Abstract: Enhanced permission techniques are disclosed that ensures integrity of resources while the resources are provided for re-purposing by users that do not have conventional permissions, such as read or write permissions, to the resources. In some examples, a method to evaluate enhanced permissions for re-purposing a resource from a source path to a target path by a user may include evaluating source permissions and target permissions, and determining whether to allow the re-purposing the resource based on the evaluating. The source permissions are copy permissions or cut permissions specified for the source path and that apply to the user. The target permissions are paste permissions specified for the target path and that apply to the user.

Abstract: Embodiments for providing content authentication of job containers in a Hadoop Distributed File System (HDFS) network cluster having a name node and a data node, by inputting job specific files and encryption elements into a file signing engine component executed on the name node to generate a first identity value for the content; inputting the job specific files and the encryption elements into a file signing engine component executed on the data node to generate a second identity value for the content; comparing the first identity value with the second identity value; and proceeding with a task processing the content if the comparing yields a match or aborting the task if the comparing does not yield a match.

Abstract: In some examples, a target device may store a policy that includes one or more conditions. For example, a condition of the policy may specify that each device of the multiple devices have a certificate that was deployed to each device when each device was provisioned. A condition of the policy may specify that each device of the multiple devices be within a predetermined distance (or within a particular distance range) from the target device. A condition of the policy may specify that each device of the plurality of devices have a beacon secret that is periodically broadcast out-of-band by a local beacon. While the conditions of the policy are satisfied, the target device may grant the multiple devices access to the target device. If the target device determines that the conditions of the policy are no longer being satisfied, the target device may deny (or reduce) access.

Abstract: A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device and a port identifier identifying a port on the switch to a threat management server in response to the device passing authentication. The threat management server determines the endpoint device has a block on the port of the switch using the device identifier and the port identifier. The threat management server determines a block timeout period for the endpoint device and the port on the switch has expired. The threat management server removes the block for the endpoint device on the port on the switch in response to determining the block timeout period for the endpoint device and the port on the switch has expired.

Abstract: Aspects of the present disclosure relate to threat detection of executable files. A plurality of static data points may be extracted from an executable file without decrypting or unpacking the executable file. The executable file may then be analyzed without decrypting or unpacking the executable file. Analysis of the executable file may comprise applying a classifier to the plurality of extracted static data points. The classifier may be trained from data comprising known malicious executable files, known benign executable files and known unwanted executable files. Based upon analysis of the executable file, a determination can be made as to whether the executable file is harmful.

Abstract: A method is disclosed for providing a secure session based message connection mechanism between a private cloud routing server (PCRS) and at least one smart device client in a PCRS network. The method includes initializing and provisioning of the PCRS. The method also includes creating a PCRS Client and viewing the PCRS Client. In addition, the method includes editing a peer-to-peer password and status of the PCRS. The method also includes changing the peer-to-peer password by the at least one smart device client. The method also includes resetting the peer-to-peer password and status by an administrator from a PCRS LAN. Finally, the method includes connecting to the PCRS by the at least one smart device client.

Abstract: A system and method for securing and verifying transmitted traffic data. A transmitter may send a transmission via a radio signal including traffic data through or from hardware installed in a traffic control cabinet adjacent an intersection or other roadway feature of interest. The transmission may be signed with a private key. A receiver associated with a vehicle may receive, in addition to the transmission, a public key (e.g., via a data network) for use in verification of the authenticity of the transmission.

Abstract: Detecting a Domain Name Service (DNS) hijacking includes resolving names in a hijack target group list to their respective Internet Protocol (IP) addresses. In response to determining that two names in the hijack target group list resolved to a common IP address, a determination is made whether a legitimate reason exists for the two names in the hijack target group list to resolve to the common IP address. In response to determining that a legitimate reason does not exist for the two names in the hijack target group list to resolve to a common IP address, a DNS hijacking is indicated.

Abstract: A computerize method for voice authentication of a customer in a self-service system is provided. A request for authentication of the customer is received and the customer is enrolled in the self-service system with a text-independent voice print. A passphrase from a plurality of passphrases to transmit to the customer is determined based on comparing each of the plurality of passphrases to a text-dependent or text-independent voice biometric model. The passphrase is transmitted to the customer, and when the customer responds, an audio stream of the passphrase is received. The customer is authenticated by comparing the audio stream of the passphrase against the text-independent voice print. If the customer is authenticated, then storing the audio stream of the passphrase and the topic of the passphrase.

Abstract: Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.

