Abstract: A system for establishing and maintaining a chain of trust can include a root of trust (RoT) executing a root trusted server that pushes authenticated code and data into memory of a given node in a plurality of nodes. The RoT can also record a memory address range of a static portion of the authenticated code and a corresponding static data in the given node and cause the given node to execute the authenticated code in response to the pushing to establish a trusted relationship between the trusted server of the RoT and the given node. The root trusted server also monitors the given node to ensure that the given node executes trusted operations. The authenticated code in the memory of the given node can include a trusted server that pushes authenticated code into memory of another node in the plurality of nodes.

Abstract: The disclosed technologies include methods for generating a calibration model using data that is selected to match the conditions of a particular trial that involves an automated comparison of data samples, such as a comparison-based trial performed by an audio-based recognition, identification, or detection system. The disclosed technologies also include improved methods for selecting candidate data used to build the calibration model. The disclosed technologies further include methods for evaluating the performance of the calibration model and for rejecting a trial when not enough matched candidate data is available to build the calibration model. The disclosed technologies additionally include the use of regularization and automated data generation techniques to further improve the robustness of the calibration model.

Abstract: Embodiments of the present invention provide for a method, system, and apparatus for processing content during scan and/or remediation processing. The method includes receiving a scan request or a remediation request. Content from a datastore referencing one or more controls as well as one or more of a compliance value, remediation value, and an ignore switch corresponding to each control is then loaded. If a scan request is received, the computing environment is scanned to determine all controls in the computing environment and the current setting of each. Thereafter, a subset of controls is determined, where the current setting of each control in the subset is out of compliance, the out of compliance state for each control is not to be ignored, and a remediation value for the corresponding control is listed in the loaded content. Thereafter, information regarding each control is determined, captured, and then stored.

Abstract: A system and method for responding to incidents in an enterprise network is disclosed. The system tracks incidents by creating, in an incident Manager, incident objects for each incident. Each incident object includes details for the incidents, also known as incident characteristics. The system also creates one or more indicators of compromise (IOCs) associated with the incident characteristics for each incident. When processing a new incident or an update to an incident, the system compares IOCs associated with the incident object for the incident being processed to stored IOCs for other incidents to determine if other incidents are related to the incident being processed. In embodiments, the system can then generate tasks for responding to new incidents based on incident characteristics of and IOCs associated with the new incidents, and can regenerate tasks for responding to incidents based on updates to incident characteristics of and IOCs associated with the incidents.

Abstract: The present invention discloses a computer implemented method for developing an anomaly detector which is adapted to detect/predict anomaly in one or more network terminals and optimize the behavior of the network terminals. The said method is adapted to collect and monitor the behavior of the network terminals and compare it with the behavior profile of the network terminals in order to detect the anomaly parameter. The behavior profile is the normal interaction of the software and hardware components of the network terminals. A system for implementation and execution of such anomaly detector is also disclosed.

Abstract: A method for securing data by embedding the data in a data structure and utilizing a sensor device to detect transfer of the data structure. The data is embedded such that the data is only accessible by first executing an executable program. If the executable program determines that the device attempting to access the data (the accessing device) does not have permission to access the data, then the executable program destroys all or a portion of the data. If the data structure is transferred to another device, a sensor device positioned to detect the data structure when transferred will identify the data. If the sensor device determines that the data structure is not permitted to be transferred, then the sensor device destroys all or a portion of the data.

Abstract: Secure memory sharing between enclaves (virtual machines) and virtual input/output adapters includes, in response to a request for an enclave to create a virtual input/output adapter, creating a virtual input/output adapter associated with the enclave, creating a non-sharable micro-enclave, to contain only data, nested within the enclave to use with the virtual input/output adapter, generating a key by a memory encryption engine of an ultravisor for the virtual input/output adapter for use by only the virtual input/output adapter, in response to a request to obtain data from the enclave by the virtual input/output adapter, exchanging the key with the non-sharable micro-enclave, in response to receiving the key, decrypting memory of only the non-sharable micro-enclave associated with the virtual input/output adapter to obtain the data, and sending the data from the non-sharable micro-enclave nested within the enclave to the virtual input/output adapter.

Abstract: In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: A method, computer program product, and system includes a processor(s) obtaining an authorization failure from a target application because an access request was denied based on insufficient permissions of a user. The processor(s) institutes a mock interface with a visual appearance of the target application. The mock interface displays predefined data and the target application displays dynamic data, from the server(s) executing the target application. The processor(s) obtains, via the mock interface, a request to change the permissions of the user to the target application, which includes a selection, by the user, through the mock interface, of one or more individual permissions displayed in the mock interface. The processor(s) automatically generates a customized security policy comprising the selection, where based on applying the customized security policy, repeating the access request results in authorized access to the target application.

