Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.

Abstract: A method includes generating a private key associated with a distributed ledger. The private key is stored on a secure memory. A storage device is manufactured and includes an onboard computing device having the secure memory integrated therein. The onboard computing device is configured to sign one or more ledger operations with the private key.

Abstract: A computer-implemented method, computer program product and computing system for: obtaining consolidated platform information to identify current security-relevant capabilities for a computing platform; determining possible security-relevant capabilities for the computing platform; and rendering graphical comparison information that illustrates a difference between the current security-relevant capabilities of the computing platform and the possible security-relevant capabilities of the computing platform.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: A source code analysis tool is augmented to support rule-based analysis of code to attempt to identify certain lexical information indicative of hard-coded secret (e.g., password) support in the code. The tool takes the source code as input, parses the content with a lexical analyzer based on language grammar, and processes the resulting data through preferably a pair of rule-based engines. Preferably, one engine is configured to identify variables explicitly intended to be used as a hard-coded secret, and the other engine is configured to identify data strings that could potentially support such a secret. The outputs of these rules engines are consolidated and evaluated to identify a likelihood that the code under examination includes support for a hard-coded secret. The result is then provided to the developer for further action to address any potential security vulnerability identified by the analysis.

Abstract: A blockchain single-leader election algorithm that overcomes the deficiencies of existing blockchain implementations, such as implementations that rely on the proof of work, is described herein. For example, the single-leader election algorithm may include a series of rounds, where at most one node is selected as a leader in each round and the selected leader is able to form a new block in the blockchain. The single-leader election is not an election in which there are votes, but an election in which a node is selected as a leader at random to avoid bias, such as the bias that is present in existing blockchain implementations. Any node can become a leader, and the elections are driven by burning or destroying a cryptocurrency that is different than the cryptocurrency provided to a node as a block reward and transaction fees when the node is selected as a leader.

Abstract: The disclosed computer-implemented method may include initializing a server instance using a specified network address and an associated set of credentials, logging the network address of the initialized server instance as well as the associated set of credentials in a data log, analyzing network service requests to determine that a different server instance with a different network address is requesting a network service using the same set of credentials, accessing the data log to determine whether the second server instance is using a network address that is known to be valid within the network and, upon determining that the second server instance is not using a known network address, preventing the second server instance from performing specified tasks within the network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A cybersecurity assessment system is provided for monitoring, assessing, and addressing the cybersecurity status of a hierarchy of target networks. The cybersecurity assessment system may scan individual target networks and produce data regarding the current state and properties of devices on the target networks. The cybersecurity assessment system may generate user interfaces to present cybersecurity information regarding individual target networks, and composite cybersecurity information regarding a hierarchy of target networks or some subset thereof. The cybersecurity assessment system can generate access configurations that specify which cybersecurity information of the hierarchy can be accessed by individual target networks of the hierarchy.

Abstract: Systems and methods for combining input data and machine learning models that remain secret to each entity are described. This disclosure can allow groups of entities to compute predictions based on datasets that are larger and more detailed collectively than individually, without revealing their data to other parties. This is of particular use in artificial intelligence (AI) tasks in domains which deal with sensitive data, such as medical, financial, or cybersecurity.

Abstract: A method may include sending, to an entry point of an instrumented web application, a first request including a first value of a parameter. The first value may correspond to a first vulnerability category. The method may further include receiving, from the instrumented web application, first taint analysis results, determining that the first taint analysis results include a sink function corresponding to a second vulnerability category, and sending, to the entry point, a second request including a second value of the parameter. The second value may correspond to the second vulnerability category. The method may further include receiving, from the instrumented web application and in response to sending the second request, second taint analysis results including the sink function, and detecting, in the instrumented web application and using the second taint analysis results, a vulnerability corresponding to the sink function and the second vulnerability category.

