Abstract: Methods and systems for reliability prediction of security policies in a cloud computing environment are provided. An example method includes providing a graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, the relationships being associated with points in time, receiving a security policy including rules for the relationships between the workloads, generating a plurality of earliest points in time based on the rules and the graph database, wherein generating the plurality of earliest points in time includes: determining, for each rule of the rules, a subset of the relationships in the graph database such that each of the subset of the relationships matches the rule, and selecting an earliest point in time from points in time associated with relationships from the subset, and analyzing the plurality of earliest points in time to determine a reliability score for the security policy.

Abstract: A method and system for implementing security patches on a computer system is disclosed. The method includes finding one or more security patches; analyzing one of the one or more security patches to find one or more localized security fixes within the one or more security patches; and transforming a security patch within the one or more security patches into a honey patch that is configured to report security violations.

Abstract: An authentication system to authenticate at least one application accessible by a user via a computer for which access is controlled by an authentication datum includes a main mobile device and a main token in which the authentication datum is recorded. The main mobile device is configured to recover the authentication datum of the main token using a pairing key that is segmented into a plurality of segments. A first segment is recorded on the main mobile device and at least one additional segment is recorded on a secondary mobile device and/or a secondary token. The main mobile device is configured to recover the additional segment or segments in order to reconstitute the pairing key and to present the reconstituted pairing key to the main token.

Abstract: For updating the password of a credential with a matching username, methods, apparatus, and systems are disclosed. One method includes storing a set of credentials, each credential in the set comprising a username and password. The method includes detecting an update to a first credential of the set of credentials, the first credential comprising a first username and a first stored password. Here, the update to the first credential indicates a new password to be associated with the first username. The method includes identifying a set of candidate credentials, each candidate credential having a username that matches the first username and a password that matches the stored password and updating the set of candidate credentials to comprise the new password.

Abstract: Techniques for securely generating and using a “fingerprint” for authentication. A server computer receives a first data set from a user device (including a first fuzzy hash of first user data on the user device). The server computer generates a first fingerprint value based on the first data set. The server computer detects an event corresponding to a user in association with the user device. The server computer identifies a baseline fingerprint value (generated based on a baseline fuzzy hash of user data on the user device). The server computer compares the first fingerprint value to the baseline fingerprint value to generate a similarity score. The server computer may determine that the similarity score exceeds a threshold value but does not represent an exact match, and, based on the similarity score, authenticate the user and update the baseline fingerprint value based on the first fingerprint value.

Abstract: Systems, computer program products, and methods are described herein for authenticating a user using an application specific integrated circuit embedded within a user device. The present invention is configured to receive an indication that a user has initiated an application on the user device; determine that the application is associated with the application specific integrated circuit embedded within the user device; activate the application specific integrated circuit based on at least determining that the application is associated with the application specific integrated circuit; receive an indication that the user has initiated an execution of an action, via the application, with an entity; and execute the action using the application specific integrated circuit based on at least receiving the indication that the user has initiated the execution of the action.

Abstract: Embodiments of network devices for access control are described. In some embodiments, an access control processor of a first node receives a request packet from a requestor node on an unsecured network to join a group of nodes; assigns, using a secured network protocol through the network interface, the requestor node to a first localized pool of the group of nodes within the secured network based on the received location information associated with the requestor node, wherein one or more nodes of the first localized pool are configured to perform one or more authorized modifications of data, the data comprising a blockchain including at least one cryptographic hash configured to protect the data against unauthorized modifications; and initiates the one or more first authorized modifications of the data using one or more nodes assigned to the first localized pool including the requestor node.

Abstract: This application relates to the transfer of audio data, and in particular to the verification that data transmitted to a data processing module, such as voice biometric module (111), did originate from a microphone. A microphone authentication apparatus (204) is described having a first input for receiving analogue audio signals from a microphone transducer (201) and an analogue-to-digital converter (202) coupled to said first input for generating digital microphone data based on the received audio signals. A data authentication module (203) generates an authentication certificate (MAC) for certifying that the digital microphone data did pass via the authentication module. The authentication certificate is based on the digital microphone data (DM) and an authentication module key. An output module outputs a digital microphone audio signal based on the digital microphone data with the authentication certificate.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to capture an image on a display, where the image includes at least one user interface element and is part of an application, create a screen signature of the image, determine an exploration strategy for the image based on the screen signature, and perform the exploration strategy on the image. The image can be abstracted to create the screen signature and the exploration strategy includes interacting with each of the at least one user interface elements.