Abstract: A method is provided for authorizing a device for consuming content. In method includes the steps of generating an authorization request, the authorization request for authorization data including device diagnostic data (instructions) an device remedial data (instructions), transmitting the authorization request from the device to an authorizing service, and authorizing or remediating the device according to an authorization response to the authorization request received from an authorization server.

Abstract: A client device, e.g., a smartphone including a web browser, requests a call authorization token from a web server, e.g., a web page server. The web server, acting on behalf of a company, whose web page is hosted and whose phone corresponds to the called party, screens incoming requests and decides whether or not to issue an authorization token, e.g., a signed token including an encrypted portion. The web server issues a call authorization token and communicate the issued token to the client device. The client device includes the received issued call authorization token in a signal, e.g., a SIP INVITE signal, which it generates and sends to a session border controller (SBC). The session border controller processes the received authorization token and checks the authorization token to validate the received token. The SBC establishes a communications session if the received token passes the validation check.

Abstract: Methods, systems, and devices are described for the prevention of network peripheral takeover activity. In some embodiments, peripheral devices may implement an anti-takeover mechanism encrypting messages and transmitting unencrypted decryption keys for a limited period of time. Anti-takeover peripheral devices may transition from a plain operational mode, to a decryption key transmission mode, to a secure mode based on pre-defined triggering events, commands, or timers. Random decryption key values may be generated by peripheral devices and transmitted to listening devices for later storage and retrieval by the listening device. Decryption keys may be stored in remote data stores for later retrieval by anti-takeover aware controller devices.

Abstract: Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

Abstract: In one embodiment, an apparatus captures a memory dump of a device in a sandbox environment executing a malware sample. The apparatus identifies a cryptographic key based on a particular data structure in the captured memory dump. The apparatus uses the identified cryptographic key to decrypt encrypted traffic sent by the device. The apparatus labels at least a portion of the decrypted traffic sent by the device as benign. The apparatus trains a machine learning-based traffic classifier based on the at least a portion of the decrypted traffic sent by the device and labeled as benign.

Abstract: Non-harmful data mimicking computer network attacks may be inserted in a computer network. Anomalous real network connections may be generated between a plurality of computing systems in the network. Data mimicking an attack may also be generated. The generated data may be transmitted between the plurality of computing systems using the real network connections and measured to determine whether an attack is detected.

Abstract: A decoy filesystem that curtails data theft and ensures file integrity protection through deception is described. To protect a base filesystem, the approach herein involves transparently creating multiple levels of stacking to enable various protection features, namely, monitoring file accesses, hiding and redacting sensitive files with baits, and injecting decoys onto fake system views that are purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. In one implementation, a kernel hot-patch is used to seamlessly integrate the new filesystem module into live and existing environments.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for detecting a side channel attack. An embodiment of the method comprises: clearing data in a state save area of a target enclave; sequentially executing an instruction sequence in the target enclave; acquiring data in the state save area; and in response to determining that the acquired data in the state save area indicates that an asynchronous enclave exit with a cause of exception exit happens to the target enclave, determining that the side-channel attack to the target enclave exists. The embodiment implements detecting a side channel attack to the enclave without additional hardware.

Abstract: A data processing method comprising obtaining a plurality of computer network security threat feeds from two or more computer threat detection systems; based upon computer network attack information in the computer network security threat feeds, determining a threat score that represents a severity of an actual or suspected attack on a particular host in a computer network; obtaining an asset value for the particular host that indicates a worth of the particular host, and updating the threat score based upon the asset value; mapping the updated threat score to one of a plurality of remediation actions, wherein a first remediation action is mapped when the updated threat score is low and a second, different remediation action is mapped when the updated threat score is high; based upon the updated threat score and the mapping, selecting and automatically performing one of the plurality of remediation actions on the particular host; wherein the method is performed by one or more special-purpose computing devices

Abstract: A method for secure processing of encrypted data within a receiver includes receiving a packet of encrypted compressed data and allocating a region of memory for storing a decrypted version of the packet of encrypted compressed data. The allocation is in response to, and after, reception of the encrypted compressed data. A size of the region of the memory allocated is equal to a size of the packet of encrypted compressed data that is received. The method further includes modifying a configuration of an access authorization filter for defining access rights to the allocated region, decrypting the packet of encrypted compressed data, and storing, in the allocated region, the decrypted compressed data of the packet. The aforementioned allocation, modification, decryption, and storage steps are repeated in response to each new reception of a packet of encrypted compressed data so as to dynamically modify the configuration of the access authorization filter.