Abstract: Systems and methods for providing selective data-replication among nodes of a distributed multi-tenancy MSSP architecture for performing secure orchestration and automated response (SOAR) are provided. According to one embodiment a master SOAR node of an MSSP receives multiple messages via a secure router coupling a computing environment of the MSSP in communication with respective computing environments of multiple customers of the MSSP. The messages contain information regarding alerts relating to network infrastructure of the customers and the information is controlled by data sharing policies implemented by tenant SOAR nodes within the respective computing environments of the customers. Based on an investigation into an alert relating to a network infrastructure of a particular customer, the master SOAR node causes a workflow to be remotely executed by a tenant SOAR node within the computing environment of the particular customer.

Abstract: Specific connection request is refused responsive to a match on the MAC ban list. If not on the MAC ban list, and a station has MAC randomization enabled, the specific connection requests is also checked against the hostname ban list, wherein the specific connection request is refused responsive to a match on the hostname ban list. The specific new connection request is allowed to proceed responsive to not matching the MAC ban list and not matching the hostname ban list.

Abstract: The technology described herein identifies malicious URLs using a classifier that is both accurate and fast. Aspects of the technology are particularly well adapted for use as a real-time URL security analysis tool because the technology is able to quickly process a URL and produce a warning when a malicious URL is identified. The rapid processing speed of the technology described herein is produced, in part, by use of only a single input signal, which is the URL itself. The high accuracy produced by the technology described herein is achieved by analyzing the unstructured text on both a character-by-character level and a word-by-word level. The technology described herein uses both character-level and word-level information from the incoming URL.

Abstract: Disclosed is a system and a method for detecting anomaly in a radio access network (RAN). The method includes receiving quality parameters data for a wide communication network established by plurality of base stations associated with the RAN; defining a first radio fingerprint based on the quality parameters data for the wide communication network; monitoring, by one of the base stations installed in a geological area, quality parameters data for a local communication network; defining a second radio fingerprint based on the quality parameters data for the local communication network; comparing the first radio fingerprint and the second radio fingerprint to determine variation in the quality parameters data therebetween; and generating an alert signal indicative of presence of a possible fake base station in the geological area based on the determined variation in the quality parameters data.

Abstract: Techniques are described for providing a policy refiner application used to analyze and recommend modifications to identity and access management policies created by users of a cloud provider network (e.g., to move the policies toward least-privilege permissions). A policy refiner application receives as input a policy to analyze, and a log of events related to activity associated with one or more accounts of a cloud provider network. The policy refiner application can identify, from the log of events, actions that were permitted based on particular statements contained in the policy. Based on field values contained in the corresponding events, the policy refiner application generates an abstraction of the field values, where the abstraction of the field values may represent a more restrictive version of the field from a policy perspective. These abstractions can be presented to users as recommendations for modifying their policy to reduce the privileges granted by the policy.

Abstract: An information processing device, includes: a metadata generator generating, based on an update request of firmware, first metadata including identification of the firmware; a time manager; a validity period determiner determining a first validity period for the first metadata based on time acquired from the time manager; a counter counting up a value per unit time; an acquirer acquiring a first counter value of the counter for the first metadata; a storage storing entries in which second metadata including identification of firmware, a second validity period of the second metadata, and a second counter value of the counter having been acquired for the second metadata are associated; and a determiner detecting the second metadata including same identification as the first metadata, acquire the second validity period and the second counter value from the entry including the detected second metadata, and detecting falsification of the first validity period.

Abstract: Among other things, this document describes systems, devices, and methods for executing rules in an application layer firewall, including in particular a web application firewall (WAF). An application layer firewall engine employs symbolic execution techniques that result in improved performance and efficiency. In preferred embodiments, an arbitrary firewall rule can be pre-processed to discover and define a set of one or more properties that an input must have in order for the input to have the potential to trigger the rule. By quickly examining an input for these properties, then application layer firewall can conclude that the input cannot trigger and therefore skip full execution of the rule against the input. This can be repeated for many if not all rules in a firewall ruleset. When a high proportion of the inputs have the required properties for rule-skipping, performance can be dramatically improved.

Abstract: According to the present techniques there is provided a computer implemented method of bootstrapping a device by a bootstrap server, the method comprising: receiving, at the bootstrap server from the device as part of a bootstrap process, common credential data including a trust indicator to indicate that the common credential data is common for a group of devices; obtaining, at the bootstrap server, resource credential data based on or in response to the common credential data, the resource credential data to enable the device to authenticate with a resource; transmitting, from the bootstrap server to the device, the resource credential data.

