Abstract: Providing automated security algorithm identification in software distributions is disclosed herein. In one example, a processor device receives a source code fragment representing a difference between a given source code file of a first software distribution and a corresponding source code file of a second software distribution. The processor device determines whether the source code fragment matches any security profile of one or more security profiles that each corresponds to an approved security algorithm. If so, the processor device generates an approval notification to indicate that the source code fragment comprises the approved security algorithm. However, if the processor device determines that the source code fragment does not match any security profile of the one or more security profiles, the processor device generates a warning notification.

Abstract: A system and method for accelerating an automated labeling of a volume of unlabeled digital event data samples includes identifying a corpus characteristic of a digital event data corpus that includes a plurality of distinct unlabeled digital event data samples; selecting an automated bulk labeling algorithm based on the corpus characteristic associated with the digital event data corpus satisfying a bulk labeling criterion of the automated bulk labeling algorithm; evaluating a subset of the plurality of unlabeled digital event data samples, wherein evaluating the subset includes attributing a distinct classification label to each digital event data sample within the subset; and in response to the selection, executing the selected automated bulk labeling algorithm against the digital event data corpus, wherein the executing includes simultaneously assigning a classification label equivalent to the distinct classification label to a superset of the digital event data corpus that relates to the subset.

Abstract: A mechanism is provided for monitoring and controlling data access. Responsive to intercepting a response from a server to a request for information from a client device, a security system agent applies pattern matching using a predefined set of sensitive data pattern rules to identify at least one sensitive data access included in the response. Responsive to identifying at least one sensitive data access matching one or more of the predefined set of sensitive data pattern rules, the security system agent modifies that the request from the client by marking the at least one sensitive data access as sensitive thereby forming a modified request. The security system agent sends the modified request to the security system thereby causing the security system to process the modified request without access the sensitive data associated with the at least one marked sensitive data access.

Abstract: A method may include, during execution of a basic input/output system comprising boot firmware configured to be the first code executed by the processor when the information handling system is booted and/or powered on and execute prior to execution of an operating system of the information handling system, executing a hardware attestation verification application configured to: (i) read a platform certificate comprising information associated with one or more information handling resources of the information handling system recorded during creation of the platform certificate; (ii) perform hardware attestation of the information handling system by comparing information associated with the one or more information handling resources and the information stored within the platform certificate; and (iii) generate a log indicative of the results of the hardware attestation.

Abstract: Attack cases (for example, including attack details, countermeasures, and the like) of each device forming each attack path are derived by comprehensively extracting attack paths assumed for a target system.

Abstract: The invention relates to an embedded system on board an aircraft for detection and response to incidents with log recording, the aircraft comprising a calculator comprising applications using and generating data and being configured to detect events based on these data and predefined information specifying these events. The system comprises, for the calculator, an agent and a collector. The agent is an application component dedicated to an identified application and is configured to apply an incident detection logic to the detected events in order to detect at least one incident and to send to the collector, through detection messages, each detected incident according to a configurable transmission logic. The collector is configured to receive the messages and to apply, to the messages, a configurable recording logic of the messages in one or several log(s).

Abstract: Technologies are shown for secure token refresh where a client receives a first access token from an authentication service, generates an asymmetric key pair, stores the first access token in association with a private key, and sends a public key to the authentication service. The service stores the public key in association with the first access token. The client sends a refresh token request to the service with the first access token. The service responds with a verification request with proof data. The client signs the proof data with the private key and sends the signed proof data to the service. The service verifies the signed proof data using the public key associated with the first access token, creates a second access token that is stored in association with the public key, and sends the second access token to the client, which stores it in association with the private key.

Abstract: Apparatuses, methods, and systems are disclosed for security mode integrity verification. One method includes transmitting a request message to one or more network devices. The method includes, in response to transmitting the request message, authenticating with the one or more network devices. The method includes, in response to successfully authenticating with the one or more network devices, receiving a security mode command message. The method includes verifying the integrity of the security mode command message. The method includes, in response to the verification of the integrity of the security mode command message indicating that a security key is invalid, performing a cell reselection procedure.

Abstract: Systems on a chip (SoCs) include security logic configured to increase resistance to fault injection attacks (FIAs). The security logic includes a monitoring circuit and a cascaded series of substitution-boxes (S-Boxes) having a circuit delay that is designed to match (or most closely match) the computing device critical path length. The monitoring circuit monitors the number of iterations required for the cascaded series of S-Boxes to return to an initial value and generates an error signal if the monitored loop length is different from the expected loop length. In some examples, the error signal is received by a mitigation processor that executes one or more processes aimed at mitigating the attack.

Abstract: In a particular embodiment, recording data associated with an unmanned aerial vehicle (UAV) is disclosed that includes a blockchain manager receiving a transaction message associated with a UAV. The particular embodiment also includes the blockchain manager using the information within the transaction message to create a block of data. In this particular embodiment, the blockchain manager stores the created block of data in a blockchain data structure associated with the UAV.

