Abstract: Backup data is leveraged to determine whether primary data has been encrypted by malware. The disclosed approach does not rely on recognizing particular malware instances or malware provenance, and thus can be applied to any body of data. Even a novel and previously unknown malware attack can be detected in this way. An illustrative data storage management system analyzes secondary copies it created over time, applies a multi-factor analysis to data recovered from the secondary copies and, based on the analysis, infers whether the primary data from which the secondary copies were created may be encrypted. The present approach uses successive versions of backup copies to find indicia of malware encryption, rather than trying to trace or identify the malware itself. Indicia of entropy correlate highly with encryption, such as encryption performed by malware attacks. Conversely, indicia of similarity correlate highly with lack of encryption of successive versions of documents.

Abstract: Ingesting large quantities of data in a secure manner can be problematic, particularly processing types of data streams to determine the content of the data stream. As provided herein, a context associated with the data stream can be ascertained by mapping the content of data stream using contextual maps. The content and context can then be further processed in order to generate appropriate responses. In addition, obfuscation can be applied to the content such that the original content is lost while the contextual meaning associated with the content is maintained. In this way, an understanding can persist of the original content without retaining the underlying raw data.

Abstract: Dynamic multi-network security controls are provided herein. A method can include receiving a report of malicious network traffic observed by first network equipment operating in a first communication network, where the report indicates a second communication network distinct from the first communication network as an originating network of the malicious network traffic, identifying second network equipment operating in the second communication network as a source of the malicious network traffic, and based on the identifying, blocking communications from the second network equipment for a defined time interval.

Abstract: Methods, systems, and computer program products for direct assignment of physical devices to confidential virtual machines (VMs). At a first guest privilege context of a guest partition, a direct assignment of a physical device associated with a host computer system to the guest partition is identified. The guest partition includes the first guest privilege context and a second guest privilege context, which is restricted from accessing memory associated with the first guest privilege context. The guest partition corresponds to a confidential VM, such that a memory region associated with the guest partition is inaccessible to a host operating system. It is determined, based on a policy, that the physical device is allowed to be directly assigned to the guest partition. Communication between the physical device and the second guest privilege context is permitted, such as by exposing the physical device on a virtual bus and/or forwarding an interrupt.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: A cybersecurity infection detection system and method of use. In some embodiments, the system and process provide improved network security, computer security, or both, through mutually assured, defense in depth approaches. In some embodiments, one or more of defense in depth, collaborative attack detection, remediation, component redundancy, component self-monitoring, and component self-replacing are combined to effect an enhanced cybersecurity system. In some embodiments, the cybersecurity system and method include, but are not limited to, one or more of one or more probes, monitors, configuration ledgers, signature ledgers, audit ledgers, configuration controllers, message engines, switchboards, and a public-private key infrastructure.

Abstract: Methods, systems, and devices for memory operations are described. First scrambling sequences may be generated for first addresses of a memory device after an occurrence of a first event, where the first addresses may be associated with commands received at the memory device. Portions of the memory array corresponding to the first address may be accessed based on the first scrambling sequences. After an occurrence of a subsequent event, second scrambling sequences may be generated for the first addresses, where the second scrambling sequences may be different than the first set of scrambling sequences. After the occurrence of the subsequent event, the portions of the memory array may be accessed based on the second scrambling sequences.

Abstract: In an example embodiment, a protocol for private set intersection is introduced that provides for two-party computation. Each party has a private data set and both parties want to securely compute the intersection of their sets, such that only the result is revealed and nothing else. Construction rules are provided that rely on the evaluation of a branching program (BP) using a fully homomorphic encryption (FHE) scheme. Using the properties of an FHE scheme, a non-interactive protocol is built with extendable functionalities. Thus, not only can the intersection be securely computed but the result can be used for further secure computations. Furthermore, the communication overhead for practical applications is independent of the server's set size, allowing for easy scalability.

Abstract: One embodiment provides a method, including: receiving, at an information handling device, a request from a user to access content; detecting, using at least one sensor associated with the information handling device, a face of the user; generating, using at least one audio output device and subsequent to the detecting, an audible sound; determining, using a processor, whether an expected movement of the face is identified with respect to the audible sound; and granting, responsive to determining that the expected movement is identified, the user access to the content. Other aspects are described and claimed.

Abstract: Embodiments of the present invention provide techniques, systems, and methods for remote, agent-less enterprise computer threat data collection, malicious threat analysis, and identification and reporting of potential and real threats present on an enterprise computer system. Specifically, embodiments are directed to a system that securely identifies and maps sensitive information from computers across the enterprise. Secure and sensitive information may be internally encrypted and analyzed for indicators of compromise, threatening behavior, and known vulnerabilities. The remote, agent-less collection, analysis, and identification process can be repeated periodically to detect and map additional sensitive information over time, and may delete itself after completion to avoid detection.

