Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, relating to software execution. One of the methods includes executing, on a computer including a single memory for storing data and instructions, a virtual environment including a data memory and an instruction memory, the instruction memory configured to be unreadable by instructions stored in the instruction memory; receiving, at the virtual environment, a software module comprising multiple instructions; and performing validation of the software module including: identifying, in the software module one or more calls to the single memory; and verifying that the one or more calls to the single memory are in the data memory.

Abstract: Embodiments of an invention for modifying memory permissions in a secure processing environment are disclosed. In one embodiment, a processor includes an instruction unit and an execution unit. The instruction unit is to receive an instruction to modify access permissions for a page in a secure enclave. The execution unit is to execute the instruction. Execution of the instruction includes setting new access permissions in an enclave page cache map entry. Furthermore, the page is immediately accessible from inside the secure enclave according to the new access permissions.

Abstract: A first communication session is conducted between a media device and a mobile device. The first communication session includes requesting an authorization code from the mobile device and receiving the authorization code from the mobile device. The mobile device acts as an intermediary for obtaining authentication from a content server. The mobile device initiates a second communication session with a provider authorization service of the content server. The second communication session includes obtaining a token from the provider authorization service using the authorization code. The media device initiates a third communication session with the content server. The third communication session includes utilizing the token to obtain content from the content server. The system automatically attempts to renew the token in response to an expiration of the token.

Abstract: According to an embodiment, an information processing device includes an event processor and a first determining unit. The event processor includes an event detecting unit. The event detecting unit is configured to detect an event and suspend execution of the event. The first determining unit registering unit is configured to register the first determining unit when stored first identification information and identification information of the first determining unit match with each other. The first determining unit includes a second determining unit. The second determining unit registering unit is configured to register a second application as a second determining unit when the verification of a signature of the second application is successful. The event detecting unit cancels suspending of the event and executes the event when the result of determination indicates permission of the execution.

Abstract: In one embodiment, a method includes establishing a connection with an access-point (AP) device via a first communication path. The method further includes establishing a connection with a proxy device for the AP device via a second communication path that is distinct from the first communication path. In addition, the method includes determining a set of connection credentials maintained by the AP device. Furthermore, the method includes determining a set of connection credentials maintained by the proxy device. Additionally, the method includes identifying a correct set of connection credentials. The correct set includes at least one of the first set and the second set. The method also includes synchronizing the first set and the second set according to the correct set.

Abstract: Processes for the implementation and scoring of computer and network system defense exercises include base and modified scoring in accordance with various parameters and across multiple types of participants including attackers, defenders, forensic analysts, judges and referees. Effects-based scoring includes scoring for ascertaining status of an external client system by a participant in an independent client system.

Abstract: The disclosed embodiments provide a system that processes data. During operation, the system uses a first key to protect a write operation on the data. Next, the system uses a second key to protect a read operation on the data.

Abstract: A first portion of a cryptographic key can be conveyed through a secure channel to a device that can interact with a home network. After the first portion is received, a prompt can be sent by the recipient of the portion through a non-secure channel to the sender of the portion to send a second portion of the key. The cryptographic key can be constituted from the received portions and used by the device to secure communications with home network.

Abstract: A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Data to be transmitted is received from a user computer. The data includes a plurality of fields of data. One or more fields of data are selected for anonymization. The selected one or more fields are anonymized. The data with one or more fields anonymized is transmitted to the destination computing device.

Abstract: An information processing apparatus including a random number generation unit configured to generate a pair of random numbers from a seed, a message generation unit configured to generate a message based on a pair of multi-order multivariate polynomials F=(f1, . . . , fm) defined in a ring K, the pair of random numbers, and a vector s that is an element of a set Kn, a message supply unit configured to supply the message to a verifier storing the pair of multi-order multivariate polynomials F and vectors y=(y1, . . . , ym)=(f1(s), . . . , fm(s)), and a response supply unit configured to supply the verifier with response information corresponding to a verification pattern selected by the verifier from among k (where k?3) verification patterns.

