Abstract: A system accesses information regarding a topology of an arrangement of resources, where one of the resources is a multi-tiered resource having a plurality of layers. Based on the information regarding the topology of the arrangement of resources, the system selects one or more layers of the multi-tiered resource for deployment of a deception server that has a reduced security mechanism to act as a decoy to attract attackers of the system. The system deploys the deception server at the selected one or more layers of the multi-tiered resource.

Abstract: Techniques for intelligently deciding the optimal authenticator(s) from amongst those supported by an electronic device are described. The authentication system according to some embodiments may include a dynamic machine learner that incorporates the attributes of: (i) user behavior attributes (e.g., preferred authenticator); (ii) device attributes (e.g., hardware and software specifications, applications, etc.); and (iii) operating environment attributes (e.g., ambient light, noise, etc.), as well as the interplay between the aforementioned attributes over time to make the decision. In some embodiments, the authentication activities and patterns of other users of similar type (e.g., users exhibiting similar behavior across different operating environments) can also be learned and employed to improve the decision making process over time.

Abstract: The disclosed computer-implemented method for mitigating stalkerware by rendering it useless is performed, at least in part, by a computing device comprising at least one processor. The method includes detecting, by the at least one processor in accordance with a security configuration of the computing device, a stalkerware application running in a foreground of the computing device. The method also includes overlaying, by the at least one processor in accordance with the security configuration, the stalkerware application with a window in response to the detecting. The method further includes performing a security action by intercepting one or more user inputs to the stalkerware application via the window, thereby preventing user configuration of the stalkerware application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An apparatus has processing circuitry 4 supporting a number of security domains, and within each domain supporting a number of modes including a handler mode for exception processing and a thread mode for background processing. For an exception entry transition from secure thread mode to secure handler mode, a transition disable indicator 42 is set. For at least one type of exception return transition to processing in the secure domain and the thread mode when the transition disable indicator 42 is set, a fault is signaled. This can protect against some security attacks.

Abstract: Systems and methods for controlling measurement units for a medical scale. One system includes a removable head unit configured to couple to a medical scale platform. The removable head unit includes a human machine interface (HMI) and an electronic processor coupled to the human machine interface. The electronic processor is configured to receive, via the HMI, a first user input selecting a permanent lock mode. The electronic processor is configured to, in response to receiving the user input, present a first authentication request and receive a second user input including a first authentication token. The electronic processor is configured to, when the first authentication token is valid, present a measurement unit selection prompt. The electronic processor is configured to receive a second user input selecting a measurement unit and, in response to receiving the second user input, activate the permanent lock mode based on the selected measurement unit.

Abstract: Systems and methods for managing group encryption are described. In certain methods, a content asset may be encrypted with an asset key. An account key may be determined. Using the account key, an encrypted content asset package may be generated. The asset key may make up at least a portion of the encrypted content asset package. The encrypted content asset package is decryptable with the account key. The encrypted content asset package and an identifier associated with the account key may be transmitted, for example to a playback device.

Abstract: Methods and systems for self-certifying secure operation of a cyber-physical system having a plurality of monitoring nodes. In an embodiment, an artificial intelligence (AI) watchdog computer platform obtains, using the output of a local features extraction process of time series data of a plurality of monitoring nodes of a cyber-physical system and a global features extraction process, global features extraction data. The AI watchdog computer platform then obtains reduced dimensional data, generates an updated decision boundary, compares the updated decision boundary to a certification manifold, determines based on the comparison that the updated decision boundary is certified, and determines, based on an anomaly detection process, whether the cyber-physical system is behaving normally or abnormally.

Abstract: A method in one embodiment includes receiving usage data from a first operational management system, the first operational management system utilizing a plurality of assets of an information technology infrastructure. The method also includes identifying, based at least in part on the received usage data, one or more asset relationships between at least two assets of the plurality of assets, and one or more user-asset relationships between one or more users and one or more of the plurality of assets. In the method, one or more parameters of a plurality of parameters are applied to the identified asset and user-asset relationships to determine one or more designations associated with the identified asset and user-asset relationships. The one or more designations are transmitted to a second operational management system to trigger a risk management workflow based at least in part on the one or more designations.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.

Abstract: Methods, systems, and computer programs for generating cryptographic function parameters are described. In some examples, astronomical data from an observed astronomical event is obtained. A pseudorandom generator is seeded based on the astronomical data. After seeding the pseudorandom generator, an output from the pseudorandom generator is obtained. A parameter for a cryptographic function is generated by operation of one or more data processors. The parameter is generated from the output from the pseudorandom generator.

