undesirable end-user profiles. Using statistical analysis techniques that include clustering the end-user profiles by attributes and attribute values and/or combinations of attributes and attribute values, the fraud detection system identifies on a continuous, periodic, or aperiodic basis those attribute values and/or attribute value combinations that appear in fraudulent or otherwise undesirable end-user profiles. Using this data, the fraud detection system generates one or more queries to identify those end-user profiles having attribute values or combinations of attribute values that likely indicate a fraudulent or otherwise undesirable end-user profile.

Abstract: A method may include detecting a keylogger based at least in part on an increase in power drawn by an input device, detecting the keylogger based at least in part on a driver of the input device, detecting the keylogger based at least in part on a duration of time that a signal generated by the input device takes to transmit to a computing device, or any combination thereof. The method may also include, in response to detecting the keylogger, generating an alert to indicate a presence of the keylogger.

Abstract: Methods that can assign access permission to social media are disclosed herein. One method includes determining, by a processor, an impact of a plurality of impacts on an owner of a social media post, the impact based on a follower of the social media post, and assigning a permission of a plurality of permissions to the follower for accessing the social media post based on the determined impact. Apparatus, systems, and computer program products that can include, perform, and/or implement the methods are also disclosed herein.

Abstract: An extraction device includes: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: sort each set of frames that have the same identifier associated with a node, into frames maintaining a cycle and frames out of the cycle; and extract, as an event rule, a feature of a bit change in a data field related to an event occurrence, from the frames that have the same identifier and are out of the cycle.

Abstract: When a system receives sensitive data, it can request an encryption key from an encryption/decryption unit. A central processing unit (CPU) of the system can encrypt the sensitive data using the encryption key before writing the sensitive data to memory. Thus, the sensitive data is encrypted when written to memory.

Abstract: Apparatuses, methods, and systems are provided for making continuous vulnerability management for modern applications. A dependency tree can be created mapping third-party libraries to microservices used in an application of a software package. Natural language processing can be used on release notes and changelogs of new library versions to generate a list of libraries afflicted with common vulnerabilities and exposures (“CVEs”). A number of code calls from an application program interface (“API”) can be made to an afflicted library. A number of code calls including CVEs can be enumerated for each afflicted library. A risk score can be assigned to the API based on the number of code calls including CVEs. The risk score can be compared against a threshold value to cause a remedial action to occur, including updating libraries to newer versions to resolve CVE issues or generating a report regarding the afflicted libraries.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data, a set of data attributes about the data, and a risk profile data structure indicative of a vulnerability of the data in a PQC data environment. The example method further includes retrieving PQC cryptographic performance information associated with a set of PQC cryptographic techniques. The PQC cryptographic performance information may comprise a set of PQC cryptographic performance attributes for each PQC cryptographic technique in the set of PQC cryptographic techniques. The example method further includes generating a set of PQC encryption attributes for encrypting the data based on the set of data attributes, the risk profile data structure, and the PQC cryptographic performance information. Subsequently, the example method includes encrypting the data based on the set of PQC encryption attributes.

Abstract: Methods, apparatus, and processor-readable storage media for automated detection of user device security risks related to process threads and corresponding activity are provided herein. An example computer-implemented method includes obtaining information pertaining to processes running on a user device; obtaining information pertaining to images loaded into at least one memory associated with at least one of the processes running on the user device; obtaining information pertaining to threads created in connection with at least one of the processes running on the user device; automatically identifying at least one of the threads as a security risk by processing the information pertaining to the images and the information pertaining to the threads; and performing at least one automated action based on the identification of at least one of the one or more threads as a security risk.

Abstract: Systems and methods for a provenance based threat detection tool that builds a provenance graph including a plurality of paths using a processor device from provenance data obtained from one or more computer systems and/or networks; samples the provenance graph to form a plurality of linear sample paths, and calculates a regularity score for each of the plurality of linear sample paths using a processor device; selects a subset of linear sample paths from the plurality of linear sample paths based on the regularity score, and embeds each of the subset of linear sample paths by converting each of the subset of linear sample paths into a numerical vector using a processor device; detects anomalies in the embedded paths to identify malicious process activities, and terminates a process related to the embedded path having the identified malicious process activities.

Abstract: A method and system for secure and efficient provision of at least one at least partly automated driving mode of a vehicle. The method includes creating a request by the vehicle to retrieve an authorization of a performance of the at least one at least partly automated driving mode; receiving the request at a server; checking the authorization of the performance of the at least one at least partly autonomous driving mode; creating authorization data corresponding to the check; creating a response including the authorization data and further useful data; and receiving and evaluating the response in the vehicle.

Abstract: Aspects of the subject disclosure may include, for example, a processing system including a processor with a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations including: receiving an identity bridge file comprising records from a service provider, wherein each record includes one or more encrypted service identifiers for a customer, a customer location code of the customer, and an address location code of the customer; determining whether a tokenized identifier exists in a cross-reference table; responsive to a determination that the tokenized identifier does not exist in the cross-reference table: a) generating a new tokenized identifier; and b) adding a record to the cross-reference table comprising the new tokenized identifier, the customer location code, the address location code, and the one or more encrypted service identifiers; securing a usage record of a data usage log, wherein the usage record includes a uniq

Abstract: A computing apparatus, including: a processor and a memory; a web browser; and a web exploit mitigation engine, including instructions within the memory to instruct the processor to: insert a script into an incoming webpage, the script including instructions to hook application programming interface (API) function calls of a scripting language, the API function calls for a plurality of functions commonly used by browser exploits; observe information passed by a running script to the plurality of API functions; correlate the called API functions to a malware model; detect a web page making the API function calls as containing a browser exploit according to the correlating; and act on the detecting.

Abstract: A system includes a data storage device containing encrypted data to be decrypted, and a VZ storage device containing a key material for decrypting data, wherein the VZ storage device decrypts the encrypted data by consuming a portion of the key material and stores the decrypted data in the consumed portion of the key material.

Abstract: One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more previously trained machine learning models. To generate the hardened machine learning models, the previously trained machine learning models are retrained and extended using preprocessing layers or using additional network layers which test model performance on benign or adversarial samples. A rollback strategy is additionally implemented to retain intermediate model states during the retraining to provide recovery if a training collapse is detected.

Abstract: In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space.

Abstract: Methods, systems, and apparatus, including an apparatus for preventing data leakage by controlling the availability of user data. In one aspect, a system includes a frontend server that receives digital component requests that each specify a user identifier for a user to which digital component will be provided and provides digital components. A data availability control server receives data specifying a user identifier for a user and controls availability of activity data to digital component providers by identifying, for a given digital component provider, data sets that include a user identifier for the user and are data sets from which the digital component provider is eligible to receive data. The data availability control server selects, from a specified number of the identified data sets, the activity data of the user included in the specified number of identified data sets and provides the selected data to the given digital component provider.

Abstract: In an aspect, the present application may describe a method including: receiving, from a remote computing device and at a server, an indication of consent for an authenticated entity to share data with a third party server; in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; monitoring a risk parameter associated with one or both of the third party server and the authenticated entity to detect a change in the risk parameter; determining, based on input received from the authenticated entity, that data sharing with the third party server is to be modified based on the change in risk parameter; and modifying the sharing of data for the authenticated entity with the third party server by revoking the access token or modifying an access permission associated with the access token.