Abstract: A computer implemented method, program product, and system implementing said method, for transforming a call graph representation of an algorithm into a secured call graph representation of said algorithm. The call graph comprises inputs (a, b, f), internal variables being the edges of the graph (c, d, e), elementary functions being the nodes of the graph, said functions being either linear or not linear, and outputs (g), the method comprising: a step of masking each input of the call graph, a step of replacing each unmasked internal variable of the call graph with a masked variable, a step of replacing at least each non-linear function of the call graph with an equivalent function that applies to masked variables, a step of unmasking each output of the call graph.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The various embodiments of the present invention disclose a method of secured transmission and reception of discovery message in device to device (D2D) communication system. According to one embodiment, a transmitting user equipment (UE) receives a ProSe group key (PGK) from a Prose function to perform a D2D communication in a D2D public safety group. The transmitting UE then derives a ProSe traffic key (PTK) using the PGK for transmitting data packets in the D2D communication. Using the PTK, the transmitting UE further derives a Prose integrity protection key (PIK) for securing a discovery message to discover one or more receiving UEs. The transmitting UE transmits the integrity protected discovery message using the derived PIK to the receiving UE.

Abstract: System and method for securely deploying a virtual machine in a data center is disclosed. In one embodiment, public keys are established between the requesting virtual machine and the deployed virtual machine, so that authentication and communication between the machines can occur using the public keys. In another embodiment, a secret private key is established between the requesting virtual machine and the deployed virtual machine using a password authenticated key exchange protocol. Authentication and communication between the machines is then established using the secret private key.

Abstract: Systems and methods for threat detection in a network are provided. The system obtains recoils for entities that access a network. The records include attributes associated with the entities. The system identifies features for each of the entities based on the attributes. The system generates a feature set for each of the entities. The feature set is generated from the features identified based on the attributes of each of the entities. The system forms clusters of entities based on the feature set for each of the entities. The system classifies each of the clusters with a threat severity score calculated based on scores associated with entities forming each of the clusters. The system determines to generate an alert for an entity in a cluster response to the threat severity score of the cluster being greater than a threshold.

Abstract: The subject matter described herein provides protection against zero-day attacks by detecting, via a hypervisor maintaining an extended page table, an attempt to execute arbitrary code associated with malware in a guest operation system (OS) running within a virtual machine (VM). Further, the subject matter provides detection of lateral movement of the malware. The hypervisor uses hidden breakpoints to detect a request for thread creation, and then determines whether the request is to download and execute arbitrary code.

Abstract: Techniques are disclosed for hot swapping one or more module devices on a single host device. A module device can perform module-specific tasks that are defined in its module software driver. Using one or more application programming interfaces, the host device communicates with the module device's module software driver to allow the module device to perform module-specific tasks while removably connected to the host device.

Abstract: Techniques for intercept-based multifactor authentication client enrollment as a network service are disclosed. In some embodiments, a system, process, and/or computer program product for intercept-based multifactor authentication client enrollment as a network service includes monitoring a session at a firewall, intercepting a request for access to a resource while monitoring the session at the firewall, determining that a user associated with the session is not enrolled for multifactor authentication, and initiating enrollment of the user for the multifactor authentication.

Abstract: An operating system of a computing device is configured to monitor for occurrence of an event. In response to determining that the event has occurred, data associated with the event is obtained from the computing device. An address associated with an account of the computing device is determined, and the data associated with the event is sent to the address.

Abstract: What is disclosed is a system and method to secure a network device such as a server. The network device has a memory storing a static credential file. A basic input output system operates a security module that gathers an IP address of the router and an IP address of the network device, via a query to a network manager when power is enabled to the network device. The gathered IP addresses are compared with stored IP addresses in the static credential file. The operating system of the network device is prevented from booting if the IP addresses do not match. In addition, a baseboard management controller is operable to receive an encrypted credential file. The encrypted credential file is decrypted and compared with the static content file. The baseboard management controller shuts down power to the network device if the credential file does not match the static content file.

Abstract: Systems for and methods of securely communicating between a ground station and an aircraft are presented. The communications are among a plurality of nodes, including a ground based node and a plurality of aircraft based nodes. Each node stores at least a respective portion of a blockchain representing interactions among at least some of the nodes. Control nodes may initiate a privileged network action by: broadcasting to the plurality of control nodes a blockchain record representing the privileged network action, receiving from control nodes a plurality of votes representing validation results of the privileged network action, determining that a consensus from the control node votes indicates that the privileged action is permissible, and publishing to respective blockchain portions of each of the plurality of nodes a derivation of the blockchain record representing the privileged action, where the system implements the privileged action based on the determining.

