Abstract: Embodiments described include systems and methods for using an HTML-based application integrated with an embedded browser on a client device, for trusted data transfer for instance. An HTML-based application within an embedded browser of a client device can provide access to a network application and its resources. The HTML-based application can establish a secure session for the network application between a server and the HTML-based application. The embedded browser can determine that the HTML-based application is a trusted application via application of one or more policies. With the secure session established and responsive to determining that the HTML-based application is a trusted application, the embedded browser may establish at least one virtual channel between the embedded browser and the HTML-based application. Using the at least one virtual channels, the embedded browser can transfer data between the secure session of the network application and the operating system (OS) of the client device.

Abstract: Permissions on a resource hierarchy of a process are propagated. The resource hierarchy of the process is accessed. The resource hierarchy includes multiple nodes arranged in level and each of the nodes is associated with a separate resource from a plurality of resources. A permission for a user is propagate from a first node to one or more lower nodes arranged below the first node in the resource hierarchy. The user is enabled to interact with each resource associated with the first node and the one or more of the lower nodes based on the propagated permission.

Abstract: Systems and methods are provided herein for monitoring and identifying potential security vulnerabilities in hardware and/or firmware of host devices. In an example, a client system includes a data interface, a processor, and a storage device storing instructions executable by the processor to collect firmware and/or hardware information relating to the client system and transmit, via the data interface, data associated with the firmware and/or hardware information to a remote device.

Abstract: A system is provided for detecting and remediating computing system breaches using computing network traffic monitoring. In particular, the system may identify one or more computing systems within a network as well as relationships between such computing systems to determine a network topology. Based on the network topology, the system may use historical network traffic data associated with the computing systems in the network to generate predicted entry points and lateral pathways of a security breach that may take place within particular computing systems. Then, based on the computing systems affected as well as entry points and path traversals of the breach, the system may generate and/or implement one or more remediation steps to address existing and/or future breaches. In this way, the system may provide an intelligent method of augmenting the security of a computing network.

Abstract: An apparatus for protecting a processor includes an input interface and protection circuitry. The input interface is configured to monitor code instructions that are processed by the processor, one or more of which code instructions including one or more error-detection bits. The protection circuitry is configured to detect an error in the program code using the error-detection bits, and to initiate a responsive action in response to detecting the error.

Abstract: Disclosed herein are methods and systems for transferring trust between authentication devices associated with the same user. The user accessing secure online resource(s) uses a first (authentication) client device which is not yet associated (verified) with the user for accessing the secure online resource(s). In response to receiving an authentication request from the client device, an authentication message is transmitted to the first client device. The authentication message is transferred from the first client device to a second client device already associated (verified) with the user for accessing the secure online resource(s). The second authenticator transmits back the authentication message which may be verified against the authentication message transmitted to the first client device.

Abstract: A device and a method implemented by computer for authorizing, to a user having access rights granted by a first operator, a completely anonymous and secure access, with no trusted third-party, to a collaborative anonymization platform and/or to a service requiring privacy properties based on such a platform operated by various operators.

Abstract: A cybersecurity solution for preventing malware from infecting a computing device or a computer resource on the computing device. The solution can include detecting a computer resource process running or attempting to run on an operating system and comparing details of the computer resource process against an authorized processes database containing details of previously run computer resources processes to determine if the computer resource process is running or attempting to run for a first time on the operating system.

Abstract: Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for managing access permissions for a searchable enterprise platform. In one embodiment, an apparatus is configured to retrieve a user global permissions profile associated with a user profile, the user global permissions profile comprising application access permissions assigned to the user profile for the plurality of software applications; retrieve a global content permissions profile, the global content permissions profile comprising content access permissions assigned to digital content items that are retrievable by one or more of the plurality of software applications; apply permissions conflict rules to resolve permissions conflicts between the user global permissions profile and the global content permissions profile to produce a resolved permissions profile; store the resolved permissions profile to a storage for future use.

Abstract: A conversion device includes processing circuitry configured to receive a programmable signature as a target to be analyzed and symbolized data and/or a log as an input value, analyze the programmable signature by using a symbolic execution engine, and output a conditional branching process executed on the input value as a constraint on the input value and receive the output constraint on the input value, perform field conversion from the constraint on the input value to an output format based on a table of field name correspondence between formats, and output a static signature.

Abstract: The present disclosure provides a method and apparatus for suppressing the spread of viruses in a local area network (LAN). The method includes, in response to that an ARP packet is received, determining whether a number of interacting terminals corresponding to a target terminal that sent the ARP packet reaches a first preset threshold; in response to that the number of interacting terminals reaches the first preset threshold, further determining whether a number of abnormal terminal relationships corresponding to the target terminal reaches a second preset threshold; and in response to that the number of abnormal terminal relationships reaches the second preset threshold, providing protection to the target terminal to so to suppress virus propagation in the LAN.