Abstract: Mechanisms for defending a computing system from attack are presented. The mechanisms include: maintaining a round counter that tracks a round number for a local host; determining a location in a graph for each of a plurality of hosts including the local host; determining monitor hosts of the plurality of hosts that are monitoring the local host; determining monitoree hosts of the plurality of hosts that are being monitored by the local host; sending a message to each of the monitor hosts identifying a value of the round counter; forwarding a first set of heartbeat messages from previous monitoree hosts to the monitor hosts; attempting to receive messages from the monitoree hosts; determining whether any messages were not received from the monitoree hosts; and in response to determining that one or more messages were not received from the monitoree hosts, generating an alert.

Abstract: Methods and systems for selectively encrypting commit log entries in a distributed database system are described. One example method includes determining that a commit log for a particular server in the distributed database system is to be updated based on a data operation performed on a tablet managed by the server, the tablet including at least a portion of the data from a table in the distributed database system, and wherein the data from the table is stored in multiple tablets; determining that the tablet managed by the particular server is an encrypted tablet; in response to determining that the tablet is an encrypted tablet, generating an encrypted log entry representing the data operation performed on the tablet including an encrypted payload including information representing the data operation and an unencrypted header including information about the encrypted log entry; and updating the commit log to include the encrypted log entry.

Abstract: Embodiments of the disclosure disclose a system to prevent data of a client from leaking to untrusted parties in a multiparty computation environment. According to one embodiment, in response to a request received at a gateway (e.g., a non-bypassable gateway) of a server from a user device of a user over a network to process user data by an execution service, the system sanitizes the user data by scanning the user data for malicious code. The system selects a trusted execution environment (TEE) worker from a number of TEE workers and initiates an execution of the execution service by the selected TEE worker. The system receives execution results from the selected TEE worker. The system transmits the execution results to the user device of the user over the network.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment, where a database system-implemented method includes receiving, by the database system, a content file and metadata to be submitted to a data repository of the database system. The content file may include content, where the metadata may include identifying data associated with at least one of the content and a user associated with the content. The method may include verifying, by the database system, the identifying data of the metadata. The verification of the identifying data represents authentication of at least one of the user and the content. The method may include submitting, by the database system, the content file and the metadata to the data repository, upon authentication of at least one of the user and the content via successful verification of the identifying data.

Abstract: The disclosure provides a processor checking method, a checking device and a checking system. The method includes acquiring a first access record of the processor to a first memory during a running process, the first access record including reading-operation information; acquiring a second access record of a checking device to a second memory during a replay process, the second access record including first reading-operation information, the first reading-operation information being reading-operation information corresponding to a case in which a first access of the checking device to a same address during the replay process is a reading operation, and determining, based on the first access record and the second access record, whether or not the processor reads during the running process a memory address that is not any one of addresses included in the second access record.

Abstract: A connection establishing system and method for a mesh network is provided, the mesh network includes a first transceiver and a second transceiver, the method includes performing a secure connection procedure including: transmitting, by the second transceiver, a secure connection request signal including a identifier to the first transceiver. The first transceiver encrypts the authentication message by using a public key corresponding to the identifier to generate a secure connection response signal and transmit the same to the second transceiver, the second transceiver decrypts the secure connection response signal by a private key to generate a decryption message and transmits an association request signal including the decryption message to the first transceiver.

Abstract: A chat system transfers chat data transmitted from a user terminal to a chat bot or another user terminal via a network. When the chat data transmitted from the user terminal is detected to include a content related to personal information, the chat system performs a predetermined filtering process on the chat data.

Abstract: A method for extracting, correlating, consolidating and presenting metadata from transmissions is provided. The method may include receiving a TCP/IP transmission. The transmission may include a header and a body. The method may include extracting an originating IP address from a location of the transmission. The location may be in the header or in the body. The IP address may be extracted in binary form. The method may include determining an accuracy and validity metric of the transmission using an artificial intelligence module. The method may include converting the extracted IP address from binary form into hexadecimal form. The method may include embedding the hexadecimal form of the IP address into one or more unused options of the header. The method may include processing the transmission. The processing may be completed upon determination that the transmission is a valid transmission.

Abstract: A method of sharing information on the basis of anchoring and an anchoring device supporting the same and more particularly are provided. One of the methods includes, acquiring anchoring information including first field information permitted for sharing from a target transaction record recorded in a first blockchain and recording the acquired anchoring information in a second blockchain.