Abstract: A main-chain node of a management server updates agreement information on a main chain if a user agrees to provide data to a first app, which is a mini app of a wallet app, when subscribing to the first app. The updated agreement information is shared among service servers on the main chain. Based on the updated agreement information, a sub-chain node of the management server transmits user information to a sub-chain node of a service server that is added to the agreement information.

Abstract: In one embodiment, a method comprises: initiating, by an executable agent within a secure executable container executed by a network device, a monitoring of a network-based service between the network device and a second network device having a two-way trusted relationship with the network device within a secure peer-to-peer data network, the network-based service based on a securely-stored secure data structure or a securely-transmitted secure data structure in the secure peer-to-peer data network; executing, by the executable agent, a secure machine learning operation based on one or more user actions associated with the network-based service, wherein the secure executable container prevents any access of any unencrypted data structure, or accessing the secure peer-to-peer data network, without authorized access via a prescribed Application Programming Interface (API); and autonomically executing, by the executable agent, an improved operation for the network-based service based on the machine learning.

Abstract: A network device includes at least one memory storing instructions, and one or more processors configured to execute the instructions, which when executed by the one or more processors, cause the network device to output information indicating occurrence of a specific event in the network device to a predetermined display region, check approval or disapproval of transmission of information regarding the specific event to a management server in accordance with selection of the predetermined display region, enable mobile communication if transmission of the information regarding the specific event to the management server is approved, and transmit the information regarding the specific event to the management server through the enabled mobile communication, wherein the mobile communication enables communication between the network device and the management server via a WAN, and wherein, if the mobile communication is not enabled, the network device does not connect to the WAN.

Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support secure training of machine learning (ML) models that preserves privacy in untrusted environments using distributed executable file packages. The executable file packages may include files, libraries, scripts, and the like that enable a cloud service provider configured to provide ML model training based on non-encrypted data to also support homomorphic encryption of data and ML model training with one or more clients, particularly for a diagnosis prediction model trained using medical data. Because the training is based on encrypted client data, private client data such as patient medical data may be used to train the diagnosis prediction model without exposing the client data to the cloud service provider or others. Using homomorphic encryption enables training of the diagnosis prediction model using encrypted data without requiring decryption prior to training.

Abstract: A system to detect an abnormally permissive role definition, which can include an abnormally permissive custom role definition, and take action is described. The system receives a role definition for a security principal over a scope of resources in which the role definition includes a built-in role and a custom role. Permissions of the role definition and a creation event of the role definition are analyzed. A security score based on the role definition and creation event for the scope of resources is determined. An action is taken based on the security score and the creation event analysis.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Abstract: A privacy information transmission method, an apparatus, a computer device and a computer-readable medium are disclosed. The method may include: generating authentication information in response to receiving of an identity registration request message sent by a terminal device via a base station, and encrypting the authentication information with a first private key to generate encrypted authentication information; sending a first identity identification request message carrying the encrypted authentication information to the terminal device; and receiving an identity identification response message returned by the terminal device, and acquiring privacy information from the identity identification response message.

Abstract: The disclosure facilitates creating and using a data safe for user personal information via creating block chains of personal information in a distributed file system (DFS), based on a determined category of use of each of the block chains, and/or transmitting an authorization to access a set of the block chains based on the determined category of use associated with a request for authorization. The disclosure also facilitates storing machine-executable code associated with an offer, wherein the block chains are based on a determined category of use of personal information in the block chains, determining the determined category of use of personal information, and/or transmitting a request for authorization to access personal information and the determined category of use associated with the request for authorization, receiving a cryptographic hash associated with a last block of a block chain and a link to the block chain stored in DFS.

Abstract: Method, apparatus and computer program product for multi-modal user authorization are described herein. For example, the apparatus includes at least one processor and at least one non-transitory memory including program code. The at least one non-transitory memory and the program code are configured to, with the at least one processor, receive a request to enable a first client device associated with a first user profile to access a group-based communication system; determine a first access privilege status for the first user profile; in response to determining that the first access privilege status is a general access privilege status, transmit, to the first client device, first user interface data associated with a general access user interface; and in response to determining that the first access privilege status is a limited access privilege status, transmit, to the first client device, second user interface data associated with a limited access user interface.

Abstract: Embodiments of apparatuses, methods, and systems for scalable multi-key memory encryption are disclosed. In an embodiment, an apparatus includes a core, an encryption unit, and key identification hardware. The core is to write data to and read data from memory regions, each to be identified by a corresponding address. The encryption unit to encrypt data to be written and decrypt data to be read. The key identification hardware is to use a portion of the corresponding address to look up a corresponding key identifier in a key information data structure. The corresponding key identifier is one multiple key identifiers. The corresponding key identifier is to identify which one of multiple encryption keys is to be used to encrypt and decrypt the data.

Abstract: A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.