Abstract: Systems and methods for privacy-preserving summarization of digital activity are disclosed. According to one embodiment in an information processing apparatus comprising at least one computer processor and at least one display, a privacy-preserving digital activity computer program performing the following: (1) capturing a blurred or pixelated screenshot of the at least one display; (2) identifying a plurality of computer application visible in the blurred or pixelated screenshot; (3) identifying a foreground or actively-used application out of the plurality computer applications in the blurred or pixelated screenshot; and (4) logging the visible computer applications and the foreground or actively-used application.

Abstract: Apparatuses, systems, and methods for signal encryption in high bandwidth memory are described. A high bandwidth memory (HBM) may include a mix of secure circuits and non-secure circuits, which are coupled to secure and non-secure registers respectively. Information may be communicated between the secure and non-secure registers along an interface. The information associated with the secure register may be encrypted. When information is written to the secure register, an encryption circuit in the HBM may first decrypt the information before it is written to the secure register. When information is read from the secure register, it may first be encrypted by the encryption circuit before it is provided along the interface.

Abstract: An apparatus and method of protecting information by using a system on a chip (SoC) are discussed. The apparatus includes a SoC memory which is disposed in a predetermined SoC and includes a first region accessible only by a unit having an access right, and a hardware (HW) filter configured to monitor at least one unit attempting to access the SoC memory. When a unit without an access right attempts to access the first region, the HW filter can block access of the unit without the access right.

Abstract: Systems and techniques for privacy preserving document analysis are described that derive insights pertaining to a digital document without communication of the content of the digital document. To do so, the privacy preserving document analysis techniques described herein capture visual or contextual features of the digital document and creates a stamp representation that represents these features without included the content of the digital document. The stamp representation is projected into a stamp embedding space based on a stamp encoding model generated through machine learning techniques capturing feature patterns and interaction in the stamp representations. The stamp encoding model exploits these feature interactions to define similarity of source documents based on location within the stamp embedding space. Accordingly, the techniques described herein can determine a similarity of documents without having access to the documents themselves.

Abstract: A security control method and a computer system are provided. A first domain and a second domain are deployed in the computer system, the second domain is more secure than the first domain, a program is deployed in the first domain, and a control flow management module and an audit module are deployed in the second domain. The second domain is more secure than the first domain. When the program in the first domain is executed, the control flow management module obtains control flow information by using a tracer. The audit module audits the to-be-audited information according to an audit rule, and when the to-be-audited information matches the audit rule, determines that the audit succeeds and then allows the first domain to perform a subsequent operation, for example, to access a secure program in the second domain.

Abstract: Methods, systems, and non-transitory computer readable media are correction of geographic inconsistency in item properties. A system identifies locations of interest based on a location of a mobile device and acquires item-descriptive and item-property data associated with an item at the location of interest. The system connects to a secure network to identify a corresponding item and retrieve corresponding item-property data associated with the corresponding item from a secure item database server. The system determines a difference between the corresponding item-property data and the item-property data and updates the secure item database server based on the difference.

Abstract: In some embodiments, an apparatus having at least a portion of a first instance of a distributed database at a first compute device is configured to be included within a group of compute devices that implement via a network operatively coupled to the group of compute devices the distributed database. The distributed database enables anonymous transfers of digital assets between compute devices via a transfer protocol such that an identity of a compute device associated with a private key corresponding to a public key logically related to a destination record is concealed among a set of compute devices including the first compute device and at least one second compute device.

Abstract: Memory control circuitry controls access to data stored in memory, and memory security circuitry generates encrypted data to be stored in the memory. The encrypted data is based on target data and a first one-time-pad (OTP). In response to an OTP update event indicating that the first OTP is to be updated to a second OTP different from the first OTP, the memory security circuitry generates a re-encryption value based on the first OTP and the second OTP, and the memory security circuitry to issues a re-encryption request to cause updated encrypted data to be generated in a downstream component based on the encrypted data and the re-encryption value and to cause the encrypted data to be replaced in the memory by the updated encrypted data.