Abstract: Encryption of an image is achieved through application of a homomorphic encryption function to produce cipher images for each image. Encryption is performed individually on sub-values of a pixel's intensity value, wherein the pixel's intensity value can be described as a sum of the smaller numerical sub-values. The encrypted values for each sub-value form encrypted images that can be transferred or stored on insecure media. Separate encryption approaches can be applied to individual sets of the numerical sub-values to improve security.

Abstract: A system and method for securing an application through an application-aware runtime agent can include: acquiring a code profile, instrumenting the application with a runtime agent according to the code profile, enforcing the runtime agent on the execution of the application, and responding to the runtime agent. Enforcing the runtime agent on the execution of the application can include monitoring the execution flow, which comprises of monitoring the utilization of the controls through the execution of the application; detecting a threat, which comprises identifying a section of the execution flow as a potential security threat; and regulating the execution flow to prevent or ameliorate the security threat. Responding to the runtime agent can include responding to the security threat and providing a user interface that may output runtime agent diagnostics and trigger alerts.

Abstract: A processor of an aspect includes a decode unit to decode an instruction. The processor also includes an execution unit coupled with the decode unit. The execution unit, in response to the instruction, is to determine that an attempted change due to the instruction, to a shadow stack pointer of a shadow stack, would cause the shadow stack pointer to exceed an allowed range. The execution unit is also to take an exception in response to determining that the attempted change to the shadow stack pointer would cause the shadow stack pointer to exceed the allowed range. Other processors, methods, systems, and instructions are disclosed.

Abstract: A system includes a memory, a user device that can be used by a user to enter a virtual environment and a processor coupled to the user device and the memory. The processor is configured to receive a first user credential from the user to perform a first data interaction in the virtual environment with a second user. The processor detects that the first user and the second user are part of a first virtual community, invokes a first set of rules, and processes the first request according to the first set of rules. The processor receives a second request from the first user to perform a second data interaction in the virtual environment with a third user. The processor detects that the third user is part of a second virtual community, invokes a second set of rules, and processes the second request according to the second set of rules.

Abstract: A method for data filtering that identifies a topic of interest for a user and individual sub-topics within the topic the user could be, or is, interested in. A three-dimensional map depicting a topic of interest containing markers for the sub-topics is created and used to specify a level of detail about the user's interest in the sub-topics that can be shared to or used by an external source.

Abstract: Embodiments of the present disclosure provide a method and apparatus for security assurance of a network function or service. The method comprises: generating security requirements for a network function based on a security profile and a deployment and runtime environment of the network function; generating a security policy and a security test specification for the network function based on the security requirements; deploying the network function based on the security policy; validating security compliance of the network function with the security test specification; and activating the network function or service, in response to the network function being in compliance with the security policy.

Abstract: Disclosed is an encryption method and apparatus. The encryption method using homomorphic encryption may include generating a ciphertext by encrypting data, and bootstrapping the ciphertext by performing a modular reduction based on a selection of one or more target points for a modulus corresponding to the ciphertext.

Abstract: A method and a system are disclosed for generating a global identifier for linking or unifying a plurality of de-identified customer data received from multiple source environments. The plurality of customer data is de-identified based on a master salt and a master token is generated. The master token is encrypted using a source-encryption key to generate a source token. The source token is also encrypted using a target-encryption key to generate a transfer token. At a central environment or a central storage unit, the transfer token is decrypted and the source token is obtained. Thereafter, source token is decrypted to obtain the master token. At the central storage unit, the master token is hashed with a target salt to generate the global identifier which is subsequently used to unify the plurality of de-identified customer data.

Abstract: A compliance check system to provide compliance validation for a user system is described. The compliance check system includes a compliance checker plug-in on a device used to access a secured resource. The compliance checker plug-in receives a request for compliance validation prior to providing access to a secured resource, and triggers one or more compliance checkers. In one embodiment, the compliance checker is a device encryption compliance checker configured to determine whether a device drive is encrypted. In one embodiment, the compliance checker is a password compliance checker configured to determine whether passwords in the user system comply with password compliance requirements. The compliance checker plug-in further to verify the compliance status of the device, based on data from the compliance checkers.

Abstract: A method includes: receiving, by a computing device, user input to move content from an augmented reality (AR) interface to a virtual reality (VR) interface; obtaining, by the computing device, security levels of users in a VR environment associated with the VR interface; determining, by the computing device and based on the security levels, which of the users in the VR environment is permitted to see the content; and changing, by the computing device, at least one of the AR interface to the VR interface based on the determining.