Abstract: Disclosed herein are an apparatus and method for providing a secure execution environment for a mobile cloud.

Abstract: A hierarchy of object groups is defined. Objects group collections are defined on top of the hierarchy. Authorization rights for executing actions are defined through the object group collection definitions. A request for a change associated with assignments of an object group in a hierarchy of a plurality of object groups may be received, where the assignments are related to object group collections. A change trigger is stored at an explosion update trigger table. The change trigger is stored synchronously with updating definitions of the object group collections and/or updating the hierarchy organization. The explosion update trigger table is processed to determine changes for the explosion table. The change trigger may be processed together with one or more other triggers associated with the object group. The explosion table is updated to reflect changes to the object group and other object groups hierarchically inherent for the object group.

Abstract: A method, a device, and a non-transitory storage medium are described in which destination device identifiers associated with network devices are subject to a validation process before an end device attempts to establish a communication session with a network device. Based on an outcome of the validation process, a data flow subsequently established by the end device may be subject to a rule provided under a data usage plan subscribed to by the end device or another rule.

Abstract: Security policies may be utilized to grant or deny permissions related to the access of computing resources. Two or more security policies may be compared to determine whether the policies are equivalent, whether one security is more permissive than another, and more. In some cases, it may be possible to identify whether there exists a security permission that is sufficient to determine two security policies lack equivalency. Propositional logics may be utilized in the evaluation of security policies.

Abstract: A computer implemented method to determine whether a target virtual machine (VM) in a virtualized computing environment is susceptible to a security attack, the method comprising: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships; determining a set of configuration parameters for the target VM; and identifying attack characteristics in the data structure associated with configuration parameters of the target VM as characteristics of attacks to which the target VM is susceptible.

Abstract: Technologies for USB controller state integrity protection with trusted I/O are disclosed. A computing device includes an I/O controller, a channel identifier filter, and a memory. The I/O controller generates a memory access to controller state data in a scratchpad buffer in the memory. The memory access includes a channel identifier associated with the I/O controller. The channel identifier filter determines whether a memory address of the memory access is included in a range of a processor reserved memory region associated with the channel identifier. A processor of the computing device may copy the controller state data to a memory buffer outside of the processor reserved memory region. The computing device may reserve an isolated memory region in the memory that includes the processor reserved memory region. Secure routing hardware of the computing device may control access to the isolated memory region. Other embodiments are described and claimed.

Abstract: In a system for facilitating detection of vulnerabilities in a deployed software application, a software component (also called a self-scanning component) is provided for integration with the software application. The self-scanning component is configured to detect one or more conditions associated with the deployment of the software application and, upon the detection of such condition(s), to collect and/or transmit at least a portion of the application code to a vulnerability scanner. The self-scanning component can receive a vulnerability report from the scanner and can present the report or an analysis of the report. The presentation can be a display or inclusion of the report or analysis thereof in a log generated by the software application.

Abstract: In an example, a method includes requesting cohort data for the cohort, computing a plurality of cohort data first accuracy metrics, adding a threshold percentage of noise data points to the cohort data, computing a plurality of cohort data second accuracy metrics, repeating the adding and computing the second accuracy metrics until a mathematical difference between one or more of the first accuracy metrics and the second accuracy metrics exceed a threshold value, and suppressing displaying the cohort data in response to the mathematical difference exceeding the threshold value.

Abstract: A method for detecting a domain name that is associated with malicious behavior includes receiving domain data for a plurality of domain names including a first domain name and a plurality of similar domain names. The domain data includes a first attribute and a second attribute of the first domain name and the similar domain names. The first attribute of the first domain name is compared to the first attributes of the similar domain names to produce a first value. The second attribute of the first domain name is compared to the second attributes of the similar domain names to produce a second value. The first value and the second value are combined to produce a combined value. A likelihood that the first domain name is associated with malicious behavior is determined based on the combined value.

Abstract: Multifactor authentication is a method to secure data and accounts and to prevent unauthorized access. A first factor can be information that the user knows, such as a username and password combination. A second factor can be something that the user possesses, such as a token generator or a trusted device. The present invention enables a user to present multiple authentication factors through a single biometric input using stored credentials and tokens generated by a secure element.

