Abstract: A determination apparatus according to a first embodiment collects information regarding communication performed by an IoT device. The determination apparatus extracts patterns used for detecting unauthorized communication performed by the IoT device from information that has been collected. Also, the determination apparatus approximates a change in the cumulative value of the number of patterns to a function that expresses a predetermined curve, thereby calculating the degree of convergence of the change. Also, the determination apparatus determines whether or not the degree of convergence is no less than a predetermined value.

Abstract: Technologies for secure I/O data transfer includes a compute device, which includes a processor to execute a trusted application, an input/output (I/O) device, and an I/O subsystem. The I/O subsystem is configured to establish a secured channel between the I/O subsystem and a trusted application running on the compute device, and receive, in response to an establishment of the secured channel, I/O data from the I/O device via an unsecured channel. The I/O subsystem is further configured to encrypt, in response to a receipt of the I/O data, the I/O data using a security key associated with the trusted application that is to process the I/O data and transmit the encrypted I/O data to the trusted application via the secured channel, wherein the secured channel has a data transfer rate that is higher than a data transfer rate of the unsecured channel between the I/O device and the I/O subsystem.

Abstract: A system and method for identifying unauthorized uploaded content that has been uploaded before a validated live reference stream has been ingested is disclosed herein. The live reference stream is compared against the indexed uploaded content repeatedly as the live reference stream is received. The matching process is done once per a time period until a match meeting a minimum match duration threshold is identified. The match is then determined to be unauthorized, and a claim is issued against the unauthorized uploaded content. The time period can be based on a utility based analysis that factors the computational costs of repeated matching versus the diminishing value of the live reference stream as time progresses.

Abstract: A method and system for matching event sequences for predictive detection of cyber-attacks are discussed. The method comprises receiving a reference event sequence and a query event sequence; converting the reference event sequence to a first step-value list and the query event sequence to a second step-value list; and matching the first and second step-value lists to identify at least one optimal common pattern.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

Abstract: A data attack detection system that includes a record host and an orchestration host. The record host stores account information for card holders. The orchestration host includes a switch interface configured to receive transaction information for a card from a network. The orchestration host further includes a velocity trap engine that stores received transaction information for the card in a cardholder file. The velocity trap engine creates entries in a velocity transaction timestamp record for the card when the number of transactions for the card in the cardholder record within a first predetermined time interval exceeds a first activity level threshold. The velocity trap engine discontinues a transaction flow between the orchestration host and the record host for the card when the number of transactions for the card in the velocity transaction timestamp record within a second predetermined time interval exceeds a second activity level threshold.

Abstract: Techniques for securing containerized applications are disclosed. In some embodiments, a system, process, and/or computer program product for securing containerized applications includes detecting a new application container (e.g., an application pod); deploying a security entity (e.g., a firewall) to the application container; and monitoring all traffic to and from the application container (e.g., all layer-7 ingress, egress, and east-west traffic associated with the application container) using the security entity to enforce a policy.

Abstract: Threat modeling systems include one or more computing device(s) coupled with one or more data store(s), the computing device(s) including a first software application. The data store(s) associate threats with threat model components. One or more mapping files may couple with the data store(s) to correlate the threat model components with visual diagram components of a second software application (“second software diagram components”). A machine learning (ML) algorithm may alternatively or additionally be configured to select, for each second software diagram component, a corresponding threat model component. An import interface initiates reading of a data file generated by the second software application, the data file including a subset of the second software diagram components and defining relationships therebetween.

Abstract: A system includes a virtual machine to transmit an input/output request to a data storage system and a hypervisor configured to maintain a map of the virtual machine to a virtual disk, wherein the virtual disk is a slice of a persistent storage device. A virtual machine server is configured to maintain a map of the virtual disk to a start address and an end address and to update the input/output request with the start address, the end address, and a virtual disk identifier associated with the virtual machine. A processor determines whether the start address and the end address are valid, and if the start address and the end address are valid, then process the input/output request. The response is transmitted to the input/output request.

Abstract: An authentication server may be adapted to (a) authenticate an authentication peer seeking to establish communications via a first network access node; (b) retrieve user profile information associated with the authentication peer; and/or (c) send the user profile information to a network gateway node that facilitates communication services for the authentication peer. A PMIP network node may be adapted to (a) provide wireless network connectivity to an authentication peer via a first network access node; (b) provide a PMIP key to both ends of a PMIP tunnel between the first network access node and a PMIP network node used to provide communications to the authentication peer; (c) provide the PMIP key to a first authenticator associated the first network access node; (d) receive a request at the PMIP network node from a requesting entity to reroute communications for the authentication peer; and/or (e) verify whether the requesting entity knows the PMIP key.

