Abstract: A virtualized storage for use in performing dynamic analysis on a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. The virtualized platform is previously configured to use the virtualized storage, and the snapshot is configured to use a placeholder file to occupy space for later use when installing the sample. A location of the copied sample in an image corresponding to the virtualized storage is determined. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with relying party circuitry, the first interface circuitry being configured to receive, from the relying party circuitry, an attestation request in respect of a processing operation requested by attester circuitry to be performed by the relying party circuitry; second interface circuitry to communicate with the attester circuitry, the second interface circuitry being configured to: transmit the attestation request to the attester circuitry; and receive, from the attester circuitry, evidence data associated with the processing operation, and third interface circuitry to communicate with verifier circuitry, the third interface circuitry being configured to: transmit the evidence data to the verifier circuitry; and receive, from the verifier circuitry, attestation result data indicative of a verification of the evidence data, wherein the first interface circuitry is configured to transmit the attestation

Abstract: A method is disclosed that includes receiving, at a computing device, an event log including multiple events, where the events are derived from machine data, determining a first score associated with a first granularity level by comparing an event from the event log with a first frequent patterns generated for the first granularity level, and determining a second score associated with a second granularity level by comparing the event with a second frequent patterns generated for the second granularity level. The method further includes determining an aggregate score for the event based on the first score and the second score, and comparing the aggregate score for the event with an anomaly score threshold. Further, the method includes issuing an alert identifying the event as an anomaly based on the aggregate score exceeding the anomaly score threshold.

Abstract: A system and method for fast-detection and mitigation of emerging network fraud attacks includes sourcing digital event data samples associated with one or more online services; executing graph-rendering computer instructions that automatically construct a backbone graph using a subset of features extracted from the sourced digital event data samples, wherein the constructing includes: identifying, as graphical nodes, a first plurality of distinct features of the subset of features; identifying, as graphical edges, a second plurality of distinct features of the subset of features; generating a graphical edge between distinct pairs of graphical nodes comprising a same type of feature of the subset of features based on feature values associated with at least one distinct feature of the second plurality of distinct features; and mitigating, via a digital threat mitigation action, if one or more emerging network fraud attacks is identified based on an assessment of a cluster of networked nodes.

Abstract: A hardware Trojan immunity device and an operation method thereof are provided. The hardware Trojan immunity device is disposed in a data transmission path between an output terminal of a first circuit and an input terminal of a second circuit. The hardware Trojan immunity device includes a multiplexer, an arbitrary pattern generator (APG) and a monitoring circuit. A first input terminal of the multiplexer is coupled to the output terminal of the first circuit. An output terminal of the multiplexer is coupled to the input terminal of the second circuit. The APG is coupled to a second input terminal of the multiplexer to provide pseudo-random data. The monitoring circuit is coupled to a control terminal of the multiplexer. The monitoring circuit is configured to monitor a data activity of the data transmission path and to control a routing of the multiplexer according to the data activity.

Abstract: Disclosed is a system to efficiently compute validity of a block chain controlling access to an encrypted data. The block chain defines user permissions to access the encrypted data. The system creates a computational checkpoint proving a validity of the block chain based on the user permissions defined in the block chain. The system performs an expensive computation from an initial block in the block chain to a last block in the block chain, wherein the expensive computation validates each block between the initial block and the last block. The system creates a proof of the validity of the block chain based on the expensive computation and stores the proof after the last block in the block chain. The system can provide the proof of the validity, without performing the expensive computation, where verifying the proof is at least ten times faster than the expensive computation.

Abstract: An exemplary method for generating a test vector to activate a Trojan triggering condition includes the operations of obtaining a design graph representation of an electronic circuit; constructing a satisfiability graph from the design graph representation, wherein the satisfiability graph includes a set of vertices representing rare signals of the electronic circuit and satisfiability connections between the vertices; finding a plurality of maximal satisfiable cliques in the satisfiability graph, wherein a maximal satisfiable clique corresponds to a triggering condition for a payload of the electronic circuit; generating a test vector for each of the maximal satisfiable cliques; and performing a test for the presence of a hardware Trojan circuit in the electronic circuit using the generated test vectors as input signals.

Abstract: Disclosed embodiments relate to encoded inline capabilities. In one example, a system includes a trusted execution environment (TEE) to partition an address space within a memory into a plurality of compartments each associated with code to execute a function, the TEE further to assign a message object in a heap to each compartment, receive a request from a first compartment to send a message block to a specified destination compartment, respond to the request by authenticating the request, generating a corresponding encoded capability, conveying the encoded capability to the destination compartment, and scheduling the destination compartment to respond to the request, and subsequently, respond to a check capability request from the destination compartment by checking the encoded capability and, when the check passes, providing a memory address to access the message block, and, otherwise, generating a fault, wherein each compartment is isolated from other compartments.

