Abstract: Embodiments of a system and method for a cyber modeling and simulation framework arc generally described herein. In some embodiments, an interface (212) for ingest of network and vulnerability data associated with a node of a targeted network, a network visualization device (232) for presenting the network data and the vulnerability data, and for creating a network model based on the network and vulnerability data, a threat analysis simulator (240) for launching threat attacks on the targeted network and for applying modeled defenses against the threat attacks, the threat analysis simulator producing simulation results (244) and a data farming module for performing data fanning on the simulation results using different scenarios to generate a farm of data for use in designing anti-cyber-attack strategies (280) for the targeted network.

Abstract: Techniques are disclosed for authentication and identification of a user by use of an electroencephalographic (EEG) signal. For example, a method for authenticating a user includes the following steps. At least one electroencephalographic response is obtained from a user in accordance with perceptory stimuli presented to the user. The user is authenticated based on the obtained electroencephalographic response. The authenticating step may be based on detection of an event-related potential in the obtained electroencephalographic response. The event-related potential may be a P300 event-related potential. The method may also include the step of enrolling the user prior to authenticating the user. The enrolling step may include a supervised enrollment procedure or an unsupervised enrollment procedure.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. Peripheral devices may implement an anti-takeover mechanism limiting the number of available device command classes when certain handshake and verification requirements are not met. Anti-takeover peripheral devices with protection enabled may be relocated within a controller network, or in certain cases, from one controller network to another controller network when certain conditions are met. That same device may be hobbled when removed from a controller network and may remain hobbled when connected to another network that fails to meet certain conditions. Unprotection and unhobbling of a device may occur through an algorithmic mechanism using values stored on the peripheral device and the controller device for one or more of anti-takeover code generation, anti-takeover code comparison, network identification value comparison, and manufacturer identification value comparison.

Abstract: A mechanism is provided for sensor sharing control dynamically. One or more sensor use permissions are received from one or more sensor provider terminals. For each sensor use permission, a sensor use permission is recorded in an authorization policy thereby forming a set of authorization policies. A use request is recorded for sensor use request information received from a sensor user terminal in a request policy. A search is performed for any authorization policy in the set of authorization policies that matches the request policy. Responsive to identifying the authorization policy that matches the request policy, a list of sensors included in the sensor use permissions of an authorization policy that matches the request policy is created. The list of sensors is transmitted to the sensor user terminal, where the search is performed again dynamically when the request policy or one of the set of authorization policies is changed.

Abstract: Methods and systems for dynamically optimized rule-based security policy management are provided. A request is received by a network security management device to add a new traffic flow policy rule to multiple existing policy rules managed by the network security management device. Dependencies of the new traffic flow policy rule on the existing policy rules are automatically determined. An updated set of policy rules is formed by incorporating the new traffic flow policy rule within the existing policy rules based on the dependencies. The updated set of policy rules is then optimized by grouping, reordering and/or deleting a sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics and usage statistics for each policy rule of the updated set of policy rules.

Abstract: Technical solutions are described for extending shrouding capability of a virtual server hosting system. An example method includes receiving a request to deploy a shrouded virtual server using a predetermined set of hardware components, and using a shrouded mode. The method also includes adding a guest server to the hosting system, the guest server including the predetermined set of hardware components. The method also includes deploying a preconfigured hypervisor on the guest server, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending an identifier of the virtual server for receipt by the client device.

Abstract: In an approach to data protection and sharing, a computer retrieves social network data of a first user, and obtains a relationship grade between the first user and a second user, and a level associated with the personal data of the first user. Then it is determined whether the second user qualifies to access the personal data of the first user, based, at least in part, on the relationship grade and the level associated with the personal data. If it is determined that the second user qualifies to access the personal data of the first user, the second user is permitted to access the personal data.

Abstract: Methods and systems for extracting, processing, displaying, and analyzing events that are associated with one or more threats are provided. According to one embodiment, threat information, including information from one or more of firewall logs and historical threat logs, is maintained in a database. Information regarding threat filtering parameters is received. Information regarding threats matching the threat filtering parameters are extracted from the database and is presented in a form of an interactive historical graph. Responsive to receiving from an administrator an indication regarding a selected subset of time in which to zoom into for further details, a list of threats within the selected subset is presented in tabular form.

Abstract: A system, apparatus, method, and machine readable medium are described for implementing a composite authenticator. For example, an apparatus in accordance with one embodiment comprises: an authenticator for authenticating a user of the apparatus with a relying party, the authenticator comprising a plurality of authentication components; and component authentication logic to attest to the model and/or integrity of at least one authentication component to one or more of the other authentication components prior to allowing the authentication components to form the authenticator.