Abstract: An electronic device including a secure Integrated Circuit (IC) is provided. The electronic device includes a secure IC configured as a System-on-Chip (SoC) and configured to provide a general environment and a security environment, wherein the secure IC includes a main processor configured to operate in the general environment, a secure processor configured to operate in the security environment and control security of data using a first security key, and a secure memory configured to be operatively connected to the secure processor and store a second security key corresponding to the first security key. Various other embodiments are possible.

Abstract: An electronic device and a software provisioning server are provided. The electronic device is configured to obey an Anti-Roll Back (ARB) enforcement policy, obtain an ARB exception associated with a software, wherein the ARB exception comprises a signature of the ARB exception and a revision number of the software, check the validity of the signature of the ARB exception, and execute the software having the revision number so as to overrun the ARB enforcement policy if the signature of the ARB exception is valid. The software provisioning server is configured to determine an ARB exception associated with a software for overrunning an ARB enforcement policy in an electronic device, wherein the ARB exception comprises a signature of the ARB exception and a revision number of the software, provide the ARB exception to the electronic device.

Abstract: Various methods and systems are provided for providing on-demand emergency management. On-demand emergency management includes emergency management operations (e.g., certificate update operations or managed-secrets rollover operations) for accelerated deployment and expedited installation of certificates or secrets. In operation, a host secret manager on a host machine communicates with client secret managers on virtual machines running the host machine, to provide expedited installation of secrets on the virtual machines. During the certificate update operations, the host secret manager communicates the certificate update secret package having a new secret state to a client secret manager that installs the new certificate state on the virtual machine.

Abstract: There is disclosed a method for identifying malicious activity of a pre-determined type. The method comprises acquiring, an indication of a plurality of web resources, each of the plurality of web resources being accessible via a communication network at a respective network address; analyzing, the plurality of web resources to identify a subset of web resources being candidates for being associated with the malicious activity; executing, an automated browser application, the automated browser application being configured to: access each of the web resources within the subset of web resources; and analyzing, by the server, a log associated with the automated browser application accessing each of the web resources, the log comprising an indication of a presence of a cookie unrelated to each of the web resources; determining, for a given web resource included within the subset of web resources, a presence of malicious activity based on the log.

Abstract: Computer-implemented methods, apparatuses, and system for processing transactions using a blockchain integrated station are provided. The blockchain integrated station includes a central processing unit (CPU) and a smart network card, wherein the smart network card comprises a processor different from the CPU. The smart network card is configured to receive a transaction of a blockchain network, wherein the blockchain integrated station is a blockchain node of the blockchain network; write the transaction into a cache; in a process that the blockchain integrated station participates in a blockchain consensus of the blockchain network, perform consensus interactions with other blockchain nodes of the blockchain network based on the transaction in the cache; determine, based on a result of the blockchain consensus, a to-be-executed transaction list; and send the to-be-executed transaction list to the CPU.

Abstract: One example method includes accessing stored data, associating a unique identifier with the data, creating a hash by hashing a combination that comprises the unique identifier and the data, transmitting the hash to a notary service, receiving, from the notary service, a digital signature that corresponds to the hash, appending the digital signature to the data, and storing, as an object, a combination that comprises the digital signature, the data, and the unique identifier.

Abstract: The present technology relates to an information processing device, an information processing method, and a program that allow authority to be delegated without bothering the user. Provided are an acquisition unit that acquires information for receiving delegation of an authority that is predetermined, a change unit that changes a level of the authority when a predetermined condition is satisfied, and a processing unit that performs a process using the authority that is predetermined. The acquisition unit acquires first information, an inquiry is made to a server using the first information to acquire second information from the server, and the authority that is predetermined is delegated by acquiring the second information. The present technology can be applied to, for example, an agent device to which the authority to access predetermined information is delegated from a user.

Abstract: To commission an industrial automation control system, IACS, a computing device generates commands to automatically set or verify a security configuration of the IACS. The commands are generated by the computing device based on a machine-readable security baseline, and, optionally, based on a machine-readable configuration file of the IACS.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.