Abstract: A method, computer program product, and system includes a processor(s) obtaining an authorization failure from a target application because an access request was denied based on insufficient permissions of a user. The processor(s) institutes a mock interface with a visual appearance of the target application. The mock interface displays predefined data and the target application displays dynamic data, from the server(s) executing the target application. The processor(s) obtains, via the mock interface, a request to change the permissions of the user to the target application, which includes a selection, by the user, through the mock interface, of one or more individual permissions displayed in the mock interface. The processor(s) automatically generates a customized security policy comprising the selection, where based on applying the customized security policy, repeating the access request results in authorized access to the target application.

Abstract: A first correspondence table in a terminal device stores a correspondence between an identifier of a process running on the terminal device and an identifier of a data stream created by the process, a second correspondence table stores a second correspondence between an identifier of an application and an identifier of a process created by the application. The terminal device receives an identifier, sent by a network security device, of a first data stream. The terminal device can find, in the first correspondence table, a first record storing the identifier of the first data stream to obtain an identifier of a process. The terminal device can find in the second correspondence table, a second record storing the identifier of the process in the first record to obtain an identifier of an application from the second record. The identifier of the application is then sent to the network security device.

Abstract: A method and system. An instruction to encrypt plaintext to generate encrypted data from the plaintext is received. The encrypted data is to be stored in a database device in response to a first request received from a client terminal to store the plaintext in the database device. The first request includes the plaintext. Ciphertext is generated by applying both an initialization vector and an encryption key directly to the plaintext. An embedding rule used to generate the encrypted data is selected from a sequence of embedding rules. The encrypted data is stored in the database device, A second request to receive the plaintext data is received from the client terminal. The plaintext is obtained from the encrypted data, by separating the encrypted data into the ciphertext and the initialization vector; and generating the plaintext by decrypting the ciphertext that was separated from the encrypted data.

Abstract: An example operation may include one or more of evaluating a proposed membership conversion submitted by a client application (App) on a client subject to a first membership services provider (MSP1), evaluating the validity of the client according to channel membership rules, placing a transaction certificate in a creator field of a client transaction request, using fabric-attribute-based authentication to authenticate the client that submitted the membership conversion proposal, consulting a membership table to determine access rights of the client, and passing the access rights information to an application membership credential generator compliant with a second membership services provider (MSP2).

Abstract: A content distribution system includes content receivers that provide a plurality of blockchain databases that store transaction records associated with subscriber requests for content, and a computer system that processes those transaction records and enables authorized content receivers to output requested content.

Abstract: One embodiment provides a system that facilitates efficient and transparent encryption of packets between a client computing device and a content producing device. During operation, the system receives, by a content producing device, an interest packet that includes a masked name which corresponds to an original name, wherein the original name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system obtains the original name based on the masked name. The system computes a symmetric key based on the original name and a generated nonce. The system generates a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload encrypted based on the symmetric key, wherein the content object packet is received by a client computing device.

Abstract: A computing device features one or more hardware processors and a memory that is coupled to the one or more processors. The memory comprises software that supports virtualization, including a virtual machine operating in the guest mode and a virtualization layer operating in the host mode. The virtual machine is configured to execute a plurality of processes including a guest agent process. The virtualization layer is configured to protect the guest agent process operating within the virtual machine that provides metadata to the virtualization layer by restricting page permissions for memory pages associated with the guest agent process when the guest agent process is inactive.

Abstract: At an electronic computing device, a first memory footprint is obtained for a protected computer. The protected computer is monitored with the electronic computing device. At the electronic computing device, a second memory footprint is obtained for the protected computer. The first memory footprint is compared with the second memory footprint. When the first memory footprint does not match the second memory footprint, a security alert is initiated for the protected computer.

Abstract: Systems and methods are provided herein for use in identifying and/or detecting electronic message containing malicious content. One exemplary method includes receiving multiple electronic tags. Each of the multiple electronic tags corresponds to an electronic message and a use, and the user caused the electronic tag to be associated with the electronic message based on a perception that the electronic message included malicious content. The exemplary method further includes assigning, for each electronic tag, point(s) to the corresponding user when the corresponding electronic message includes malicious content, totaling, for each user, the point(s) assigned during a predefined interval, and identifying one of the user(s) with a highest total point(s), for the defined interval, as a winner, thereby incentivizing users to associate electronic tags with electronic message perceived to include malicious content.

Abstract: A shippable storage device may be used to execute one or more applications, such as an encryption application, and to securely store client data on a storage node of the shippable storage device. After connecting the shippable storage device to a client network, a stateless compute node of the shippable storage device downloads operating code. After validating the operating code, the stateless compute node executes the operating code. The operating code may include an application, such as an encryption application that receives, encrypts, and stores client data. The application does not access writeable persistent storage other than through an internal network interface to the storage node, according to a networking protocol. The volatile memory of the stateless compute node is cleared upon removal of power to the shippable storage device so that unencrypted data and one or more encryption keys are not persisted within the shippable storage device.