Abstract: A computer-implemented method for assessing latent security risks in Kubernetes clusters is provided including selecting a service account from a plurality of service accounts defined in namespaces of a cluster, binding a role to the selected service account based on predetermined role-binding data, and determining if the role meets at least one of a first, second, and third conditions based on predetermined role data defining permitted operations for roles, the first condition being that the role can receive secret tokens for pods within a namespace of the namespaces, the second condition being that the role can perform execution operation to other pods, and the third condition being that the role can create DaemonSet, Deployment, StatefulSet, and additional pods on the namespace.

Abstract: A malware detection method that uses federated learning includes receiving a first malware detection model and a database of known malicious files, labeling each file of a training data set as either malicious or clean by comparing each file of the training data set to the database, where a match causes the file to be labeled as malicious. If a match cannot be found, the file is evaluated using the first malware detection model to predict maliciousness and the file is labeled based on the prediction. The method further includes training the first malware detection model using the labeled training data set; transmitting parameters of the trained first malware detection model to the remote device; and receiving a second malware detection model that is trained by federated learning using the parameters of the trained first malware detection model and additional parameters provided by one or more additional remote devices.

Abstract: A system for conducting a security recognition task, the system comprising a memory configured to store a model and training data including auxiliary information that will not be available as input to the model when the model is used as a security recognition task model for the security recognition task. The system further comprising one or more processors communicably linked to the memory and comprising a training unit and a prediction unit. The training unit is configured to receive the training data and the model from the memory and subsequently provide the training data to the model, and train the model, as the security recognition task model, using the training data to predict the auxiliary information as well as perform the security recognition task, thereby improving performance of the security recognition task. The prediction unit is configured to use the security recognition task model output to perform the security recognition task while ignoring the auxiliary attributes in the model output.

Abstract: A processor may receive, from two or more nodes in the blockchain, respective consideration from each of the two or more nodes at a first time. The processor may receive respective updates from each of the two or more nodes at a second time. The processor may determine whether a single node of the two or more nodes is available after the respective updates. The processor may designate the single node as the block generator node.

Abstract: The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In an example embodiment, a hardware mechanism for protecting user-level software from privileged system software is leveraged to protect in-memory databases in container implementations in a cloud. This hardware mechanism takes the form of an enclave. An enclave is a portion of a CPU that shields application code and data from accesses by other software, including higher-privileged software. Memory pages belonging to an enclave reside in the enclave page cache (EPC), which cannot be accessed by code outside of the enclave. This helps ensure that (1) applications built on top of in-memory database are securely trusted, (2) and a trusted path architecture is provided for enclaves allowing in-memory databases to run securely on top of untrusted cloud platform.

Abstract: According to examples of the present disclosure, there is provided a method and device for controlling data access. The method comprises: receiving a data query request characterizing that a first user requests target data; obtaining a business data access capability attribute corresponding to the first user and obtaining a business security attribute corresponding to the target data; wherein the business data access capability attribute is used to characterize capability of accessing data in a business environment in the charge of a user based on a business attribute of the user; determining a data query processing policy corresponding to the data query request by invoking a data access security model based on the business data access capability attribute of the first user and the business security attribute of the target data; and processing the target data by invoking the data query processing policy and generating a response message for feedback.

Abstract: Systems and methods for authentication via camera are provided. In example embodiments, an authentication server transmits, to a mobile device, an identity verification image. The authentication server receives, from a computing device, a scanned image, wherein the computing device is different from the mobile device. The authentication server determines whether the scanned image includes data from the identity verification image. The authentication server transits, to a web server accessed by the computing device, an indication that a user's identity has been verified upon determining that the scanned image includes the data from the identity verification image.

Abstract: A computer-implemented method for building socket transferring between containers in cloud-native environments by using kernel tracing techniques is provided including probing a connection-relevant system call event by using an eBPF to collect and filter data at a router, creating a mirror call at a host namespace with a dummy server and dummy client by creating the dummy server with mirror listening parameters, sending a server host address mapping to overlay the server host address to the client coordinator in an overlay process, and creating and connecting the dummy client to return a client host address to the server coordinator. The method further includes transferring mirror connections to the overlay process via a forwarder by temporary namespaces entering and injecting socket system calls and probing a transfer call event to map an overlay socket with a transferred dummy socket to activate duplication when the overlay socket is not locked.

