Abstract: An access key retrieval service receives a request from a client device to configure an application on the client device. In response to the request, the access key retrieval service provides a setup code comprising a first component of an authentication key. Additionally, the access key retrieval service provides files for configuring the application, including a manifest file that includes a second component of the authentication key. The client device uses a set of key components that comprises the first component and the second component to derive the authentication key and provides information demonstrating access to the authentication key. The access key retrieval service receives this information and provides an access key usable to enable the application to access computing resources of a service provider.

Abstract: Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token.

Abstract: Described is a system and method for generating safety conditions for a cyber-physical system with state space S, action space A and trajectory data labelled as either safe or unsafe. In operation, the system receives inputs and ten minimizes loss functions to cause a neural network to become a barrier function. Based on the barrier function, the system can then determine if the cyber-physical system is entering an usafe state, such that if the cyber-physical system is entering the usafe state, then the cyber-physical system is caused to initiate a maneuver to position the cyber-physical system into a safe state.

Abstract: A container corresponding to executable code may be received. In response receiving the container, an assertion value may be stored in an assertion register. A final canary value may be generated based on a cycles combining a prior canary value and a mix value. A determination may be made as to whether the final canary value matches with the assertion value stored in the assertion register. In response to determining that the final canary value matches with the assertion value, one or more privilege registers may be programmed to provide access to hardware resources for the container corresponding to the executable user code.

Abstract: During operation, the system uses N sensors to sample an electromagnetic interference (EMI) signal emitted by a target asset while the target asset is running a periodic workload, wherein each of the N sensors has a sensor sampling frequency f, and wherein the N sensors perform sampling operations in a round-robin ordering with phase offsets between successive samples. During the sampling operations, the system performs phase adjustments among the N sensors to maximize phase offsets between successive sensors in the round-robin ordering. Next, the system combines samples obtained through the N sensors to produce a target EMI signal having an EMI signal sampling frequency F=f×N. The system then generates a target EMI fingerprint from the target EMI signal. Finally, the system compares the target EMI fingerprint against a reference EMI fingerprint for the target asset to determine whether the target asset contains any unwanted electronic components.

Abstract: In one aspect, a device includes at least one processor and storage accessible to the at least one processor. The storage includes instructions executable by the at least one processor to identify a power change condition in the device, and responsive to the power change condition, execute a scan for malware on the device using an operating system (O.S.) loaded into memory of the device from a server separate from the device.

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

Abstract: A system includes a source code repository which stores source code entries, which include instructions in a programming language for performing computing tasks. A style repository stores a style profile. Each style profile includes predefined style features associated with formatting characteristics of the stored source code entries. A source code analyzer receives a source code which includes instructions in the programming language for performing a computing task. Style features of the source code are determined. The style features include characteristics of a format of the source code. The source code analyzer determines whether the style features correspond to predefined style features indicated by a style profile. If this is the case, the source code is stored in the source code repository. If this is not the case, storage of the source code is prevented.

Abstract: Systems and methods for interrupting disclosure of sensitive information are described. Sensitive information data associated with a user is maintained. A primary device detects commencement of a voice input to a secondary device. As the voice input is detected by the primary device, the voice input is analyzed to determine the content of the voice input. The content is compared to the sensitive information data to determine whether the voice input contains sensitive information. When the primary device determines the voice input contains sensitive information, a speaker of the primary device is controlled to generate a noise canceling signal which interrupts receipt of further sensitive information by the secondary device.

Abstract: A method by one or more electronic devices to notify an administrator when it is safe to mitigate a non-compliant database configuration of a database. The method includes responsive to identifying the non-compliant database configuration of the database, applying a security rule that detects occurrences of database operations that make use of the non-compliant database configuration and responsive to a determination that the security rule has not been invoked for at least a threshold length of time, causing a notification to be sent to the administrator that indicates that it is safe for the administrator to mitigate the non-compliant database configuration.

Abstract: Enclosed are a method and apparatus for operating a database.

Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.

Abstract: A method for establishing a trusted session between a first computing device and a computer server includes obtaining identifying information for the first computing device and a second computing device. The identifying information includes identifying information corresponding to the networks to which each of the computing devices are directly connected. Based on the identifying information it may be determined that there is sufficient correspondence between the first and second computing devices. If so, an indication is sent to the second computing device requesting confirmation that the first computing device should be authenticated to the account. An indication confirming this may then be received and, responsive thereto, the first computing device is authenticated to the account. Related computer systems and computer-readable media are also disclosed.

Abstract: A system and method including receiving a set of deep neural networks (DNN) including DNNs trained with an embedded trojan and DNNs trained without any embedded trojan, each of the trained DNNs being represented by a mathematical formulation learned by the DNNs and expressing a relationship between an input of the DNNs and an output of the DNNs; extracting at least one characteristic feature from the mathematical formulation of each of the trained DNNs; statistically analyzing the at least one characteristic feature to determine whether there is a difference between the DNNs trained with the embedded trojan and the DNNs trained without any embedded trojan; generating, in response to the determination indicating there is a difference, a detector model to execute the statistical analyzing on deep neural networks; and storing a file including the generated detector model in a memory device.

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

Abstract: A certification method, system, and computer program product include certifying an adversarial robustness of a convolutional neural network by deriving an analytic solution for a neural network output using an efficient upper bound and an efficient lower bound on an activation function and applying the analytic solution in computing a certified robustness.

Abstract: Threat modeling methods include providing one or more data stores storing threat model components, threats, and security requirements, each threat associated with at least one of the threat model components, each security requirement including a stored indication of whether it is a compensating control, and each compensating control associated with one of the threats. One or more computing devices communicatively coupled with the one or more data stores display a relational diagram of a system, an application, and/or a process, using visual representations of the threat model components, the diagram defining a threat model. The one or more computing devices display a threat report displaying each threat associated with one of the threat model components included in the threat model. The one or more computing devices further display a compensating control report displaying each compensating control that is associated with one of the threats included in the threat report.

Abstract: The present disclosure relates to secure broker-mediated data analysis and prediction. One example embodiment includes a method. The method includes receiving, by a managing computing device, a plurality of datasets from client computing devices. The method also includes computing, by the managing computing device, a shared representation based on a shared function having one or more shared parameters. Further, the method includes transmitting, by the managing computing device, the shared representation and other data to the client computing devices. In addition, the method includes, based on the shared representation and the other data, the client computing devices update partial representations and individual functions with one or more individual parameters. Still further, the method includes determining, by the client computing devices, feedback values to provide to the managing computing device.

Abstract: Techniques are disclosed relating to computer network security. In some embodiments, a computing system generates a plurality of executable binaries that include alerting beacons for a computer network associated with a transaction service. The computing system then deploys, within the computer network, the plurality of executable binaries as traps to detect privilege escalation attempts within the computer network. In some embodiments, the computing system detects that one or more alerting beacons included in the plurality of executable binaries have been triggered. In response to the detecting, the computing system may transmit, to a security management system, a notification indicating the one or more triggered alerting beacons. The disclosed detection techniques may advantageously reduce breaches in network security, which in turn may reduce or prevent the loss of private data.

Abstract: A quantum neural network architecture. In one aspect, a quantum neural network trained to perform a machine learning task includes: an input quantum neural network layer comprising (i) multiple qubits prepared in an initial quantum state encoding a machine learning task data input, and (ii) a target qubit; a sequence of intermediate quantum neural network layers, each intermediate quantum neural network layer comprising multiple quantum logic gates that operate on the multiple qubits and target qubit; and an output quantum neural network layer comprising a measurement quantum gate that operates on the tar get qubit and provides as output data representing a solution to the machine learning task.