Abstract: Techniques for detecting malware via scanning for dynamically generated function pointers in memory are disclosed. In some embodiments, a system/process/computer program product for detecting malware via scanning for dynamically generated function pointers in memory includes monitoring changes in memory during execution of a malware sample in a computing environment; detecting a dynamically generated function pointer in memory based on an analysis of the monitored changes in memory during execution of the malware sample in the computing environment; and generating a signature based on detection of the dynamically generated function pointer in memory, wherein the malware sample was determined to be malicious.

Abstract: A device determines information concerning the device and sends the information concerning the device to a first device. The device receives, from the first device, information concerning a user device, and receives, from a second device, a request concerning the user device accessing the device. The request includes information identifying the device and information identifying the user device. The device generates a request response by validating the user device for access to the device based on the request and sends, to the second device, the request response to facilitate a communication session to be established between the user device and the device. The device communicates with the user device via the communication session.

Abstract: A method and a system for determining an affiliation of a given software with target software are provided. The method comprises: receiving a file including a machine code associated with the given software; determining a file format; identifying, based on the file format, in the machine code, at least one function of a plurality of functions; generating, for each one of the plurality of functions associated with the given software, a respective function identifier; aggregating respective function identifiers, thereby generating an aggregated array of function identifiers associated with the given software; applying at least one classifier to the aggregated array of function identifiers to determine a likelihood parameter indicative of the given software being affiliated to a respective target software; in response to the likelihood parameter being equal to or greater than a predetermined likelihood parameter threshold: identifying the given software as being affiliated to the respective target software.

Abstract: A method of performing ordered statistics between at least two parties is disclosed which includes identifying a first dataset (xA) by a first node (A), identifying a second dataset (xB) by a second node (B), wherein xB is unknown to A and xA is unknown to B, and wherein A is in communication with B, and wherein A and B are in communication with a server (S), A and B each additively splitting each member of their respective datasets into corresponding shares, sharing the corresponding shares with one another, arranging the corresponding shares according to a mutually agreed predetermined order into corresponding ordered shares, shuffling the ordered shares into shuffled shares, re-splitting the shuffled shares into re-split shuffled shares, and performing an ordered statistical operation on the re-split shuffled shares, wherein the steps of shuffle and re-split is based on additions, subtractions but not multiplication and division.

Abstract: An approach is provided that uses multiple hashing algorithms to verify a password. The approach receives a password that corresponds to a user identifier. A set of hashing algorithms are retrieved with the retrieved set based on the received user identifier so that different user identifiers utilize different sets of hashing algorithms. Hashing the password using each of the hashing algorithms included in the set of algorithms with the hashing resulting in a hash result. An expected hash result that corresponds to the user identifier is retrieved and the approach then verifies the received password by comparing the hash result to the first expected hash result.

Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.

Abstract: A method and an apparatus for hardware security to countermeasure side-channel attacks are provided. The method or apparatus may introduce at least one redundant or partial redundant computation having a similar power dissipation profile or an electromagnetic emission profile when compared to that of a genuine operation for cryptographic devices, and/or to reorder the iterations of operations in a different sequence. The redundant or partial redundant computation may be performed by using a different password key and/or a different raw data (e.g., plaintext). The presence of the redundant or partial redundant computation would make side-channel attacks difficult in the sense that genuine or redundant/partial redundant operations are difficult to be clearly identified, hence serving as a countermeasure for hardware security.

Abstract: A method for unlocking an electronic device may include: receiving actual unlocking information from a locked screen interface; and comparing the actual unlocking information with preset emergency unlocking information and preset normal unlocking information, wherein if the actual unlocking information is the normal unlocking information, an electronic device is unlocked, or if the actual unlocking information is the emergency unlocking information, an emergency operation is executed.

Abstract: The technology described herein discloses systems and methods for upgrading biometric authentication system. The system can receive first biometric information in connection with an authentication request from a user. The system can authenticate the user via a first authentication system by comparing the first biometric information received in connection with the authentication request with second biometric information. The user can be automatically enrolled into a second authentication system using the first biometric information received in connection with the authentication request.

Abstract: Carrying out a penetration testing campaign in a networked system by a penetration testing system, for determining a way for an attacker to compromise the networked system, comprises determining that the attacker can obtain user credentials of a first user, determining that when using the user credentials the first user has access rights to a first network node of the networked system, determining that a second network node of the networked system is compromisable by the attacker during the penetration testing campaign, determining that the first network node was accessed from the second network node, and based on the foregoing, determining that the first network node is compromisable by the attacker during the penetration testing campaign, and determining the way for the attacker to compromise the networked system which includes a step of compromising the first network node using the user credentials of the first user.