Abstract: In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm.

Abstract: A computer-implemented method may include: receiving, from a first electronic device during an unauthenticated session, a request for provisioning data, the request associated with identification data insufficient to begin an authenticated session; determining, based on the identification data, whether the request for the provisioning data is associated with an existing account; when the request for the provisioning data is determined to be associated with an existing account, obtaining the provisioning data based on a modifier not available if the request for the provisioning data is not determined to be associated with an existing account; and sending the provisioning data to the first electronic device.

Abstract: A system and a method are disclosed for receiving a request for a user to perform a plurality of activities with respect to a secure document. The system determines requirements for performing each respective activity of the plurality of activities. The system retrieves profile data for the user, and determines based on the profile data a subset of the activities directed to achieving a result that is reflected in the profile data. The system transmits a modified version of the request to the user, the modified version eliminating the subset from the plurality of activities.

Abstract: A method of generating a predictive model for malware detection using federated learning includes transmitting, to each of a plurality of remote devices, a copy of the predictive model, where the predictive model is configured to predict whether a file is malicious; receiving, from each of the plurality of remote devices, model parameters determined by independently training the copy of the predictive model on each of the plurality of remote devices using local files stored on respective ones of the plurality of remote devices; generating a federated model by training the predictive model based on the model parameters received from each of the plurality of remote devices; and transmitting the federated model to each of the plurality of remote devices.

Abstract: An artefact is received. Thereafter, features are extracted from the artefact and a vector is populated. Later, one of a plurality of available classification models is selected. The classification models use different scoring paradigms while providing the same or substantially similar classifications. The vector is input into the selected classification model to generate a score. The score is later provided to a consuming application or process. The classification model can characterize the artefact as being malicious or benign to access, execute, or continue to execute so that appropriate remedial action can be taken or initiated by the consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: An automatically predetermined credential system for a remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software program. When executed, the administrative access to the OS is activated before completing the administrative activities. The single-use downloaded software program has policies that performs checks on a user computer executing the software program. The policies include checking firewall settings, confirming virus checking, interrogating software to confirm patches or updates have been performed, checking for key loggers or other surveillance software or devices The single-use downloaded software is protected with a passcode to prevent activation in an unauthorized way.

Abstract: Methods and systems for identifying a network threat are disclosed. The methods described herein may involve receiving at least one permutation of a domain name, wherein the at least one permutation is registered with a domain name registrar. The methods described herein may further involve executing a scanning function to identify an active service on the at least one permutation registered with the domain name registrar and implementing a threat prevention procedure upon identifying an active service on the at least one permutation.

Abstract: A method including determining a combined data set including query data files that are to be classified, clean data files that are known to be free of malware, and malicious data files that are known to include malware; calculating respective compression functions for each of the query data files, each of the clean data files, and each of the malicious data files; individually comparing each respective compression function with each other respective compression function to determine degrees of similarity between contents included in the data files; determining a plurality of clusters based on the degrees of similarity between contents included in the data files; and classifying each query data file as a file that is likely free of malware or as a file that likely includes malware based on analyzing the combination of the query data files, the clean data files, and the malicious data files in each cluster.

Abstract: An electronic device is provided. The electronic device includes an input/output interface and at least one processor configured to irreversibly generate a first token to use or access an object based on first biometric information input through the input/output interface and information proving ownership of the object, and output the first token through the input/output interface.

Abstract: An artefact is received. Features are extracted from this artefact which are, in turn, used to populate a vector. The vector is then input into a classification model to generate a score. The score is then modified to result in a modified score by interleaving the generated score or a mapping thereof into digits of a pseudo-score. Thereafter, the modified score can be provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods for data-driven infrastructure controls are disclosed. According to one embodiment, in an information processing apparatus comprising at least one computer processor, a computer-implemented method for automatically detecting anomalous user behavior within a unified entitlement framework may include: (1) receiving an access request for a technology asset from a user on a computing device, the access request comprising session data comprising one or more of user identification, user location, key strokes, and user computing device identification; (2) applying an entitlement-specific machine learning algorithm to the session data to generate an anomaly score; (3) storing the session data and associated anomaly score; (4) sending a review request to a manager; (5) receiving review results from the manager; and (6) updating the entitlement-specific machine learning algorithm based on the anomaly score and the review results from the manager.