Abstract: Various embodiments provide for tag-based application of a masking policy, which can be used in connection with a data platform. In particular, various embodiments enable enforcement of one or more masking policies against an entity (e.g., object) of a data platform, such as a database, a table, a row, or a column, based on one or more tags associated with the entity.

Abstract: A system manages resources based on a hardware transactional memory unit. The system stores a system profile map comprising system profiles of applications. The system profile of an application stores information describing system resource utilization of the application. If a request for resources for executing a new application is received, a hardware transactional memory unit determines an amount of memory to be allocated for executing the new application and allocates memory partitions for executing the new application. The system profile of the new application is compared with system profiles in the system profile map. If there are any indicators of compromise representing potential compromise of the new application the request for resources for the new application is denied. The system generates and uses true random numbers.

Abstract: Disclosed herein are methods and systems for selecting a detection model for detection of a malicious file. An exemplary method includes: monitoring a file during execution of the file within a computer system by intercepting commands of the file being executed and determining one or more parameters of the intercepted commands. A behavior log of the file being executed containing behavioral data is formed based on the intercepted commands and based on the one or more parameters of the intercepted commands. The behavior log is analyzed to form a feature vector. The feature vector characterizes the behavioral data. One or more detection models are selected from a database of detection models based on the feature vector. Each of the one or more detection models includes a decision-making rule for determining a degree of maliciousness of the file being executed.

Abstract: Detection of malicious JavaScript based on automated user interaction emulation is disclosed. A malware sample is executed in an instrumented virtual environment. Dynamic behavior is triggered based on emulated user interactions.

Abstract: Systems, methods and non-transitory computer readable media for ownership determination in privacy firewalls are provided. A request of a user to perform an action for creating a new data collection using source data collections may be received. In response to the user not having permission to view at least part of at least one of the source data collections and the user not being an owner of the at least one of the source data collections, it may be determined that the user is not an owner of the new data collection, and in response to the user being at least an owner of the data collection or having permission to view the entire data collection for all source data collections, it may be determined that the user is an owner of the new data collection.

Abstract: Aspects of the present disclosure relate to encrypted data processing (EDAP). A processor includes a register file configured to store ciphertext data, an instruction fetch and decode unit configured to fetch and decode instructions, and a functional unit configured to process the stored ciphertext data. The functional unit further includes a decryption module configured to decrypt ciphertext data from the register file to receive cleartext data using an encryption key stored within the functional unit. The functional unit further includes a local buffer configured to store the cleartext data. The functional unit further includes an arithmetic logical unit configured to generate cleartext computation results using the cleartext data The functional unit further includes an encryption module configured to encrypt the cleartext computation results to generate ciphertext computation results for storage back into the register file.

Abstract: A method for operating a user equipment (UE) includes deriving security keys for a signaling radio bearer (SRB) in accordance with a first message received from an access node, initiating security for the SRB in accordance with the first message, receiving, from the access node, a second message including at least one security parameter for at least one data radio bearer (DRB), wherein the at least one security parameter is associated with a session that includes the at least one DRB, and wherein the second message is secured with the security keys for the SRB, and initiating security for the at least one DRB in accordance with the at least one security parameter.

Abstract: Some examples relate generally to managing and storing data, and more specifically to the real-time detection of ransomware, system (or insider) threats, or the misappropriation of credentials by using file system audit events.

Abstract: Systems, methods, and related technologies for profiling an entity and classifying an entity based on a profile are described. In certain aspects, accessing data associated with one or more communications of an entity is accessed and one or more behaviors based on the data associated with the one or more communications of the entity are determined. One or more sequences of the one or more behaviors of the entity are determined and a profile is determined based on the one or more sequences of the one or more behaviors, wherein the profile comprises a classification of the entity. The profile may then be stored.

