Abstract: A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match.

Abstract: A computer-implemented method, computer program product, and system for detecting anomalous behavior of computing devices are provided. The computer-implemented method for detecting anomalous behavior of computing devices may include establishing a network of computing devices; receiving shared data from the networked devices; determining device behavior; predicting future device behavior, detecting anomalous device behavior, and sending an alert in response to a detection of anomalous device behavior.

Abstract: Techniques for dynamic selection and generation of detonation location of suspicious content with a honey network are disclosed. In some embodiments, a system for dynamic selection and generation of detonation location of suspicious content with a honey network includes a virtual machine (VM) instance manager that manages a plurality of virtual clones executed in an instrumented VM environment, in which the plurality of virtual clones executed in the instrumented VM environment correspond to the honey network that emulates a plurality of devices in an enterprise network; and an intelligent malware detonator that detonates a malware sample in at least one of the plurality of virtual clones executed in the instrumented VM environment.

Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.

Abstract: A method for providing a transparent asynchronous network flow exchange is provided. The method may include receiving a query request from a requester, whereby the received query request is associated with a network packet. The method may also include determining if the network packet contains a plurality of defined signatures. The method may further include in response to determining that the network packet contains a plurality of defined signatures, authenticating a plurality of information associated with the network packet. The method may additionally include determining a plurality of flow related security information associated with the network packet based on the authentication of the plurality of information. The method may include sending the determined plurality of flow related security information to the requester.

Abstract: This disclosure provides example details for apparatuses and methods that manage virtual firewalls in a wireless communication network that includes a Core Network, CN, and an associated Radio Access Network, RAN. The virtual firewalls process traffic for respective wireless devices supported by the network. For example, the virtual firewall associated with a given wireless device is maintained in the RAN at the RAN node supporting the device, and is migrated from that RAN node in response to detecting a handover event involving the device. Advantageously, migration may be “horizontal,” where the associated virtual firewall is moved between nodes in the RAN, or may be “vertical,” where the associated virtual firewall is moved from the RAN to the CN.

Abstract: A method for associating a web event with a member of a group of users is implemented at a first computing device. The method includes: receiving a data access request from a second computing device; determining whether the user has previously provided personal information and authorization to the first computing device through the second computing device; if the user's personal information and authorization are found: generating a record for the data access request; if the user's personal information is found but the user's authorization is not found: generating a record for the data access request; and if neither of the user's personal information and authorization is found: identifying one or more user identifiers that are associated with the second computing device; and returning personal information associated with the one or more user identifiers to the second computing device.

Abstract: A method for preparing content for watermarking is disclosed. The content is available in different versions on a server for at least a client and the different versions of the content are subdivided into temporally aligned chunks. For each version of the content, candidate locations for watermarking are obtained. A watermark payload bit insertion rate is determined according to a minimum path. Watermark embedding metadata is generated for each version of the content such that the watermark payload bit insertion rate is the same. A device for implementing the method and a non-transitory program storage device are also disclosed.

Abstract: A system, apparatus, method, and machine readable medium are described for performing authentication using data analytics such as machine learning.

Abstract: A method for use in a dispersed storage network (DSN) operates to output at least a write threshold number of write slice requests to a set of storage units of the DSN and receive write slice responses from the set of storage units. When the write threshold number of favorable write slice responses is received, the method includes generating a corresponding number of commit requests and outputting the number of commit requests to associated storage units corresponding to the write threshold number of favorable write slice responses received.

Abstract: Customer content is securely loaded on a field programmable gate array (FPGA) located on a secure cryptography card. The customer content is loaded such that it may not be extracted. A customer obtains a secure cryptography card that includes a field programmable gate array and a master key generated by the secure cryptography card. The customer loads customer specific content on the field programmable gate array, wherein, based on the loading, the customer specific content is secure from extraction via the master key by at least entities other than the customer.

