Abstract: The present disclosure includes apparatuses, methods, and systems for block chain validation of memory commands. An embodiment includes a memory, and circuitry configured to receive a command that is included in a block in a block chain for validating commands to be executed on the memory, wherein the command includes an anti-replay portion that is based on a previous command included in a previous block in the block chain, validate the command using the anti-replay portion of the command, and execute the command on the memory upon validating the command.

Abstract: Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.

Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.

Abstract: There is provided a computer implemented method of disabling a malicious electronic control unit (ECU) of a plurality of ECUs in communication with a controller area network (CAN) bus network, the method executed by a computing device in communication with the plurality of ECUs and the CAN bus network, the method comprising: detecting a malicious message transmitted by the malicious ECU over the CAN bus network, and injecting a plurality of bits over the CAN bus network to trigger a predefined plurality of errors for disabling the malicious ECU before the malicious ECU makes an additional attempt to retransmit an additional instance of the malicious message.

Abstract: A method, a computer program product, and a system for performing a of threat similarity analysis for automated action on security alerts. The method includes receiving, by a threat similarity analysis system, a security alert relating to a security from a threat disposition system within an environment, performing, by the threat similarity analysis system, a similarity analysis on the security alert using a machine learning model. The similarity analysis compares the security alert with previous security alerts within a time window. The threat similarity analysis system can apply a cosine similarity analysis to perform the similarity analysis. The method also includes determining, based on the similarity analysis, the security alert matches at least one previous security alert from the previous security alerts within a predetermined degree, and associating the security alert into a same security incident as the previous security alert determined by similarity analysis.

Abstract: A method includes extracting, by an individual computing system, physical movement intentions of an individual from neural signals; mapping, by a secure element of the individual computing system, the physical movement intentions to a character string representing a knowledge factor; and establishing, by the individual computing system, a secure, mutually authenticated communication channel between the individual computing system and a provider computing system by using the knowledge factor as an input to a password authenticated key exchange protocol and generating a symmetric encryption key using the knowledge factor as an input to a key exchange protocol.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: Artificial biometric traits self-nullify due to natural physiological processes. Biometric enrollment and authentication may then be based on a life associated with the self-nullifying biometric trait. Once the life is expected to have expired, no further authentication may be performed until a new artificial biometric is applied.

Abstract: This is directed to providing access to content stored on a local cloud. In particular, a device can direct a librarian service overseeing the operation of a local cloud to provide another device with access to content stored on the local cloud. The librarian service can generate credentials for the other device, and provide the credentials to the other device. Using the credentials, the other device can connect directly to the local cloud and access the content. In addition, the local cloud can validate the credentials of the other before providing access to the content. The credentials can include, for example, a key to install or load on the device. The librarian may not require, however, the user to create credentials or register with the librarian before being permitted to access the content on the local cloud.

Abstract: Disclosed are systems and methods for firewall configuration. A request can be transmitted to a DNS server. A response to the DNS request can include an Internet Protocol (IP) address. A firewall rule can be generated permitting access to the IP address. The firewall rule can be configured to be valid until expiration of a time-to-live value in the response to the DNS request. Thus, firewall rules can be automatically created as needed by executed processes, eliminating the need for manual firewall rule creation. As the firewall rule is invalid after the expiration of the time-to-live value, risks associated with maintaining out-of-date firewall rules are eliminated, as is the requirement to manually remove or modify out-of-date firewall rules.

Abstract: A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program.

Abstract: A computing system provides clock readings from an untrusted code to trusted code, where the trusted code is executed in a secure enclave and the untrusted code is executed outside the secure enclave. The computing system allocates a pointer to shared memory that is shared between the untrusted code and the trusted code. Under control of the untrusted code, the computing system periodically writes a clock reading to the shared memory. Under control of the trusted code, the computing system reads the clock reading stored in shared memory. The untrusted code cannot determine when the trusted code reads a clock reading.

Abstract: A system and method for accelerating an automated labeling of a volume of unlabeled digital event data samples includes identifying a corpus characteristic of a digital event data corpus that includes a plurality of distinct unlabeled digital event data samples; selecting an automated bulk labeling algorithm based on the corpus characteristic associated with the digital event data corpus satisfying a bulk labeling criterion of the automated bulk labeling algorithm; evaluating a subset of the plurality of unlabeled digital event data samples, wherein evaluating the subset includes attributing a distinct classification label to each digital event data sample within the subset; and in response to the selection, executing the selected automated bulk labeling algorithm against the digital event data corpus, wherein the executing includes simultaneously assigning a classification label equivalent to the distinct classification label to a superset of the digital event data corpus that relates to the subset.