Abstract: A system includes a physical analysis module, a cyber analysis module, and a determination module. The physical analysis module is configured to obtain physical diagnostic information, and to determine physical analysis information using the physical diagnostic information. The cyber analysis module is configured to obtain cyber security data of the functional system, and to determine cyber analysis information using the cyber security data. The determination module is configured to obtain the physical analysis information and the cyber analysis information, and to determine a state of the functional system using the physical analysis information and the cyber analysis information. The state determined corresponds to at least one of physical condition or cyber security threat. The determination module is also configured to identify if the state corresponds to one or more of a non-malicious condition or a malicious condition.

Abstract: According to an embodiment, a key generating device connected to an external device includes a generating unit configured to generate an encryption key; a first communicating unit configured to transmit and receive the encryption key to and from the external device; a storage unit configured to stores therein state information indicating a communication state with respect to an application using the encryption key; and a controller configured to make a control of changing a frequency at which the generating unit generates the encryption key or a frequency at which the first communicating unit transmits and receives the encryption key according to the state information.

Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

Abstract: A method, computer program product, and system is described. An indication of a problem regarding a content item is received, the content item being subject to a workflow including an approval protocol. A request for an emergency exception to the workflow with respect to an update to the content item is received, the update being associated with the problem. Permission for circumvention of one or more aspects of the approval protocol with respect to the update is provided, in response to receiving the request for the emergency exception.

Abstract: A method, computer program product, and system is described. An indication of a problem regarding a content item is received, the content item being subject to a workflow including an approval protocol. A request for an emergency exception to the workflow with respect to an update to the content item is received, the update being associated with the problem. Permission for circumvention of one or more aspects of the approval protocol with respect to the update is provided, in response to receiving the request for the emergency exception.

Abstract: Methods and systems for behavioral profiling are described. In some embodiments, a method includes observing behavioral characteristics of user interactions during a current session with the user through one of a plurality of channels. Variations between the behavioral characteristics of the user interactions observed during the current session and a behavioral profile previously developed based on prior usage patterns of the user through the plurality of channels are identified, in real-time or near real-time. For the user to proceed in the session, a challenge level is implemented based on the variations between the behavioral characteristics and the behavioral profile.

Abstract: The techniques described herein use training data to train classification models to detect malicious Uniform Resource Locators (URLs) that target authentic resources (e.g., Web page, Web site, or other network locations accessed via a URL). The techniques train the classification models using one or more machine learning algorithms. The training data may include known benign URLs and known malicious URLs (e.g., training URLs) that are associated with a target authentic resource. The techniques then use the trained classification models to determine whether an unknown URL is a malicious URL. The malicious URL determination may be based on one or more lexical features (e.g., brand name edit distances for a domain and path of the URL) and/or site/page features (e.g., a domain age and a domain confidence level) extracted.

Abstract: Techniques for managing secure data transfer, including firmware updates and/or cryptographic keys, may be provided. For example, a portable device may be provided that includes at least a first memory configured to store data associated with secure firmware updates while the device is interacting with a second device. In some examples, a network connection with a third device may be established. The data associated with the firmware update may be received from the third device by utilizing the established network connection. Further, in some examples, the received data may be stored in the first memory only while the first device is interacting with the second device. The portable device may also enable a firmware update of the second device based at least in part on the data stored in the first memory.

Abstract: A mobile communications device may include a plurality of first input devices capable of passively collecting input data, a second input device(s) capable of collecting response data based upon a challenge, and a processor capable of determining a level of assurance (LOA) that possession of the mobile communications device has not changed based upon a statistical behavioral model and the passively received input data, and comparing the LOA with a security threshold. When the LOA is above the security threshold, the processor may be capable of performing a given mobile device operation without requiring response data from the second input device(s). When the LOA falls below the security threshold, the processor may be capable of generating the challenge, performing the given mobile device operation responsive to valid response data, and adding recent input data to the statistical behavioral model responsive to receipt of the valid response data.

Abstract: An authentication device is used to authenticate a component to a product using a secret key. The life cycle of the authentication device is controlled by selective deletion of the secret key. An attestation message is sent by the authentication device upon deletion of the secret key. Authentication devices from faulty components or over supply of the authentication devices ma}? be rendered inoperable and audited.