Abstract: A memory alignment randomization method of a memory heap exploit is provided, memory alignment of objects inside a heap area is randomly performed to mitigate the exploits of the vulnerability of the software memory heap area The heap exploit is powerfully mitigated by aligning randomly obtained memory addresses instead of aligning memory addresses at multiples of 4 or 8 when the memory alignment for the objects inside the heap area.

Abstract: In one embodiment, a computing device receives an image that has been signed with a first key, wherein the image includes a first computational value associated with it. A second computational value associated with the image is determined and the image is signed with a second key to produce a signed image that includes both the first and second computational values. Prior to loading the dual-signed image, the computing device attempts to authenticate the dual-signed image using both the first and second computational values, and, if successful, loads and installs the dual-signed image.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.

Abstract: A control circuit causes a first cryptographic module to perform a dummy operation in a command processing period and a data processing period in which a second cryptographic module performs a normal operation while the first cryptographic module does not perform a normal operation.

Abstract: Methods and a first node, a second node and a network node for managing traffic characteristics of one or more packets on a connection are disclosed. The first node exchanges, with the network node, traffic characteristic semantics and a common key for encryption of a traffic characteristic value to be applied for the one or more packets on the connection, wherein the traffic characteristic semantics include the traffic characteristic value and an associated characteristic for the one or more packets. Moreover, the first node sends the traffic characteristic value and the common key to the second node. The network node checks and applies the traffic characteristics value according to service policies of the network node. Next, the first node exchanges, with the second node, payload which includes one or more packets over the connection. Information about the traffic characteristic value is included in a transport header of each packet carrying the payload.

Abstract: Method and apparatus for allowing the changing of security values and consent data is provided. The security values allow for dynamically changing the security level and ease of access associated with performing specific transactions on specific accounts. The consent data may be pushed or pulled and when stored, may be used for future transactions, of both the same or a different type. The changing of security levels and consent data may be accomplished over the internet using mobile devices over both secure and non-secure networks.

Abstract: Systems described herein preemptively detect newly registered network domains that are likely to be malicious before network behavior of the domains is actually observed. A network security device (e.g., a router) receives domain registration data that associates network domains with keys and generating a graph representing the domain registration data. Each edge of the graph connects a vertex representing a domain and a vertex representing a registration attribute (e.g., a registrant email address). The network security device identifies a connected component of the graph that meets a graph robustness threshold. The network security device determines whether a domain of the connected component whose behavior has not yet been observed is malicious using a predictive model based on existing maliciousness labels for other domains of the connected component.

Abstract: Cloud storage provides for accessible interfaces, near-instant elasticity and scalability, multi-tenancy, and metered resources within a framework of distributed resources acing to provide highly fault tolerant solutions with high data durability. However, cloud storage has drawbacks and limitations which are addressed by: a graphical user interface which portrays content ingested from third party sources in its original folder contexts and determines what folder locations each knowledge worker will see in the interface rather than how they are uploaded onto the remote storage; a centralized determination of incremental ingestion of changes from a data source to a cloud storage repository that should be written; and a responsive method of obtaining query results for policies that evaluate one or more clauses against a cloud storage repository containing large data sets; and a means of maintaining/refreshing of statistics for large data sets within a cloud storage repository.

Abstract: The unauthorized access of database nodes by application nodes within an electronic computing and communications system can be prevented using an access table that stores access table records indicating that at least some of the application nodes are authorized to access at least some of the database nodes. The access table records can be generated by identifying connections between application nodes and database nodes within a configuration management database. Responsive to receiving a request to access a database node sent from a first application node, the access table can be queried to determine whether an access table record indicating that the first application node is authorized to access the database node is stored in the access table. If that access table record is not stored in the access table, the request is denied. Otherwise, the request is allowed.

Abstract: In one respect, there is provided a system for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The at least one memory may include program code that provides operations when executed by the at least one processor. The operations may include: training, based on a training data, a machine learning model to enable the machine learning model to determine whether at least one container file includes at least one file rendering the at least one container file malicious; and providing the trained machine learning model to enable the determination of whether the at least one container file includes at least one file rendering the at least one container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: A wireless communication device communicates with a GPRS wireless network where ciphering has gone out of sync between the wireless communication device and the wireless network. The wireless communication device triggers an authentication procedure that re-synchronizes the ciphering. Following the trigger, the wireless communication device and the wireless network continue the authentication procedure so that ciphering parameters can be negotiated again and data communication can resume.

Abstract: The systems and methods that detect malware from count vectors are provided. A count vector having multiple components is generated. The count vector tracks a number and types of system calls generated by a process. Each component in the count vector is mapped to a type of a system call that exists in an operating system. Multiple system calls generated by the process are received over a first time interval. Each system call is mapped to a component in the count vector. The count vectors are aggregated according to a second time interval into a vector packet. The vector packet is transmitted over a network to a malware detection system that uses the count vectors in the vector packet to determine whether the process is a malware process.

Abstract: Confidential, secret data may be shared via one or more blockchains. Mortgage applications, medical records, financial records, and other electronic documents often contain social security numbers, names, addresses, account information, and other personal data. A secret sharing algorithm is applied to any secret data to generate shares. The shares may then be integrated or written to one or more blockchains for distribution.