Abstract: A two-dimensionality detection method for industrial control system attacks: collecting data; transmitting the data to a PLC and an embedded attack detection system; uploading, by the PLC, received data to an SCADA system; transmitting, by the SCADA system, the data to the embedded attack detection system after classifying and counting the data; before starting detection, directly reading, by the embedded attack detection system, the data measured by sensors; refining data association relationships and probability distribution characteristics of the sensors of normal operation to complete storage of health data model; after starting detection, in first dimensionality, comparing the data collected directly by the sensors with statistical data of the SCADA system to judge the attacked condition of the SCADA system, and in second dimensionality, comparing the characteristics of the data collected directly by the sensors and counted online with the health data model to judge the attacked condition of the sensors.

Abstract: Embodiments are disclosed for testing source code changes. The techniques include generating an incremental intermediate representation of a security vulnerability fix to repair an identified security vulnerability of a source code application. The techniques also include merging the incremental intermediate representation with a full intermediate representation of a previous version of the source code application. The techniques further include generating an impact graph based on the merged intermediate representation. Additionally, the techniques include performing a security vulnerability analysis on the security vulnerability fix based on the merged intermediate representation, the impact graph, and the identified security vulnerability. Further, the techniques include updating the security vulnerability analysis by removing one or more findings that are not related to the impact graph.

Abstract: A system and method for detecting and blocking bots are presented. The method includes receiving unlabeled data regarding a visitor of a web source, grouping the received unlabeled data with similar characteristics into a group of data, detecting, based on the group of data, at least one anomaly, and determining, based on the at least one detected anomaly, several visitors to be blacklisted.

Abstract: Methods, systems, and devices for homomorphic encryption. In one implementation, the methods include inputting first data into a recurrent artificial neural network, identifying patterns of activity in the recurrent artificial neural network that are responsive to the input of the secure data, storing second data representing whether the identified patterns of activity comports with topological patterns, and statistically analyzing the second data to draw conclusions about the first data.

Abstract: A method includes determining, by an analysis system, a system aspect of a system for a protection evaluation. The method further includes determining, by the analysis system, at least one evaluation perspective for use in performing the protection evaluation on the system aspect. The method further includes determining, by the analysis system, at least one evaluation viewpoint for use in performing the protection analysis on the system aspect. The method further includes obtaining, by the analysis system, protection data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint. The method further includes calculating, by the analysis system, a protection rating as a measure of protection maturity for the system aspect based on the protection data, the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric.

Abstract: The technology disclosed relates to streamlined analysis of security posture of a cloud environment. In particular, the disclosed technology relates to a graphical query builder for generating a subject path signature, for example representing a vulnerability path in the cloud environment. A computer-implemented method includes generating a graphical user interface having configurable node elements and edge elements and, in response to user input on the graphical user interface, configuring the node elements to represent entities in a subject path signature in the cloud environment and the edge elements to represent relationships between the entities in the subject path signature. The method also includes generating a query representing the subject path signature, executing the query to qualify a set of network paths in the cloud environment as conforming to the subject path signature, and outputting query results identifying the qualified set of network paths.

Abstract: Methods and systems for continuously and quantitatively assessing the risk to data confidentiality, integrity, and availability on identified on endpoints, servers, medical devices, and “Internet of things” devices in a networked healthcare environment monitor resource requests by user applications running on the various device. A map of resource usage by each application may be generated. Based on the map and a risk model (e.g., the contents of a risk database), application events associated with risks are detected and resources vulnerable to the risk may be identified.

Abstract: A system and method for facilitating distributed peer to peer storage of data is disclosed. The method includes receiving a request from a user to securely store one or more files, encrypting the one or more files by using one or more primary encryption keys and splitting each of the encrypted one or more files into an encrypted set of data chunks. The method further includes transmitting the encrypted set of data chunks to one or more trustee devices, encrypting a metadata by using a secondary encryption key and receiving a request to securely access the one or more files. Further, the method includes obtaining the encrypted set of data chunks and the secondary encryption key from the one or more trustee devices and creating the one or more files, such that the user is provided access of the one or more files.

Abstract: A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens.

