Abstract: Disclosed herein are devices, systems and methods for securely accessing data transferred via multiple isolated networks network, comprising adjusting one or more mapping records comprising network mapping and routing settings for a plurality of isolated networks connecting a plurality of clients to a server to expose one of the plurality of isolated networks to one or more processing engines executed by the server while concealing all other isolated networks from the respective processing engine, activating a lock configured to enable each processing engines to execute a single thread, executing the processing engine(s) to fetch data from the exposed isolated network(s), and releasing the lock. Wherein each processing engine is able to access the isolated network exposed to the respective processing engine while unable to access any of the isolated networks concealed from respective processing engine.

Abstract: A method for prevention of malware infection of a user device. A first request for a first web page is received from the user device. Transmitting, to a website associated with the requested first web page and in response to the first request a second request for the first web page. In response to the second request, receiving a first set of data associated with the first web page. Generating, based on a first set of data in the first domain format, a first set of graphical images representing respective portions of the first set of data in a second domain format. Transmitting, to the user device, the first set of graphical images with correlation data configured to enable a user to interact with the graphical images on the user device in a manner that is substantially the same as though the user device had received the first web page in the first domain format and the first web page had been rendered from the first domain format by a program operating on the user device.

Abstract: Systems are provided for managing access to a log of dataset that is generated when the dataset is accessed. A system stores, with respect to each of a log producer and a log accessor, an encrypted symmetric key for dataset that is encrypted using a corresponding public key. The system returns the encrypted symmetric key for the log producer, such that the log producer can decrypt the dataset that is encrypted using the symmetric key. A log of the dataset is generated when the log producer accesses the dataset.

Abstract: The methods and systems disclosed herein relate generally to temporally prioritizing queries of queue-task partitions based on distributions of flags assigned to bits corresponding to access rights.

Abstract: Disclosed is a method for accessing software applications. The method includes obtaining an application access request, the application access request carrying a user identifier and an application identifier; acquiring an encryption key, and encrypting the user identifier by the encryption key, to obtain an encrypted user identifier, the encryption key carrying first key information and second key information; generating an authorization credential corresponding to the application access request according to the encrypted user identifier and the first key information; transmitting the authorization credential to the application that is to be accessed, the application that is to be accessed generating an authorization request based on the authorization credential; receiving the authorization request returned by the application that is to be accessed; and accessing, when the authorization request satisfies a preset condition, the application that is to be accessed based on the second key information.

Abstract: Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

Abstract: A cross-domain data access service enables data access across two or more computing domains, such as, for example, transient access by a public device to data held in a private cloud. In particular, the cross-domain data access service can identify a data subset from within a secure datastore of a first computing domain. The cross-domain data access service can replicate the data subset within a transient datastore that is segregated from the secured datastore. The cross-domain data access service can implement a data access policy so as to enable a client device from a second domain to access the transient datastore.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: A synthetic data generation apparatus codes a value of each of category attributes contained in original data into a value of a numerical attribute in accordance with a coding rule; generates first synthetic data from the original data after coding using a synthetic data generation method for numerical attributes; if the value of the numerical attribute which is contained in the first synthetic data and corresponds to the value of one of the category attributes exceeds a range of values that can be assumed by the value of that numerical attribute, converts the value of that numerical attribute to a value included in the range of values that can be assumed by the value of that numerical attribute; and decodes the value of the numerical attribute which is contained in the first synthetic data after conversion and corresponds to the value of one of the category attributes to the value of that category attribute in accordance with the coding rule to obtain synthetic data.

Abstract: The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, file fragmenting may be performed in a non-standard method such that file headers and metadata are divided across separate fragments, obfuscating the original file metadata.

Abstract: A control system for a technical installation, in particular a manufacturing facility or process plant, includes at least one first operator station server and one second operator station server and is configured to initiate the issuance and revocation of certificates for components of the technical installation as part of certificate management, and is configured to publish revocation of a previously issued certificate within the control system as a certificate revocation list, where the control system is configured to store the certificate revocation list on the first operator station server and/or on the second operator station server, where the control system is configured to synchronize the first operator station server and the second operator station server with one another such that a certificate revocation list with identical content is stored on both operator station servers.