Abstract: Systems and methods for obscuring data from a data source include devices and processes that may objectively measure the information loss for the data source that is caused by applying a privacy policy, and may apply a policy to the data source based on the measured information loss. The systems and methods may measure the information loss for a large data source by taking a representative sample from the data source and applying the policy to the sample in order to quantify the information loss. The quantified information loss can be iteratively used to change the policy in order to meet utility and/or privacy goals, and the system can subsequently apply the changed policy to the data source.

Abstract: Systems for and methods of detecting cyber-attacks by selecting a group of users and monitoring those user's computer systems for behavior that indicates a series of actions reflecting behavior indicative of a cyber-attack.

Abstract: In general, in one aspect, a method for machine learning recognition of portable executable files as malware includes providing training data comprising features of portable executable files and a descriptive information for the portable executable files, the descriptive information comprising a family or type of malware. The method may include training a model using the training data to detect malware. The method may include using the trained model to recognize malware by providing features of a portable executable file as input and providing a threat score and descriptive information as output.

Abstract: A method of managing authorizations to operate a software tool. The method comprises maintaining a count of available authorizations and an authorization allocation list that identifies what authorizations for executing the software tool are allocated to what computers by an authorization resource manager application executing on a computer system, for each of a plurality of computers, determining periodically by the authorization resource manager application if the computer is currently executing the software tool, for each computer determined to be executing the software tool, determining by the authorization resource manager application if an authorization for executing the software tool is allocated to the computer in the authorization allocation list, and, in response to determining that a computer is executing the software tool without being identified as being allocated an authorization in the authorization allocation list, invalidating an authorization identity being used by the computer.

Abstract: This disclosure is related to devices, systems, and techniques for controlling access to network services based on a trust ledger. In some examples, a trust broker system enables a relying party to control network service access of client device, where the trust broker system comprises one or more computing devices configured to maintain a trust ledger including a trust account balance (TAB) associated with each user of a set of users, where the TAB associated with each user of the set of users represents a value used to determine whether the respective user is permitted to access a resource.

Abstract: A security system generates a digital signature for a small cell of a wireless network and assigns the digital signature to the small cell for connecting to the wireless network. The digital signature can be generated based on a connectivity schedule for the small cell. When the security system obtains a connection request from the small cell to connect to the wireless network, the security system compares an instance of the digital signature included in the connection request with an expected digital signature and compares the point in time when the connection request was communicated with an expected time indicated in the connectivity schedule. The security system detects an anomaly when the instance of the digital signature deviates from the expected digital signature or the point in time deviates from the expected time, and causes performance of an action based on a type or degree of the anomaly.

Abstract: A method for authenticating an electronic client device for purposes of granting/denying access to a secure network is provided. The network device detects whether a client device requesting access to the secure network is a known client device on a list maintained by the network device or an unrecognized client device that is not on the list. If the client device is detected as being an unrecognized client device, the network device causes a message to be sent to a manager of the secure network. When a response is received, identification information of the unrecognized client device is automatically added to the list of known client devices by the network device. A network device is also provided.

Abstract: In some aspects, an apparatus for encoding data for delivery to or for decoding data retrieved from a storage medium comprises a memory device and at least one hardware processor. The memory device is configured to store at least one parameter associated with at least one cryptographic protocol, the at least one parameter comprising one or more of a first cryptographic scheme, a first cryptographic key operation, a first cryptographic key length, and first cipher directives. The hardware processor is configured to generate a first frame comprising a first field for one parameter selected from the first cryptographic scheme, the first cryptographic key operation, the first cryptographic key length, and the first cipher directives and excluding fields for non-selected parameters, wherein the first frame is associated with the data delivered to or retrieved from the storage medium.

Abstract: A bot traffic detection system detects scripted network traffic. The bot traffic detection system may use a one-sided unsupervised machine learning technique to estimate distributions for human, non-scripted traffic (clean distributions). The clean distributions may be dynamically updated based on the latest traffic patterns. To estimate the clean distributions the bot traffic detection system may identify, for a certain subset of network traffic, feature values of the certain subset of network traffic that do not include bot traffic (clean buckets). Using clean traffic may provide more robust and stable behavior that can be tracked over time. Using the clean distributions, the bot traffic detection system may generate a rules table that indicates a likelihood that network traffic with a given combination of feature values is scripted network traffic. The bot traffic detection system may apply the rules table in real time to identify scripted network traffic.