Abstract: A device of the Substitution-Box (S-Box) type, which is suitable for operating in a symmetric-key encryption apparatus, in particular an AES (Advanced Encryption Standard) encryption apparatus, and includes at least one module configured for carrying out a non-linear operation in a finite field (GF(28)) of an encryption method implemented by the above encryption apparatus, the module including at least one reprogrammable look-up table to, for example, implement countermeasures against side-channel attacks. When no countermeasures are employed, the tables may be set to fixed values, instead of being reprogrammable. The above module includes a plurality of composite look-up tables that implement the non-linear operation in a composite field of finite subfields (GF(24)2; GF((22)2)2) deriving from the finite field (GF(28)), each of the above composite look-up tables being smaller than a look-up table that is able to implement autonomously the non-linear operation in a finite field (GF(28)).

Abstract: Methods, systems, and apparatus are described for transferring application data between devices. In one aspect, a method includes causing, by a first service running on a first device, the first device to establish a wireless connection with a second device; receiving, from a second service running on the second device, data specifying applications that are installed on the second device and supported by the second service, each of the applications being separate from the second service; determining, by the first service, that a first application installed on the first device matches one of the applications installed on the second device, the first application being separate from the first service; receiving, by the first service, first application data from the first application; and causing, by the first service, the first device to send the first application data to the second service running on the second device using the wireless connection.

Abstract: Tunable metrics are used for iterative discovery of groups of security alerts that identify complex, multipart attacks with different properties. Alerts generated by triggering signatures on originating computing devices are iteratively traversed, and different metrics corresponding to alerts and alert groups are calculated. The calculated metrics quantify the feasibility of the evaluation components (alerts and/or alert groups) for inclusion in tuples identifying multipart attacks with specific properties. Alerts and successively larger alert groups are iteratively joined into tuples, responsive to evaluation components meeting thresholds based on corresponding calculated metrics. Only those evaluation components that meet specific thresholds based on the calculated metrics are added to alert groups. Metrics are only calculated for those components that have met corresponding metric-based thresholds during prior iterations.

Abstract: There is provided a method of maintaining a security risk level of data objects stored in a distributed system, comprising: estimating a current security risk level of at least one storage unit of each of a plurality of network nodes based on real time monitoring; distributing a plurality of data objects among the at least one storage units of the plurality of network nodes according to the current security risk level such that a minimal security requirement of each data object is complied with; detecting a change in the current security risk level of the at least one storage unit; and creating a new copy of at least one of the data objects for storage on a different network node such that the minimal security requirement of each data object is maintained.

Abstract: The techniques presented herein provide for associating a data encryption lockbox backup with a data storage system. A first set of software system stable values (SSV) is derived from data storage system component values unique to the data storage system. A lockbox storing the first set of SSV and a set of encryption keys associated with a corresponding respective set of data storage system drives is created. Access to the lockbox requires providing a first minimum number of SSV that match corresponding SSV in the first set of SSV. A backup copy of the lockbox is created, wherein access to the backup copy requires providing a second minimum number of SSV that match corresponding SSV in the first set of SSV, wherein the minimum number of SSV is equal to a second match value. The backup copy of the lockbox is stored at a remote location.

Abstract: Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.

Abstract: A method for a Mobile Mobility Entity (MME) to carry out mutual authentication with a group of Machine Type Communication (MTC) devices includes receiving group-related authentication data from a leader, transmitting the received information and an identification number of the MME, to a HSS, receiving from the HSS a random value, an Authentication Vector and information of group members, broadcasting the random value and the first authentication token to the MTC device group based on information received from the HSS, receiving from the leader a leader authentication response that the leader generates by using a local master key value calculated by using the first secret key value, authenticating the leader by comparing the leader authentication response with a leader authentication value received from the HSS, and authenticating members within the MTC device group according to the leader authentication result.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.

Abstract: A method includes training a file classifier from one or more n-gram feature vectors received from a plurality of binary files as input, where the one or more n-gram vectors represent the occurrences of character pairs in printable characters within the file or characters representing the informational entropy sequence of the file. Another method also includes generating, by the file classifier, output including classification data associated with the file based on the one or more n-gram vectors, where the classification data indicates whether the file includes malware.