Abstract: In one embodiment, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.

Abstract: This application relates to a synchronization circuit for synchronizing signals used in a threshold implementation operation process performing in an S-box of an encryption circuit. In one aspect, the synchronization circuit includes an enable signal generator configured to generate an enable signal. The synchronization circuit may also include a synchronization unit included in an encryption circuit and located inside an S-box that performs a threshold implementation operation that calculates by dividing bits of an input signal into bits equal to or greater than the number of bits of the input signal. The synchronization unit may be configured to synchronize signals used in a threshold implementation operation process based on the generated enable signal.

Abstract: Techniques for securing user data in a healthcare data management system are described. A client system receives a request to authenticate a user. The user is associated with applications and roles. The user is authenticated, at the client system, for all applications and all roles. A login token relating to the authenticated user is maintained at the client system. A role is selected for the user, and an authorization token relating to the selected role is maintained at the client system. A session for the user is initiated. This includes generating an encrypted session cookie relating to the user and the session, storing the encrypted session cookie at the client system, and periodically updating a timestamp for the session cookie.

Abstract: Provided are an integrated circuit chip device and related products. The integrated circuit chip device is used for performing a multiplication operation, a convolution operation or a training operation of a neural network. The device has the advantages of small calculation amount and low power consumption.

Abstract: An image forming apparatus capable of maintaining user's convenience in performing transmission while utilizing a transmission setting even when destinations usable for the transmission according to the transmission setting are restricted to a predetermined destination such as an authenticated user's address in order to enhance security. In a case where destinations usable for the transmission according to the transmission setting are restricted to an authenticated user's address and where at least one transmission destination registered in the transmission setting differs from the user's address, the at least one transmission destination registered in the transmission setting is rewritten to the authenticated user's address.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor, a memory, and a network interface; a bucketized reputation modifier table; and instructions encoded within the memory to instruct the processor to: perform a feature-based malware analysis of an object; assign the object a malware reputation according to the feature-based malware analysis; query and receive via the network interface a complementary score for a complementary property of the object; query the bucketized reputation modifier table according to the complementary score to receive a reputation modifier for the object; adjust the object's reputation according to the reputation modifier; and take a security action according to the adjusted reputation.

Abstract: Systems and methods for serving subject access requests (SARs) are disclosed. A network connection is established with a user. An SAR, including at least one piece of personal data corresponding to an entity associated with said user, is received from the user via the network connection. Text data is extracted from a plurality of data objects, the data objects including personal data associated with the user. The text data is then processed to identify instances of names and instances of personal data within the text data. Associations are generated between identified names and identified personal data. A subset of the identified personal data that corresponds to the entity is identified based on the associations. A response to the SAR is provided, based at least in part on the identified personal data corresponding to the entity.

Abstract: Embodiments herein facilitate resisting side channel attacks through various implementations and combinations of implementations. In embodiments, this is accomplished by preventing sensitive data from consecutively following other data through potentially vulnerable resources which otherwise may cause data to leak. Where such vulnerabilities to attacks are known, suspected, or as a proactive precaution, a cleaner can be used to inhibit the sensitive data from passing through the vulnerable areas consecutively and thus inhibit the leakage. Embodiments also envision utilizing certain types of circuits to assist in preventing leakage. By using such circuits one can reduce or even potentially eliminate the requirement for cleaners as mentioned previously.

Abstract: Generally described, one or more aspects of the present application correspond to techniques for creating encrypted block store volumes of data from unencrypted object storage snapshots of the volumes. These encryption techniques use a special pool of servers for performing the encryption. These encryption servers are not accessible to users, and they perform encryption and pass encrypted volumes to other block store servers for user access. The encryption context for the volumes can be persisted on the encryption severs for as long as needed for encryption and not shared with the user-facing servers in order to prevent user access to encryption context.

Abstract: A method and data processing system are provided for determining if a machine learning model has been copied. The machine learning model has a plurality of nodes, the plurality of nodes is organized as a plurality of interconnected layers, and the plurality of interconnected layers includes an input layer and an output layer. The output layer has a predetermined number of output nodes for classifying input samples into a predetermined number of categories, where each output node corresponds to a category. An additional watermarking node is added to the output layer. The model is trained to classify the input data into the predetermined number of categories and into an additional category for the additional node. The additional node may be added to another model to determine if the another model is a copy or clone of the ML model.