Abstract: A storage system includes a host device including a host processor and a secure element distinguished from the host processor, and a storage device that includes a first memory area accessed by the host processor, and a second memory area distinguished from the first memory area and accessed by the secure element. The host processor includes a first replay protected memory block (RPMB) key and a first RPMB counter for a first RPMB subsystem of the host processor. The secure element includes a second RPMB key and a second RPMB counter for a second RPMB subsystem of secure element. The first memory area includes a third RPMB key, a third RPMB counter and a first data space of the first RPMB sub-system. The second memory area includes a fourth RPMB key, a fourth RPMB counter and a second data space of the second RPMB sub-system.

Abstract: Systems and methods for performing graph-based analysis of computing system threats and incidents, and determining response and/or mitigation actions for the threats and incidents, are described. In some embodiments, the systems and methods generate node graphs of computing system threat artifacts, and perform actions to identify recommended resolutions to the threats, based on information derived from the generated node graphs.

Abstract: Disclosed is a system and method to create an encrypted file system on a block chain. The system creates the block chain controlling an access to the encrypted file system. The block chain defines a user permission to access at least a portion of the encrypted file system. The system creates the encrypted file system by recording a unique file ID in the block chain, where the unique file ID stores a chunk index including memory locations of multiple chunks storing portions of a file in the encrypted file system. The system encrypts the file using a channel session key and a file encryption key. The channel session key includes a cryptographic key computed based on information known to users granted at least a temporary access to the file, and the file encryption key includes a cryptographic key used to encrypt each file in the encrypted file system.

Abstract: In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second subscore and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

Abstract: Systems and methods for utilizing statistical relational learning techniques in order to predict factors for nodes of a node graph, such as a node graph that represents attacks and incidents to a computing system, are described. In some embodiments, the systems and methods identify certain nodes (of a node graph) as representing malicious attributes of an email or other threat artifact received by a computing system or network and utilize relational learning to predict the maliciousness of attributes represented by other nodes (of the node graph).

Abstract: A method for detecting and/or preventing an adversarial attack against a target machine learning model may be provided. The method may include training, based at least on training data, a defender machine learning model to enable the defender machine learning model to identify malicious input samples. The trained defender machine learning model may be deployed at the target machine learning model. The trained defender machine learning model may be coupled with the target machine learning model to at least determine whether an input sample received at the target machine learning model is a malicious input sample and/or a legitimate input sample. Related systems and articles of manufacture, including computer program products, are also provided.

Abstract: Systems, methods, and computer-readable media for cybersecurity are disclosed. The systems and methods may involve receiving, by an application capable of JavaScript execution, code for execution; executing, before execution of the received code, an intercepting code, wherein the intercepting code is configured to intercept at least one application programming interface (API) invocation by the received code; intercepting, by the intercepting code, an API invocation by the received code; determining that the intercepted API invocation results in a manipulation of a backing store object; and modifying an execution of the intercepted API invocation, wherein the modified execution results in a nonpredictable environment state.

Abstract: A method for securing a blockchain and incentivizing the storage of blockchain data using a publicly verifiable proof of retrievability (PoR) includes receiving a PoR transaction having a PoR proof, determining whether the PoR proof is a verified PoR proof, and based upon determining that the PoR proof is a verified PoR proof, incorporating, by a block creator node, the PoR transaction into a new block of the blockchain.

Abstract: An integrated circuit includes a data processing part, a data management part. The data processing part processes data. The data management part manages security of the data processing part. The security management part includes a set value holding part, a start control part and a state control part. The set value holding part holds a set value of security strength. The start control part starts the integrated circuit by secure boot which performs signature verification on a boot program in a case where the security strength shown by the set value is over a predetermined level. The state control part resets the data processing part when falsification of the boot program is detected by the signature verification in the secure boot.

Abstract: A system and method of detecting and remediating attacks includes receiving operating system (OS) read/write data from an OS, the OS read/write data describing at least one of reads from and writes to a storage device over a file system interface of the OS; collecting storage device read/write data, the storage device read/write data describing at least one of reads from and writes to the storage device; comparing the OS read/write data to the storage device read/write data; and determining if there is a discrepancy between the OS read/write data and the storage device read/write data. If there is a discrepancy, determining if there is an anomaly detected between OS read/write data and the storage device read/write data. If there is an anomaly, causing a remediation action to be taken to stop a malware attack.

Abstract: A system and method for facilitating online dating activities via identity verification over a communications network includes a client module on a client computing device, the client module configured for reading user contact information, taking a first image of the user's face, and taking a second image of the user's identification card via a camera on the client computing device, encrypting the data and transmitting it to the web server, receiving a verification of the user's identity from the web server and appending a digital signature to any transaction requests made to the web server. The system also includes a web server module executing on the web server configured for transmitting the user data to an identity authority, transmitting a verification of identity to the client computing device, encrypting the user data, and requiring that all transaction requests to the web server include a digital signature.

Abstract: Providing automated security algorithm identification in software distributions is disclosed herein. In one example, a processor device receives a source code fragment representing a difference between a given source code file of a first software distribution and a corresponding source code file of a second software distribution. The processor device determines whether the source code fragment matches any security profile of one or more security profiles that each corresponds to an approved security algorithm. If so, the processor device generates an approval notification to indicate that the source code fragment comprises the approved security algorithm. However, if the processor device determines that the source code fragment does not match any security profile of the one or more security profiles, the processor device generates a warning notification.