Abstract: A method of blocking access to files encrypted with a compromised key by mapping keys and ranges of containers encrypted by the keys. Upon notification that a key is compromised, fencing a container range corresponding to data segments encrypted by the compromised key to prevent deduplication operations on the segments. The method makes a point-in-time copy of the filesystem managing the segments, wherein each file of the file system is represented as tree structure having a root level and other levels. The method iteratively inspects in a level-wise manner, each container in each level of the file trees of the files to identify containers having segments encrypted by the compromised key, and marks files corresponding to the identified containers as not readable to block the access to the files encrypted with the compromised key.

Abstract: Described herein are a system and techniques for enabling access control utilizing one or more blockchains associated with a user. A blockchain provider can manage one or more blockchains specifically associated with a an entity, where each blockchain may be associated with a differing sensitivity level. The entity may be a person or a machine such as an IOT (Internet of Things) device. The blockchain provider can manage access control policies associated with each blockchain such that access to the data of the blockchain may be allowed or restricted to requesting entities according to those access control policies.

Abstract: An agent running on an IoT device of a client's network may receive a default password from a provider network and use the received default password to determine whether the password assigned to the IoT device has been changed from the default password to a different one. The agent may retrieve a salt string, a hashing algorithm, and a hashed string from a password database of the IoT device, combine the salt string with the received default password to generate a salted default password, and apply the hashing algorithm to the salted default password to generate a new hashed string. The agent may then compare the new hashed string to the hashed string retrieved from the password database. If they match, then the agent sends an indication to the provider network that the default password is still assigned to the IoT device.

Abstract: A server system for a map-based social media platform maintains user location information to enable the rendering of friend icons on a map at a corresponding display locations. The system maintains a per user access control list (ACL) that lists all users whose icons can be viewed by a requesting user. The ACL can include a designation of respective display granularity levels for different friend users.

Abstract: A method for hierarchical Internet trust sharing includes dividing a network into intra-domain and inter-domain layers based on a management domain; performing authentication on a central certificate through a CA and publishing the central certificate to a blockchain; managing by the central node, a certificate of each communication node based on a real address; collecting by the central node, temporary data reported by each communication node every preset time interval, generating a trust evaluation value of each communication node based on the temporary data and forming a format file from the trust evaluation values; generating by the central node, a file digest from the format file at each preset time interval, and publishing the file digest verified by central nodes in the inter-domain to the blockchain; and automatically deleting by the blockchain, data from the time interval 1 to the time interval (N-T-1) to retain blockchain header information.

Abstract: Systems, devices, and methods for correlating security policies to received packets are provided. In one example, a network device, maintains information regarding multiple security policies within a dual bitmap based search tree including a first bitmap and a second bitmap formatted as information embedded in a node structure. A packet is received by the network. A first field of the packet is compared with a first range, corresponding to a first bit location in the first bitmap in which the first bit location in the first bitmap is associated with at least a first security policy. After determining the first field is within the first range, the network device accesses a second bit location in the second bitmap, corresponding to the first bit location. Based at least in part upon a value in the second bit location, a set of one or more security policies are applied to the packet.

Abstract: A method for identifying adversarial attacks on an image based detection system for automated driving includes providing a reference signal and a potentially manipulated signal. The method also includes calculating a plurality of metrics which quantify differences between the signals in different ways. The method further includes creating a multi-dimensional feature space based on the calculated metrics and classifying the type of attack based on the calculated metrics. The class of the adversarial attack may then be output.

Abstract: A system and method for identifying unauthorized uploaded content that has been uploaded before a validated live reference stream has been ingested is disclosed herein. The live reference stream is compared against the indexed uploaded content repeatedly as the live reference stream is received. The matching process is done once per a time period until a match meeting a minimum match duration threshold is identified. The match is then determined to be unauthorized, and a claim is issued against the unauthorized uploaded content. The time period can be based on a utility based analysis that factors the computational costs of repeated matching versus the diminishing value of the live reference stream as time progresses.

Abstract: A method for extending a blockchain includes, at a space server in a distributed network: storing a plot file. The method also includes accessing a blockchain: during a current slot in the series of slots, accessing a proof-of-space challenge based on a current slot challenge associated with the current slot and a challenge chain signage point; in response to accessing the proof-of-space challenge, retrieving a proof-of-space based on the proof-of-space challenge and the plot file; calculating a quality-based number of iterations based on the quality of the proof-of-space; generating a block comprising the proof-of-space, the challenge chain signage point, and a reward chain signage point; and broadcasting the block to the distributed network.