Abstract: Providing a risk analysis report for an undesired event may include identifying an attack type resulting in the undesired event and at least one requirement for a successful attack. Providing the report may further include obtaining protection data associated with protection measures that affect the requirements for a successful attack, performing each simulation in a plurality of Monte Carlo simulations for the attack type a number N of times based on the undesired event, the attack type, and the protection data, and in response to determining that the N performances of a simulation indicate at least one wildcard, performing it an additional N times. Providing the report may also include identifying a vulnerability of the protection measures to the attack type based on the performances of the plurality of Monte Carlo simulations and generating the risk analysis report for the undesired event based on the attack type and the vulnerability.

Abstract: A biometric processor comprises: one or more inputs configured to receive first ear biometric data acquired in respect of a first ear of a user and second ear biometric data acquired in respect of a second ear of the user; a processing module configured to perform a biometric algorithm on the first ear biometric data and the second ear biometric data, based on a comparison of the first ear biometric data to a first stored ear biometric template for an authorised user and a comparison of the second ear biometric data to a second stored ear biometric template for the authorised user, to obtain respective first and second biometric scores; a fusion module configured to apply first and second weights to the respective first and second biometric scores to obtain first and second weighted biometric scores, and to combine at least the first and second weighted biometric scores to generate an overall biometric score, wherein the first and second weights are different to each other; and wherein a biometric result is b

Abstract: A computer implemented method in a system comprising an actor authorization node, an access right storage node and a file record node.

Abstract: A method (500) includes initializing a client state (250) on a client device (120) be executing a private batched sum retrieval instruction (200) to compute c sums O of data blocks (102) from an untrusted storage device (150). Each computed sum O stored on memory hardware (122) of the client device and including a sum of a corresponding subset S of exactly k data blocks. The method also includes a query instruction (300) to retrieve a query block Bq stored on the untrusted storage device by iterating through each of the c sums O of data blocks to identify one of the c sums O that does not include the query block Bq, instructing a service to pseudorandomly partition the untrusted storage device into partitions and sum the data blocks in each partition to determine a corresponding encrypted data block sum (302).

Abstract: Applications of the privacy switch technology are shown for handling data breaches in database systems, thereby providing fundamental improvements to the security and utility of database technology.

Abstract: A method for executing a second-order taint analysis on library code may include generating, by executing a first-order taint analysis on the library code starting at a sink, a first execution path from a load instruction to the sink. The load instruction may perform: reading a first value using a first global identifier. The method may further include determining a store instruction by matching the load instruction and the store instruction. The store instruction may perform: writing a second value using a second global identifier. The method may further include, generating a second execution path from the store instruction to the load instruction, generating, by executing the first-order taint analysis on the library code starting at the store instruction, a third execution path from an entry point to the store instruction, and forming a potential second-order taint flow by joining the first, second, and third execution paths.

Abstract: An application development assistance system in which optimal security measures can be taken at positions in need of security measures under an application development environment using a flow diagram analyzes an input application description file and outputs application data information and module information. A data importance level judgment unit decides importance levels of data exchanged between modules on the basis of the application data information.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A method may include extracting, from an instruction of a function in source code, (i) a left-hand side (LHS) access path including a first variable and a first sequence of fields and (ii) a right-hand side (RHS) access path including a second variable and a second sequence of fields, determining, using an incoming access path, an outgoing access path for the instruction, determining that the incoming access path subsumes the LHS access path, generating a specialized outgoing access path by appending a field of the LHS access path to the outgoing access path, determining, using the specialized outgoing access path, that an entry access path of the function is reachable from an exit access path of the function, in response to determining that the entry access path is reachable from the exit access path, identifying a potential taint flow from the entry access path to the exit access path.

Abstract: A method for encryption according to an embodiment includes generating a ciphertext for a secret key that is an integer vector by using an integer-based first homomorphic encryption algorithm, generating a key stream that is the integer vector from a nonce and the secret key by using a key stream generator, encoding the key stream by using a message encoding function of the first homomorphic encryption algorithm, encoding a message that is a real vector by using a message encoding function of a real number-based second homomorphic encryption algorithm, generating a ciphertext for the message by using a result of the encoding of the key stream and a result of the encoding of the message, and transmitting the nonce, the ciphertext for the secret key, and the ciphertext for the message to an apparatus for converting a ciphertext.

Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.