Abstract: A system, method, and computer-readable medium are disclosed for performing a type-dependent event deduplication operation. The type-dependent event deduplication operation comprising: receiving a stream of events, the stream of events comprising a plurality of events, each event of the plurality of events having an associated event type; determining an event type of the plurality of events; parsing the plurality of events based upon the associated event type, the parsing providing a plurality of parsed events; and, performing a type-dependent event deduplication operation on the plurality of parsed events, the type-dependent event deduplication operation deduplicating events based upon the event type.

Abstract: A device includes a first memory circuit and a processing circuit. The first memory circuit is configured to store first hash data. The processing circuit is coupled to the first memory circuit. The processing circuit is configured to: at least based on a volume of the device, define a size of a distinguishable identification (ID) and a size of second hash data; based on a combination of at least one bit of each of the distinguishable ID and IDs of the device, generate the second hash data; and compare the first hash data with the second hash data, in order to identify whether the device is tampered. A method is also discloses herein.

Abstract: A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy.

Abstract: A system for extracting data from a plurality of electromagnetic data signals encoding the data is provided. The system includes a phase modulator which receives an electromagnetic beam, and generates an electromagnetic primary reference beam with a defined phase. The system further includes one or more mixing units, each mixing unit being arranged to receive a respective one of the data signals and a reference beam, and to generate two mixed signals. The one or more mixing units include a first mixing unit for which the reference beam is the primary reference beam. The system also includes a plurality of detection units. Each detection unit is arranged to receive a respective one of the data signals and a respective mixed signal from one of the mixing units, and to obtain a difference measurement indicative of a difference between the respective data signal and the respective mixed signal.

Abstract: A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Abstract: Embodiments of the present disclosure provide systems, methods, and devices for countering fraudulent transactions by identifying devices associated with fraudulent activity. Examples relate to a system which compares identification parameters of devices associated with fraudulent activity, directly or indirectly, to identification parameters of a particular device. Based on the comparison, a confidence score may be generated may relate to the risk of fraud associated with that device. In some examples, the system may challenge a user with additionally security questions if the confidence score associated with a device indicates an increased risk of fraud.

Abstract: Systems, devices, and methods are disclosed for wireless communication of analyte data. In embodiments, a method of using a diabetes management partner interface to configure an analyte sensor system for wireless communication with a plurality of partner devices is provided. The method includes the analyte sensor system receiving authorization to provide one of the partner devices with access to a set of configuration parameters via the diabetes management partner interface. The set of configuration parameters is stored in a memory of the analyte sensor system. The method also includes, responsive to input received from the one partner device via the diabetes management partner interface, the analyte sensor system setting or causing a modification to the set of configuration parameters, according to a system requirement of the one partner device.

Abstract: A method for generation of blocks for a partitioned blockchain includes: storing blocks comprising a partitioned blockchain, wherein each block includes a header and transaction entries; receiving transaction data entries for each of a plurality of subnets; generating a hash value of the header included in the most recently added block; generating a new block header, the new block header including the generated hash value, a timestamp, and a sequence of pairs including a pair for each of the plurality of subnets, each pair including a subnet identifier associated with the respective subnet and a merkle root of each of the transaction data entries received for the respective subnet; generating a new block, the new block including the generated new block header and the transaction data entries for each of the plurality of subnets; and transmitting the new block to a plurality of nodes associated with the partitioned blockchain.

Abstract: A method for processing an out-of-order data stream includes inserting a new data stream element into a segment list according to a timestamp of the new data stream element. It is identified whether there are missing data stream elements between segments in the segment list. The segments which have no missing data stream elements between them are merged. Values of the data stream elements are aggregated using a sliding window over out-of-order data stream elements in the merged segment.

Abstract: A method and apparatus for anonymizing a three-dimensional medical image are provided. The apparatus determines a skin region of a three-dimensional medical image, generates a human mask based on a human tissue region of the three-dimensional medical image, the human tissue region including various organs, generates a skin expansion region in which the skin region of the three-dimensional medical image is expanded, generates an anonymization region obtained by removing a region corresponding to the human mask from the skin expansion region, and changes brightness values of voxels corresponding to the anonymization region in the three-dimensional medical image to a predefined value or an arbitrary value.

Abstract: Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.