Abstract: Embodiments of a secure multi-party computation method are provided. The method can include: dynamically converting a multi-party computation program segment into a first garbled circuit by using a multi-party computation operator of a first main body, and executing garbled gates of the first garbled circuit in sequence through an execution engine of the first main body, to encrypt data of the first main body; transmitting to a second main body the encrypted data of the first main body and identifiers for garbled gates of the first garbled circuit; performing a second encryption on the encrypted data of the first main body by the second main body in sequence according to the received identifiers for the garbled gates of the first garbled circuit, and returning to the first main body a result of the second encryption on the encrypted data of the first main body.

Abstract: A management system manages a plurality of information handling systems by creating custom policies for each information handling system based on information gathered from or about each information handling system indicating, e.g., the user's intent, use, request for usage, security posture, productivity needs, and/or behavior. The management system creates custom policies to avoid unnecessarily impacting a user's productivity.

Abstract: The present disclosure includes apparatuses, methods, and systems for run-time code execution validation. An embodiment includes a memory, and circuitry configured to monitor run-time executable code stored in a secure array of the memory device and receive an indication that a portion of the run-time executable code executed, wherein the indication includes a received Message Authentication Code (MAC) and take an action in response to the indication that the portion of the run-time executable code failed to execute.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the textual content, wherein the text and the copyright information are recorded on a blockchain of a blockchain network; adding, by the computing device, one or more function words to the textual content without altering a meaning of the textual content; and embedding, by the computing device, the unique ID in the function words to produce an information-embedded textual content that enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: A method for searchable encryption of a system defining a secret key and a public is provided. A data stream cipher can include n elementary data (b1, b2, . . . , bn). The method can include generation of a variate for all elementary data bj, for values of j from 1 to n, generation of an element function of the public key (gx(bj),zj) and the variate, the element being associated with a random element of a group of a bilinear environment, the element associated with the random element of the group forming first encryption data (Cj,1). The method can also include generation of a shift factor (ga.zj?1) function of the variate and the public key, and associated with the random element of the group, the shift factor representing a position of the monomial in the encrypted stream, the shift factor associated with the random element of the group forming second encryption data. The data stream cipher can include the first and second encryption data for all values of j from 1 to n.

Abstract: Systems and methods are provided for identifying potentially compromised cloud-based access information. The systems and methods include providing a unique signature for insertion into application programming interface (API) communications to be sent from a network resource to a cloud application executable in a cloud environment. The unique signature can be associated with an access token that a particular identity can use to request access to the cloud application. The systems and methods include accessing a log associated with the cloud environment, identifying the unique signature and the access token using information in the log, accessing a trusted validation resource storing signature information associated with the access token, determining whether the unique signature is valid, and determining whether the access token is potentially compromised.

Abstract: The disclosed computer-implemented method for training malware classifiers may include (1) perturbing, at a computing device, a binary file in a manner that maintains functionality of the binary file, (2) classifying the perturbed binary file with a first machine learning classifier to produce a classification result, (3) producing a transformed file by repeating the perturbing and classifying steps until the transformed file becomes misclassified, and (4) performing a security action comprising training a second machine learning classifier with the transformed file and an associated correct classification result. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

Abstract: A system for sharing data between tenants served by a software instance. In the system, a first tenant can ensure that data is transferred to a trusted connection by virtue of a trusted established between the first tenant and a second tenant, and a trusted connection between the second tenant and a third tenant. The system allows the identity of the third tenant to be kept secret from the first tenant, thus maintaining the privacy of the third tenants. In addition, the system allows for the first tenant to force control over the tenants with which the second tenant is allowed to share the first portion of the data, and the second tenant can provide an additional layer of this control.

Abstract: Provided is a signature generation device, etc., generating signature information with high accuracy. The signature generation device calculates hash values for at least a partial area in individual files; calculates a similarity degree between the calculated hash values and classifies the plurality of files into groups based on the calculated degree; specifies common strings among, at least, some of the files in strings included in files of a group, the strings being symbol strings or bit strings; and generates signature information being a criterion for determining whether or not at least a part of the common string in the specified common strings is included.

Abstract: There is provided an elliptic curve cryptographic scheme for permitting secure communications between two or more cryptographic correspondent devices, with a simple side-channel attack countermeasure. The cryptographic scheme includes: transforming a point to Jacobian projective coordinates; constant-time scalar multiplication of the point by a parameter; and transforming the resultant of the scalar multiplication to affine coordinates. The scalar multiplication including: performing iteratively to the value of the parameter either one of: doubling of the point and multiplying any two random field elements; or mixed addition of the point.