Abstract: Multifactor authentication is a method to secure data and accounts and to prevent unauthorized access. A first factor can be information that the user knows, such as a username and password combination. A second factor can be something that the user possesses, such as a token generator or a trusted device. The present invention enables a user to present multiple authentication factors through a single biometric input using stored credentials and tokens generated by a secure element.

Abstract: Features are described for efficiently and accurately identifying a user of an electronic device with limited user interaction. The features include receiving a mobile device identifier from the mobile device. The features include transmitting the mobile device identifier to a service provider associated with the mobile device. The features include receiving information identifying the user from the service provider. The features include identifying a set of candidates associated with at least a portion of the information. The features include generating a metric for the candidates included in the set of candidates. An individual metric indicates a degree of relatedness between a value for the user for the at least one data field and a value for a candidate for the at least one data field. The features include identifying the user as a specific candidate included in the set of candidates based on the metric corresponding to a threshold.

Abstract: Embodiments are directed to a method and system for managing token keys in an authentication and authorization process for a multi-tenant computer network by receiving a user request from a user through a user agent for data access to network clients, generating a key to encrypt and sign a data string to encapsulate a token, passing the token as part of the request to the network clients to receive a response from a client to the user request, notifying, in the event of a key state change, user agents of the key state change asynchronously to other events, and generating a refreshed key for subsequent user requests to encapsulate subsequent tokens for the user.

Abstract: A method for execution by a storage unit includes receiving, from an intent processing entity (IPE) via a network, a request to access at least one slice corresponding to an intent. An access query is transmitted to an access control system that includes an intent resource identifier (IRI) associated with the intent and an IPE identifier associated with the IPE. A query response, generated by the access control system based on the IRI and the IPE identifier of the access query, is received from the access control system. The request is executed when the query response indicates that permission to process the intent is granted to the IPE.

Abstract: A scalable, threat detection system features computing nodes including a first computing node and a second computing node operating as a cluster. Each computing node features an analysis coordinator and an object analyzer. The analysis coordinator is configured to conduct an analysis of metadata associated with a suspicious object that is to be analyzed for malware, where the metadata being received from a remotely located network device and to store a portion of the metadata within a data store. The object analyzer is configured to retrieve the portion of the metadata from the data store, monitor a duration of retention of the metadata in the data store, and determine whether a timeout event has occurred for the object associated with the metadata based on retention of the metadata within the data store that exceeds a timeout value included as part of the metadata associated with the suspicious object for malware.

Abstract: Techniques for mitigating side-channel attacks on cryptographic algorithms are provided. An example method according to these techniques includes applying a block cipher algorithm to an input data to generate a cryptographic output, such that applying the block cipher to input data comprises modifying an output of a stage of the block cipher algorithm such that each output of the stage of the block cipher algorithm has a constant Hamming weight, and outputting the cryptographic output.

Abstract: A data attack detection system that includes a record host and an orchestration host. The record host stores account information for card holders. The orchestration host includes a switch interface configured to receive transaction information for a card from a network. The orchestration host further includes a velocity trap engine that stores received transaction information for the card in a cardholder file. The velocity trap engine creates entries in a velocity transaction timestamp record for the card when the number of transactions for the card in the cardholder record within a first predetermined time interval exceeds a first activity level threshold. The velocity trap engine discontinues a transaction flow between the orchestration host and the record host for the card when the number of transactions for the card in the velocity transaction timestamp record within a second predetermined time interval exceeds a second activity level threshold.

Abstract: Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies.

Abstract: A computer implemented method to generate a classification scheme for configuration parameters of virtual machines (VMs) in a virtualized computing environment including: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; and generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships.

Abstract: Systems and methods enable two or more data providers that do not trust each other with their data to pool their data for analysis. The systems and methods can translate conventional database SQL queries into secure multiparty computation so that the data providers can analyze their collective data without requiring any of them to disclose private information.