Abstract: A fog/edge server machine for authenticating a user in an edge computing model is disclosed using a data spectrum table and spectrum hash values to improve performance, efficiency, and/or security. The edge computing model may include, in some examples, a secure Internet of Things (IoT) and/or mobile-based authentication system. Illustrative embodiments of a spectrum table stored at fog/edge server, a spectrum data array and spectrum hash value generated and stored in memory at the fog/edge sever, and a large, data table stored at an application server are disclosed herein to show continuous/subsequent authentication of the user with attributes/values/inputs collected by one or more edge devices during post-login activities/interactions to re-authenticate/maintain the authentication.

Abstract: Embodiments provide a system and method for reasoning about the optimality of a configuration parameter of a distributed system. During operation, the system obtains a multi-layer graph for a system with a plurality of components, wherein the multi-layer graph comprises a configuration subgraph, a vulnerability subgraph, and a dependency subgraph. The system determines, based on the multi-layer graph, constraint relationships associated with configuration parameters for the components, wherein the constraint relationships include security constraints and functionality constraints. The system computes an unsatisfiable core which comprises a set of mutually incompatible constraints.

Abstract: A method includes training a first machine learning model with a first dataset, to produce a first trained machine learning model to infer cybersecurity-oriented file properties and/or detect cybersecurity threats within a first domain. The first dataset includes labeled files associated with the first domain. The first trained machine learning model includes multiple layers, some of which are trainable. A second trained machine learning model is generated, via a transfer learning process, using (1) at least one trainable layer from the multiple trainable layers of the first trained machine learning model, and (2) a second dataset different from the first dataset. The second dataset includes labeled files associated with a second domain. The first domain has a different syntax, different semantics, and/or a different structure than that of the second domain. The second trained machine learning model (e.g.

Abstract: Methods and systems for performing wireless communication are presented. In one example, a wireless peripheral device comprises a wireless transceiver configured to receive and transmit data over a primary channel, an optical sensor configured to receive data over an out-of-band channel, and one or more processors configured to: receive, via the wireless transceiver and over the primary channel, wireless signals including first key data from a second device; receive, via the optical sensor, optical signals including verification data from the second device; verify the first key data based on the verification data; and responsive to verifying the first key data based on the verification data, generate a digital security key based on the first key data, the digital security key used for following data transmission between the wireless peripheral device and the second device via the wireless transceiver.

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

Abstract: Aspects and features of the present disclosure can provide a trusted, privacy-preserved deduplication process by executing deduplication functions in a trusted execution environment (TEE). In some examples, encrypted, incoming user data blocks are decrypted in the TEE to produce unencrypted user data blocks. An incoming digital fingerprint or each unencrypted user data block is produced. A processing device can compare the incoming digital fingerprint to existing digital fingerprints stored in the TEE to determine a presence of the incoming digital fingerprint and hence the presence of a copy of the data block in the storage platform, and writes the encrypted. Incoming data blocks are written to storage only when necessary. The technique allows public mass storage systems to meet cybersecurity objectives while achieving the storage space efficiency that deduplication provides.

Abstract: Some examples relate generally to computer architecture software for information security and, in some more particular aspects, to machine learning based on changes in snapshot metadata for anomaly and ransomware detection in a file system.

Abstract: A computer implemented method of validating use of a computing resource by a an executing requester software module from a plurality of discrete software modules, the method including validating a characteristic of the requester software module; generating a first transaction defining criteria for consumption of the computing resource by the requester software module, the first transaction being encrypted with a private key from a public key/private key pair and being added as part of a block of transactions to a blockchain data structure; generating a subsequent encrypted transaction corresponding to a request of the requester software module to consume the computing resource, the subsequent transaction referring to the first transaction, wherein the subsequent transaction is validated by a transaction miner computing component from a plurality of miners by authenticating the transaction using the public key and verifying compliance with the criteria defined in each transaction.

Abstract: Example techniques for establishing trusted communication with container-based services are described. In an example, a digital certificate stored in a memory is injected from the memory into a container. The container is external to the memory. The digital certificate is usable to establish a trusted communication between a service deployed in the container and a software program.

Abstract: Web sites are crawled using multiple browser profiles to avoid malicious cloaking. Based on web page content returned from HTTP requests using the multiple browser profiles, web sites returning substantively different content to HTTP requests for different browser profiles are identified. Web sites are further filtered by common cloaking behavior, and redirect scripts are extracted from web page content that performed cloaking. Signatures comprising tokenized versions of the redirect scripts are generated and compared to a database of known cloaking signatures. URLs corresponding to signatures having approximate matches with signatures in the database are flagged for recrawling. Recrawled URLs are verified for malicious cloaking again using HTTP requests from multiple browser profiles.