Abstract: Technical solutions are described for securely deploying a shrouded virtual server. An example method includes sending, by a host manager, authentication information of a hosting system to a client device in response to a request from the client device. The \method also includes receiving a request to deploy a virtual server using a shrouded mode. The method also includes deploying a preconfigured hypervisor on the hosting system, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending, by the host manager, an identifier of the virtual server for receipt by the client device.

Abstract: A computer implemented system and method for image based location specific password construction and authentication is provided. The system helps users to recognize the password in terms of objects in an image rather than recalling the alphanumeric passwords. A graph walk generator present in the system guides a user to take unique pictures/images/photographs from user's geographical location which helps the user to recognize password easily in future. The system helps in creating and maintaining a strong password by using pseudorandom image presenter. It also allows a user to aid his photographic memory to get authenticated to the system. Every user generates certain number of images by capturing images in vicinity and select objects from an image to create a password. A user authentication module present in the system then authenticates the user based on sequence of the objects within the captured image to provide one-time image based authentication.

Abstract: A discovery bundle component is applied in a virtual image deployed within a virtual environment, wherein the discovery bundle automatically discovers asset information about one or more application bundles applied to the virtual image. The discovery bundle component sends, to a discovery product service, the asset information wrapped with a trusted signed certificate for the discovery product service, wherein the discovery product service is located outside the virtual environment.

Abstract: A receiver in a quantum key distribution (QKD) system includes a quantum optical unit configured to receive quantum signals from a transmitter of the QKD system, modulate the quantum signals based on a basis sequence, and output detection information by detecting the modulated quantum signals. The receiver further includes a signal processor configured to generate a raw key by using the detection information and the basis sequence based on a double buffering scheme.

Abstract: Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: receive a request for a physical certificate authenticating a user to transfer a domain name, as well as a domain name and domain name transfer instructions and a request to register the domain name to a third party; register the domain name to the third party and update WHOIS; print the physical certificate, including a QR code encoding a user id, the domain name, an EPP key and the transfer instructions; lock the domain name account against modification; receive a request to execute a domain name transfer; scan the user id, the domain name, the EPP key and the transfer instructions encoded within the QR code; unlock an administrative function of the account; authenticate, via the EPP key, the domain name transfer; and execute the domain name transfer.

Abstract: A method, product and computer program product for evaluating a generation of malware variants, the method including the steps of: scanning, with one or more malware detectors, a variant of a malware specimen; determining an evasiveness characteristic of the variant and a maliciousness characteristic of the variant; determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic of the variant and the maliciousness characteristic of the variant; and based on the determined likelihood, selecting the variant for propagation.

Abstract: Provided are a computer program product, system, and method for interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server. Detection is made of an attempt to exchange data with the remote resource over the network. At least one computer instruction is executed to perform at least one interaction with the server over the network to request requested server information for each of the at least one interaction. At least one instance of received server information is received. A determination is made whether the at least one instance of the received server information satisfies at least one security requirement. A determination is made of whether to prevent the exchanging of data with the remote resource based on whether the at least one instance of the received server information satisfies the at least one security requirement.

Abstract: A system and method for authenticating and continuously verifying authorized users of a digital device includes an authentication device attached to an arm or wrist of authorized users. The authentication device has an accelerometer, digital radio, a processor configured to provide identity information over the radio, and to transmit motion data. The motion data is received by the digital device and the identity transmitted is verified as an identity associated with an authorized user. Input at a touchscreen, touchpad, mouse, trackball, or keyboard of the digital device is detected, and correlated with the motion data. Access to the digital device is allowed if the detected input and the detected motion data correlate, and disallowed otherwise.

Abstract: Systems and methods for enhanced security of media are provided. Media security may be enhanced by improving the setup of encryption and/or decryption, by improving the performance of encryption and/or decryption, or by improving both. The calls related to enhanced security of media from an application in an emulated environment to a security module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing a security module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call.

Abstract: In a disclosed embodiment, a power line communication (PLC) device sends an active channel scan request from a host layer to an adaptation layer. In response to the adaptation layer receiving the request, a MAC layer is instructed to broadcast a beacon request frame. The PLC device receives from each of one or more neighboring devices that respond to the beacon request frame a beacon frame including an address and a personal area network (PAN) identifier. A listing of PAN identifiers indicated by the beacon frames is provided to the host layer. The host layer selects a target network corresponding to a selected PAN identifier and selects one of the one or more neighboring devices associated with the selected PAN identifier as a target bootstrapping agent. The host layer instructs the adaptation layer to join the target network using the target bootstrapping agent.

Abstract: An information receiving device according to the present invention includes: a request information generation unit which generates request information including actual behavior information which is behavior information representing an actual behavior of a user, and pseudo behavior information not representing an actual behavior of the user; a distribution information request unit which transmits the request information to an information distribution device, and receives distribution information distributed from the information distribution device on a basis of the transmission of the request information; and a distribution information selection unit which selects distribution information associated with the actual behavior information, out of the distribution information received by the distribution information request unit.