Abstract: Systems and methods herein relate to monitoring traffic for mobile devices for threats. One method includes defining, in a data structure, groups based on a characteristic. A mobile device is then enrolled under one of the groups. In so doing, a security application monitors traffic for the device for threats, based on the device's enrollment group, when the device is associated with a characteristic on which its enrollment group is based. When the device is no longer associated with the characteristic on which its enrollment group is based, the device is re-enrolled under a different group.

Abstract: A brain-actuated authentication key exchange (“BACAKE”) system facilitates multi-factor and mutual authentication of an individual to a provider computing system via a brain-computer interface. Neural signals are received from a brain-computer interface coupled to an individual. Physical movement intentions of the individual are extracted from the neural signals. The physical movement intentions are mapped to a character string representing a knowledge factor. A secure, mutually authenticated communication channel is established between the BACAKE computing system and a provider computing system by using the knowledge factor as an input to a password authenticated key exchange protocol.

Abstract: Example methods are provided for an entity to perform micro-segmentation in a virtualized computing environment that includes multiple hosts. The method may comprise obtaining application implementation information associated with one or more applications implemented by multiple virtualized computing instances, each of the multiple virtualized computing instances being supported by one of the multiple hosts. The method may further comprise detecting micro-segments by clustering the multiple virtualized computing instances based on the application implementation information, and determining security policies for respective detected micro-segments. Each of the detected micro-segments may include one or more of the multiple virtualized computing instances that have more similarity compared to those in a different detected micro-segment.

Abstract: Disclosed are various embodiments for secure and anonymized electronic voting. A homomorphically encrypted vote and a digital signature of the homomorphically encrypted vote are received from a client device. Then, the digital signature of the homomorphically encrypted vote is validated. Next, the homomorphically encrypted vote is stored in a data store in response to validating the digital signature of the homomorphically encrypted vote. Finally, the homomorphically encrypted vote is recorded in a publicly available distributed ledger.

Abstract: Disclosed herein are methods, systems, and apparatus for cross-chain authentication. One of the methods includes: obtaining an identity confirmation request and a first public key; obtaining an identity verification request and a corresponding identity verification identifier for identity verification of a user associated with the user terminal; sending the identity verification request and the first public key to the user terminal; obtaining digitally signed data, a second public key, and identity verification data; verifying an identity of the user based on the identity verification data; verifying that the first public key and the second public key correspond to the user; and recording authentication data comprising the digitally signed data and the identity verification identifier to a blockchain.

Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: An egress man-in-the-middle (MITM) system comprising: a trusted computing asset disposed in a first local subnet and connected to a computer network; and an egress MITM effector disposed in the first local subnet and configured to passively monitor incoming network traffic to the trusted computing asset, and further configured to obfuscate true information regarding the trusted computing asset to other computing assets on the computer network by transmitting, as if from the trusted computing asset, a spoofed response in answer to selected incoming network traffic, wherein the spoofed response comprises false or misleading information regarding the trusted computing asset thereby protecting the trusted computing asset from attack.

Abstract: A virtualized storage for use in performing dynamic analysis of a sample is configured, at least in part by copying the sample to the virtualized storage. A virtual machine emulator is launched using a snapshot of a virtualized platform. A location of the copied sample in an image corresponding to the virtualized storage is determined, at least in part by identifying an offset. The copied sample is installed and dynamic analysis is performed on the sample.

Abstract: An apparatus for monitoring file access in a virtual machine in a cloud-computing system based on a virtualized environment includes a hypervisor for implementing at least one virtual machine and managing the virtual machine by monitoring a task in which a the virtual machine accesses a file loaded from storage to memory, the storage storing data including environment information of the virtual machine.

Abstract: A method, a computer program product, and a computer system for securely sharing confidential information in a document. A first computer sets one or more confidential attributes of the confidential information in the document and creates metadata of the confidential information. The first computer creates a first file including the confidential information and the metadata. The first computer creates a second file including non-confidential information in the document and the metadata; the metadata in the second file is as a reference to the confidential information. The confidential information in the first file is displayed by a second computer at a confidential information visibility level in accordance with an authorization level of an authorized user of the second computer. The second file is displayed at a visibility level without showing the confidential information and is accessible by all users.

Abstract: Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. The set of selected events is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: Systems and methods for performing graph-based analysis of computing system threats and incidents, and determining response and/or mitigation actions for the threats and incidents, are described. In some embodiments, the systems and methods generate node graphs of computing system threat artifacts, and perform actions to identify recommended resolutions to the threats, based on information derived from the generated node graphs.

Abstract: A method for securing a blockchain and incentivizing the storage of blockchain data using a publicly verifiable proof of retrievability (PoR) includes receiving a PoR transaction having a PoR proof; determining whether the PoR proof is a verified PoR proof; and based upon determining that the PoR proof is a verified PoR proof, incorporating, by a block creator node, the PoR transaction into a new block of the blockchain.

Abstract: Disclosed are systems and methods for firewall configuration. A request can be transmitted to a DNS server. A response to the DNS request can include an Internet Protocol (IP) address. A firewall rule can be generated permitting access to the IP address. The firewall rule can be configured to be valid until expiration of a time-to-live value in the response to the DNS request. Thus, firewall rules can be automatically created as needed by executed processes, eliminating the need for manual firewall rule creation. As the firewall rule is invalid after the expiration of the time-to-live value, risks associated with maintaining out-of-date firewall rules are eliminated, as is the requirement to manually remove or modify out-of-date firewall rules.

Abstract: Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level. Enhanced operational efficiency and customer convenience is thereby provided in industries including parking, hotels, and autonomous vehicle fleets.

Abstract: Systems and methods for accelerating computer network policy searching are provided. According to one embodiment, a packet is received by a policy search engine (PSE) of a packet processing device. A set of candidate policies are identified from among multiple policies of the packet processing device by screening the multiple policies by a speculation unit of the PSE based on metadata associated with the received packet. Finally, a matching policy for the received packet is identified by a policy search processor (PSP) of the PSE by executing policy-search-specific instructions and general purpose instructions.

Abstract: A pirated video identification system for network operators to detect and identify both encrypted and unencrypted Internet protocol (IP) pirated video. The system uses ground truth data gathered from various video player clients as input to train a machine learning that then is used to analyze both real-time and historical IP flow data from a network to identify the IP addresses of both the source and destination of pirate video traffic on the network. They system can be used to aid in accurately measuring the volume and scale of pirated video traffic on a network as well as aiding in taking countermeasures against both the distributors and consumers of the pirated video.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.