Abstract: Systems, methods, and storage media for determining the probability of cyber risk-related loss within one or more computing systems composed of computing elements are disclosed. Exemplary implementations may: assess vulnerability by determining an exposure window for a computing element based on the number of discrete times within a given time frame where the computing element is in a vulnerable state; determine a frequency of contact of the computing element with threat actors; normalize the exposure window and the frequency of contact; calculate a threat event frequency by dividing the normalized exposure window by the normalized frequency of contact; and repeat the steps for multiple elements. When combined with liability data that describes the loss magnitude implications of these events, organizations can prioritize the elements based on loss exposure and take action to prevent loss exposure.

Abstract: Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the data RCP. The data RCP is encrypted using the Key RCP to produce a subsequent data RCP. The subsequent data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a data RCP to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the data RCP to produce a subsequent Key RCP. A data structure is encrypted using the data RCP to produce an encrypted data structure.

Abstract: A method, comprises: receiving, by a server device, a policy identifier from a user device, wherein the policy identifier represents the occurrence of an event on the user device; matching, by the server device, a policy to the policy identifier; and outputting, by the server device, the matched policy to the user device to cause the user device to set the policy on the user device.

Abstract: A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may have a higher trust level than others. For example, each device can receive a number of key parts. In response to a request to authenticate the user, parts of the security key may be retrieved from two or more, but less than all, of the plurality of electronic devices associated with the user. The retrieved parts are used to reconstruct the security key, and the user is authenticated based on the reconstructed security key.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

Abstract: A method for establishing and maintaining a security policy for a device can include establishing a secure channel between a secure execution environment (SEE) operating on the device and a security entity external to the device. The method can also include configuring, by a security manager executing on the SEE, access to sensitive operations of an environment interactor coupled to the device based on a security policy provided from the security entity. The method can further include resetting, by the security manager, a secure watchdog timer in response to a reset authorization token provided from the secure entity. If the secure watchdog timer expires a given predetermined number of times since a last reset authorization token is received, the security manager executes a given prescriptive operation dictated by the security policy.

Abstract: Computer code is received that is written using a dynamic Domain Specific Language (DSL) running in a General Purpose Language (GPL) computing environment. A compiler performs static compiler analysis on the computer code. The static compiler analysis includes referencing a security policy defining one or more unacceptable program behaviors. During compile time at the compiler, runtime security checking functionality is performed leveraging compiler extensions, type information, and environment specific compile context. Results of the static compiler analysis are used to indicate when execution of the computer code would result in performance of the one or more unacceptable program behaviors. The one or more unacceptable program behaviors include modifying preexisting computer code to incorporate the computer code written using the DSL.

Abstract: A method for verifying a proximity of a user device to a beacon, including broadcasting a frame comprising an encrypted payload, receiving the frame, extracting information from the frame, and verifying the proximity of the user device to the beacon based on the extracted information.

Abstract: A system and method control or manage access to multiple target servers in a network. The system includes an access control user interface, a memory, and a management server. The access control user interface is accessible to the multiple target servers. The memory stores a database providing information to the access control user interface. The management server includes a processor implementing discovery and event trigger engines. The discovery engine discovers user rights stored at the multiple target servers and delivers the user rights over the network to the database. The event trigger engine is invoked by detection of a security event from a first target server, updates the user rights at a local cache on the first target server, and delivers the updated user rights to the database. The event trigger engine is configured to modify the discovery engine based on the detection of the security event.

Abstract: Methods, systems, and media for protecting applications from malicious communications are provided. In some embodiments, the method comprises: receiving a rule that indicates that communications from a source application to a destination application are to be blocked, wherein the rule is generated by: calculating risk values associated with communications transmitted by the source application; calculating a risk score for the source application; identifying a group of applications that have communicated with the source application; calculating a risk profile score for the source application; and in response to determining that the risk profile score exceeds a threshold, generating the rule; intercepting a communication to the destination application; determining whether to transmit the communication to the destination application; and in response to determining that the communication is not to be transmitted to the destination application, blocking the communication.