Abstract: Providing a server polling component for remote cryptographic key erasure resilient to network outage. A set of keys received from a server are stored on data storage. The data storage sends a status request to the server. If a key enabled status is received, the data storage continues normal operations. If a key disabled status is received, a key failure action is performed. The key failure action includes deleting one or more of the keys in the set of keys or shutting down one or more storage devices of the data storage. If no response is received from the server, the data storage iteratively resends the status request at retry time intervals until a response is received from the server or until a time out period expires. On expiration of the time out period, the key failure action is performed.

Abstract: A method for securely sharing a common software package includes storing, within a database, a set of software packages associated with a first namespace, then storing, within the database, a common software package associated with the set of software packages. The common software package is obfuscated and includes an access modifier. A request to install a first software package selected from the set of software packages associated with the namespace is received by a subscriber. In response to the request from the subscriber, the system installs the first software package and the common software package in accordance with the access modifier.

Abstract: Systems, methods, and apparatuses enable to enable the insertion and configuration of interface microservices at servers or other types of computing devices in a computing environment in response to changes to security policies affecting one or components of the computing environment. In one embodiment, a security application detects servers in a computing environment and generates profile data for the detected servers. The security application assigns detected servers to security policy groups by applying a set of filters to the generated profile data for each server in an order specified by a set of precedence rules. The security policy groups are each associated with one or more security policies that define security rules and other configurations used to provide security services to servers that are members of the corresponding security policy group.

Abstract: Systems and methods for detecting and interfering with compromised devices and unauthorized device relocation in a communication network are disclosed. The described embodiments may be deployed in a content delivery network where receivers have been compromised in a manner that renders the conditional access system (CAS) inoperative at controlling the receivers' ability to receive content. In some embodiments, alternate commands not protected by the CAS system may be used to detect hacked devices and interdict same. In some embodiments, service devices in the content delivery network may allow for detection of unauthorized device relocation.

Abstract: Systems and methods for detecting and interfering with compromised devices and unauthorized device relocation in a communication network are disclosed. The described embodiments may be deployed in a content delivery network where receivers have been compromised in a manner that renders the conditional access system (CAS) inoperative at controlling the receivers' ability to receive content. In some embodiments, alternate commands not protected by the CAS system may be used to detect hacked devices and interdict same. In some embodiments, service devices in the content delivery network may allow for detection of unauthorized device relocation.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). A method for downloading profiles in a terminal in a wireless communication system include generating and storing an encryption key at a time point, loading the stored encryption key, when receiving profile download start information from a profile providing server, and downloading an encrypted profile for the electronic device from the profile providing server, via the loaded encryption key, and installing the encrypted profile in the electronic device.

Abstract: Certain embodiments of the invention generally relate to lawful interception of communications for IP Multimedia System-based (IMS-based) voice over IP (VoIP). For example, some embodiments relate to interception of communications including interception for encrypted, transcoded media. A method may include identifying a network node that provides call content interception. The method may also include determining a codec type used at a location of the call content interception at the network node. The method may further include sending a matched codec of the codec type used at the location of the call content interception at the network node to a delivery function in the communications network.

Abstract: Data is analyzed using feature hashing to detect malware. A plurality of features in a feature set is hashed. The feature set is generated from a sample. The sample includes at least a portion of a file. Based on the hashing, one or more hashed features are indexed to generate an index vector. Each hashed feature corresponds to an index in the index vector. Using the index vector, a training dataset is generated. Using the training dataset, a machine learning model for identifying at least one file having a malicious code is trained.

Abstract: A system and method for tunneling through a network separation device such as a firewall or a Network Address Translator including a first server receiving an access request from a client device to communicate with a host device, where the host device is behind the network separation device. The first server sending a message to a second server in response to receiving the access request, the message including host data for the host device. The second server is configured to send a notification to the host device, and the notification includes instructions for the host device to initialize a pass-through channel with the first server. The first server receiving a pass-through initialization request from the host device and establishing the pass-through channel for communication between the client device and the host device in response to receiving the pass-through initialization request.