Abstract: A vulnerability analyzer includes: a single route derivation unit for deriving single route information from an attack determination position to a start position of program information; a variable analysis unit for deriving actual value range information from information of a branch condition and a branch result in the program information; a memory editing unit for setting a virtual address and an input flag corresponding to input variable information, storing actual value information of the input variable information, and storing actual value range information from the variable analysis unit; and a vulnerability existence determination unit for extracting variable information of an attack execution condition, acquiring the actual value information and the actual value range information corresponding the variable information, calculating limited input actual value information when the input flag is set to the virtual address, and determining if the limited input actual value information satisfies the attack e

Abstract: Systems, methods, and apparatuses directed to implementations of an approach and techniques for more effectively preparing for, detecting, and responding to cybersecurity threats directed at people or at groups of people. Embodiments are directed to classifying or segmenting employees by “predicting” what are believed to be two attributes of an employee that contribute to making them at a higher risk of being a target of a cybersecurity attack. These attributes are the employee's seniority level (e.g., employee, contractor, manager, executive, board member) and the employee's primary function or role in an organization (e.g., HR, Legal, Operations, Finance, Marketing, Sales, R&D, etc.

Abstract: A first input share value, a second input share value, and a third input share value may be received. The first input share value may be converted to a summation or subtraction between an input value and a combination of the second input share value and the third input share value. A random number value may be generated and combined with the second input share value and the third input share value to generate a combined value. Furthermore, a first output share value may be generated based on a combination of the converted first input share value, the combined value, and additional random number values.

Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.

Abstract: A processor comprises a first register to store an encoded pointer to a memory location. First context information is stored in first bits of the encoded pointer and a slice of a linear address of the memory location is stored in second bits of the encoded pointer. The processor also includes circuitry to execute a memory access instruction to obtain a physical address of the memory location, access encrypted data at the memory location, derive a first tweak based at least in part on the encoded pointer, and generate a keystream based on the first tweak and a key. The circuitry is to further execute the memory access instruction to store state information associated with memory access instruction in a first buffer, and to decrypt the encrypted data based on the keystream. The keystream is to be generated at least partly in parallel with accessing the encrypted data.

Abstract: Methods, apparatus, and processor-readable storage media for prioritizing patching of vulnerable components are provided herein. An example computer-implemented method includes obtaining information indicative of a first set of components embedded in a software package; determining risk levels for respective ones of the components in the first set based on a data flow representation of the software package; and assigning a priority for patching a software vulnerability in a given component of the first set based at least in part on the risk level of the given component.

Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is collected about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from the online service. A cluster of the computing devices of different users of the online service experiencing the same cyber attack is identified. Attack vectors are identified based on the characteristics of the cyber attack experienced by the computing devices in the cluster. Actions are selected for countering the cyber-attack based on the identified attack vector and are sent to the devices of all users of the corresponding cluster.

Abstract: Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a plurality of decision trees based on the input vector. Further, a hash value for the byte sequence is calculated and a determination is made regarding whether the hash value matches a malware hash value of a plurality of malware hash values corresponding to a known malware sample. Upon said determination being affirmative, the potential malware sample is classified as malware and is associated with a malware family of the known malware sample.

Abstract: An attack is detected on a first IP address and a determination is made that the first IP address is associated with a primary digital certificate that is bound with multiple different domains. For each of these domains, a secondary certificate is accessed that is bound only to that domain and that secondary certificate is associated with a unique IP address such that each of the different domains has a unique IP address associated with its secondary certificate respectively. The attack is isolated to the domain the attack follows.

Abstract: File events are correlated with intrusion detection alerts for corrective action. A monitoring component receives file events from a thin agent. An analysis component analyzes the file events and metadata obtained from the intrusion detection alerts, such as attack type or file name, to correlate a set of file events to at least one detected action (intrusion) described in the alert. A recommendation component identifies one or more options, including one or more corrective actions, which are applicable for remediating the alert. The set of options includes a recommended action from two or more possible corrective actions. The set of options are output or displayed to the user. The user selects which option/action to perform in response to the alert. In some examples, an automatic response is performed without user selection with respect to selected types of alerts, detected action(s), selected file(s) or other user-generated criteria.

Abstract: A system includes a memory device configured to store data at addressable locations in the memory device, a physically unclonable function (PUF) device including an array of PUF elements, and a memory interface coupled to the memory device and the PUF device. The memory interface is configured to receive a request to store first data in the memory device, store the first data in the memory device at a first location of the memory device, and transmit the first data and the first location to the PUF device. The PUF device is configured to create a first challenge value using the first data and the first location, generate a first response value using the first challenge value, and store the first response value as a first data integrity tag in the memory device, wherein the first data integrity tag is associated with the first data.

Abstract: A method of assessing a risk level of an enterprise using cloud-based services from one or more cloud service providers includes assessing provider risk scores associated with the one or more cloud service providers; assessing cloud service usage behavior and pattern of the enterprise; and generating a risk score for the enterprise based on the provider risk scores and on the cloud service usage behavior and pattern of the enterprise. The risk score is indicative of the risk of the enterprise relating to the use of the cloud-based services from the one or more cloud service providers.