Abstract: A first anomaly detection unit detects anomalous first monitored data from among a plurality of first monitored data obtained from a monitored system. A second anomaly detection unit operates in parallel with the first anomaly detection unit and detects anomalous second monitored data from among a plurality of second monitored data obtained from the monitored system. In a first storage unit, the anomalous first monitored data and the anomalous second monitored data detected before lapse of a given time from detection time of the anomalous first monitored data are stored in association with each other. A first determination unit, when the anomalous first monitored data is detected, retrieves the anomalous second monitored data associated with the detected anomalous first monitored data from the first storage unit and outputs a first anomaly detection result including the retrieved anomalous second monitored data and the detected anomalous first monitored data.

Abstract: Embodiments provide traceability of edits to a document, i.e., a verifiable and immutable provenance chain for the document. Systems and methods enable traceability of edits, by encoding, for states of the document, a fingerprint (e.g., a cryptographic hash of the document's contents) and an edit history within a block written to a distributed ledger (e.g., a blockchain). The ledger is maintained via a self-organizing peer-to-peer distributed ledger network. Once added to the ledger, the contents of a block (e.g., the document's fingerprint and edit history) are immutable and the integrity of the edit history encoded in the ledger is secure. The algorithm that generates the fingerprint is sensitive to edits of the document. The non-corruptible fingerprint encoded in the ledger is employable to detect any edits that are not included in the encoded edit history and/or inconsistent with a currently available version of the document.

Abstract: A method for providing access to a target electronic device through a first service running on a different electronic device may include receiving in the first service a command directed to the target electronic device from a command sender and receiving in the service device operation status parameters of the target electronic device. The device operation status parameters may include properties of the target electronic device such as a battery level, a battery charging rate, an age, a planned lifespan, a recent wireless usage, an internal temperature, or any of the above in relation to an intervening electronic device over which communication to the target electronic device travels, or any combination thereof. The method may also include using the device operation status parameters to determine, using the service, whether to provide or not to provide an update signal incorporating the command or information to the target electronic device.

Abstract: A blockchain transaction manager implements a method of managing submission of blockchain transactions to a node in a blockchain network by validating a received blockchain transaction and enqueuing the validated received blockchain transaction in a transaction queue, preparing at least one transaction attribute of the received blockchain transaction and placing the received blockchain transaction in a persistence queue, digitally signing or certifying the received blockchain transaction, attempting to submit the digitally signed or certified blockchain transaction to the node, and polling a blockchain status of the submitted blockchain transaction. Processes are provided for automatically recalculating blockchain transaction processing fees in the blockchain transaction attributes. Processes are also provided for repairing transaction attributes when the blockchain transaction has been rejected and submitting the repaired blockchain transaction to the node.

Abstract: A system for “horizontal” salting of database tables, text files, and data feeds utilizes a key field and character position within that field (the “Key Character”) and a Salting Field, which contains content that can legitimately be in one of at least two states without impacting the usefulness of the data. A unique identifier, which is assigned to the recipient of the data, is hidden within the data by using the variations of the states in the Salting Field, with the value of the Key Character identifying the position within the unique identifier. This type of salting is invisible to the recipient of the data file, does not alter the accuracy of the data, and can be made unique for a particular party receiving data files or unique for each data file.

Abstract: A sample is analyzed to determine a set of events that should be selected for performing by a dynamic analyzer executing the sample in an instrumented, emulated environment. In some cases, analyzing the sample includes extracting the sample's user interface layout into a tree hierarchy of user interface elements. The set of selected events is performed. In some cases, at least one emulator detection resistance action is performed. A maliciousness verdict is determined for the sample based at least in part on one or more responses taken by the sample in response to the set of selected events being performed by the dynamic analyzer.

Abstract: A hosted secrets management transport system and method for managing secrets at one or more offsite locations that facilitates secret flow, secret retrieval, and secret replication. The method includes defining boundaries for two or more sovereignties, each sovereignty having an independent master record and each sovereignty including two or more regions; defining a primary region within the two or more regions; accessing, within the primary region, a master record hardware security module that is a primary source of secrets; defining a second region; accessing, within the second region, a backup record hardware security module that is where data backups of the secrets from the master record hardware security module are created; and executing live replication from the master record hardware security module to the backup record hardware security module in which the live replication that supports multi-tenancy secret management of multiple distinct companies at the same time.