Abstract: A computerized system and method for obtaining a post-quantum security scheme, generating a one-time use signing key split into shares, each share of the one-time use signing key is stored in one computerized device of the multiple computerized devices, generating shares of a verification key using a function receiving a share of the signing key, generating a data structure, where each node of the data structure is associated with a share of the verification key, signing a message using the shares of the one-time use signing key, revealing the share of the verification key, and reconstructing at least a portion of the data structure to validate that the revealed share of the verification key is associated with the correct node of the data structure.

Abstract: A system and method are provided for treating excessive or problematic computer use. In at least one embodiment, a method is employed to treat excessive or problematic computer use by acquiring information about the unwanted user activity, monitoring user activity for the unwanted behavior, controlling the behavior when it occurs, enabling the user to record self-observations and evaluating the results. This method may employ a computer based system to treat excessive or problematic computer use which includes configuring a user activity monitor with constraints, programmatically enforcing those constraints, reporting the activities monitored and restricted, and enabling a user to input self-observations. Potential constraints include a complete bar on the user activity, as well as, progressively decreasing the amount of time the user may engage in the activity, i.e. titrating the user activity.

Abstract: A system compares two network security specifications expected to implement the same network security policy for a network and identifies possible discrepancies between them. The system generates a representation of relations between subnetworks of the network for each network security specification. The representation efficiently stores permitted connections between subnetworks. The system compares the representations corresponding to the two network security specifications to identify discrepancies across the two network security specifications. If discrepancies are identified across the two network security specifications the system generating a report identifying the discrepancies.

Abstract: A control device is protected from a threat which may occur with the advance of networking or incorporation of intelligence. A security monitoring device that can be externally attached to the control device having a program execution portion that executes a program produced in accordance with a control target includes a communication port for connection with the control device. When it is detected from a content of communication that a security event is generated in access from outside to the control device, a notification is provided to a notification destination corresponding to the generated security event. The security event includes an event that does not conform to a predetermined rule.

Abstract: A key management system for providing encryption of a disk in a client device is provided. The system comprises a trusted platform module (TPM) having a first fragment of a key, a remote storage having a second fragment of the key, and a processing unit to partially boot instructions relating to the booting of the client device, send a request for validation of the instructions to the TPM, receive the first fragment of a key from the TPM if the validation is successful, send a request for the second fragment of the key along with credentials to access the remote storage. The remote storage verifies the credentials and a network through which the request is received and transmits the second fragment if the verification is successful. The processing unit then combines the first fragment and second fragment of the key to generate an encryption key which is used to complete the booting.

Abstract: Event vectors can be determined for respective events based on respective command-line records and a trained representation mapping. Respective coordinate vectors can be determined, each having fewer elements than the respective event vector. Respective representations of at least some of the events can be presented via an electronic display at the respective coordinate vectors. A selection of a first representation can be received via a user interface. The events can be clustered based on the event vectors. A first cluster can be selected based on the selection. An indication of a tag can be received via the user interface. Each event of the first cluster can be associated with the tag. Some examples include transmitting a security command to cause a monitored computing device associated with an event in the first cluster to perform a mitigation action.

Abstract: Aspects of the disclosure relate to optimizing authentication and management of wireless devices in zero trust computing environments. In some embodiments, a computing platform may receive, from a user computing device, a connection request. Subsequently, the computing platform may generate, using an artificial-intelligence engine, a profile for the connection request. Based on the profile for the connection request generated using the artificial-intelligence engine, the computing platform may determine that the connection request is valid. In response to determining that the connection request is valid, the computing platform may establish a connection with the user computing device. Based on establishing the connection with the user computing device, the computing platform may assign an identity to the user computing device.

Abstract: An array of non-volatile memory cells includes rows and columns. A volatile storage circuit provides addressable units of storage. A control circuit reads first type data and second type data from one or more of the rows and multiple ones of the columns of the array of non-volatile memory cells. The control circuit stores the first type data and second type data read from each row in one or more addressable units of storage of the volatile storage. A security circuit reads first data from the one or more of the addressable units of the volatile storage and selects from the first data, the second type data that includes one or more bits of each of the one or more of the addressable units. The security circuit performs an integrity check on the selected second type data, and generates an alert signal that indicates a security violation in response to failure of the integrity check.

Abstract: A method for reducing spam transaction submission in a blockchain network includes: receiving a transaction request from a computing device; transmitting a computational challenge to the computing device; receiving an answer to the computational challenge from the computing device; receiving a new blockchain transaction from the computing device; validating the received answer to the computational challenge; and transmitting the new blockchain transaction to a plurality of blockchain nodes in a blockchain network upon successful validation of the received answer.

Abstract: An interface, through which functionality of a cloud computing infrastructure can be accessed, can create defined endpoints through which such an interface is accessed, with such defined endpoints limiting the functionality accessible through the interface to only allowed functions. An elevate function can, through a secure key exchange protocol, receive appropriate assurances and can, in response, remove the functionality limitations of the endpoint, thereby enabling unfettered access to the cloud computing infrastructure. Such unrestricted access can be limited in duration, which duration can be established in advance, or agreed-upon through the key exchange mechanism.