Abstract: Systems and methods are provided for use in responding to attribute queries related to identifying information for a user. One exemplary method includes receiving a request for an identity code for a user associated with identifying information, where the identifying information includes multiple attributes of the user, and generating the identity code and transmitting it to a communication device associated with the user, thereby permitting the user to present the identity code to a requesting party. The method then includes receiving an identity request from the requesting party including the identity code and at least one query related to at least one of the multiple attributes of the user, identifying the user based on the identity code, compiling a response to the at least one query based on the identifying information of the user at one or more attributed providers, and transmitting the response back to the requesting party.

Abstract: Techniques related to enhanced security modes for securing a network are disclosed. The techniques include a machine readable medium, on which are stored instructions, comprising instructions that when executed cause a device to receive an indication of a security mode of a plurality of security modes, the security mode comprising a set of security settings associated with a set of network connected devices, of a plurality of network connected devices connected to a local network, and wherein the set of security settings comprises at least blocking network access of the set of network connected devices, select the set of network connected devices based on the indicated security mode, and directing an application of the set of security settings to the selected set of network connected devices.

Abstract: The present disclosure provides systems, methods, and computer program products for controlling and securing access to a computing environment comprising a plurality of resources that access data. An example method can comprise (a) segmenting the data into a plurality of data segments; (b) associating a user of a plurality of users of the computing environment with one or more data segments of the plurality of data segments; and (c) providing an access control system that defines access to the plurality of resources comprising a first resource. The first resource can be associated with one or more data segments of the plurality of data segments. The method can further comprise (d) determining whether the user has permission to access the first resource using the access control system. The determining can comprise verifying whether the user and the first resource are associated with at least one same data segment.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the textual content, wherein the text and the copyright information are recorded on a blockchain of a blockchain network; adding, by the computing device, one or more function words to the textual content without altering a meaning of the textual content; and embedding, by the computing device, the unique ID in the function words to produce an information-embedded textual content that enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: Methods and apparatus to validate and restore machine configurations are disclosed herein. An example apparatus includes a context identifier to obtain first context information for a first set of configuration update events occurring on a computing device, a guest agent interface to transmit the first set of configuration update events to a security manager for generation of a policy, the policy including allowable configuration update events and responses to unallowable configuration update events, an event comparator to compare second context information of a subsequent configuration update event obtained by the context identifier to the policy received from the security manager, and an event handler to determine, when the subsequent configuration update event is not included in the policy, that the subsequent configuration update event is to be transmitted to the security manager for generation of an updated policy.

Abstract: Implementations of this specification provide data transceiving operations and devices. An example method performed by a network interface controller (NIC) includes receiving to-be-sent data from a host; sending the to-be-sent data to a first data processing module that is outside of the NIC; receiving first processing result data from the first data processing module; using a network interface of the NIC to send the first processing result data to a data receiver; receiving to-be-received data from a data sender; sending the to-be-received data to a second data processing module that is outside of the NIC; receiving second processing result data from the second data processing module; and using a host interface of the NIC to send the second processing result data to the host.

Abstract: Systems and methods for distorting CAPTCHA images with generative adversarial networks include an image distortion interface that can select an image record from a database, determine the size of the selected image, and apply an adversarial attack algorithm to create an array of pixels that is the same size as the selected image so that the majority of the pixels in the array are zero values and the remaining pixels in the array are in the red-green-blue value range. The image distortion interface can merge the array of pixels with the selected image to form a distorted image. A server can include a CAPTCHA test interface that can select a set of images having the same label, retrieve corresponding distorted images, and provide a CAPTCHA test using the distorted images. The CAPTCHA test can use distorted images with different applied adversarial attack algorithms.

Abstract: A Deep Learning Dendritic Cell Algorithm (DeepDCA) is employed in an intrusion detection system (IDS) and method. The framework adopts both a Dendritic Cell Algorithm (DCA) and a Self Normalizing Neural Network (SNN). The IDS classifies interned of things (IoT) intrusion, while minimizing false alarm generation, and it automates and smooths the signal extraction phase which improves the classification performance. The IDSselects the convenient set of features from the IoT-Bot dataset, and performs their signal categorization using the SNN. Experimentation demonstrated that the IDS with DeepDCA performed well in detecting IoT attacks with a high detection rate demonstrating over 98.73% accuracy and a low false-positive rate. Also, IDS was capable of performing better classification tasks than SVM, NB, KNN and MLP classifiers.

Abstract: Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack.