Abstract: An example system includes a memory, one or more processors in communication with the memory, and a container image generator. The container image generator receives a first set of information. The container image generator receives a second set of information, including secure information that requires validation to be accessed. The container image generator generates a first container layer, including a first URL associated with the first set of information. The container image generator generates a second container layer, including a second URL associated with the second set of information. The container image generator stores the first container layer and the second container layer at a storage location.

Abstract: An example computer-implemented method includes presenting, by a hardware control of a computing system, an exception to an untrusted entity when the untrusted entity accesses a secure page stored in a memory of the computing system, the exception preventing the untrusted entity from accessing the secure page. The method further includes, in response to the exception, issuing, by the untrusted entity, an export call routine. The method further includes executing, by a secure interface control of the computing system, the export call routine.

Abstract: A system includes a memory and at least one processor to disable automatic prioritization of at least one data protection operation in a computer network, begin the at least one data protection operation in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, activate automatic prioritization of the at least one data protection operation in the computer network, and instruct backup server tooling software to direct backup data for the at least one data protection operation to move from a first target storage repository to a second target storage repository.

Abstract: A method includes detecting a connection attempt from a device, quarantining the device to prevent the device from substantially interacting with a host system, and determining whether the device requires verification while the device is quarantined. The method also includes, in response to determining that the device requires verification, presenting at least one authorization challenge to a user while the device is quarantined. The at least one authorization challenge requests that the user provide at least one specified response. The method further includes, in response to determining that the device requires verification, determining whether the user correctly provided the at least one specified response while the device is quarantined, granting access to the device in response to determining that the user correctly provided the at least one specified response, and continuing to quarantine the device in response to determining that the user did not correctly provide the at least one specified response.

Abstract: Systems and methods for network security are provided. Various embodiments of the present technology provide an integrated security platform that combines PAM, CASB, identity access management, and multi-factor authentication onto one platform. This integration allows for a frictionless deployment that can be utilized by companies that may not have large teams of system administrators. As such, some embodiments provide a gateway solution and a proxy solution that is easy to deploy. The user equipment (e.g., computer, phone, point of sale terminal, etc.) can be used as a gateway. An agent can be included on each endpoint that combines gateway functionality of PAM and web rewrite and proxy functionality of a CASB deployment into an endpoint solution.

Abstract: In one embodiment, the invention is directed to a method of reading a marking, comprising a stimulation step, wherein a physical challenge according to a predetermined challenge-response authentication scheme corresponding to the PUF is created and applied to a PUF; a detection step, wherein a response generated by the PUF in accordance with the challenge-response authentication scheme in reaction to the challenge is detected and a digital signal representing the response is generated; a processing step, wherein the digital signal is processed in order to generate a hash value of the response by application of a predetermined cryptographic hash function to the digital signal; and an output step, wherein data representing the generated hash value as a first reading result is output.

Abstract: We present new designs to choose the parameter sets for more efficient HFEv-based signature schemes. The key method is to reduce the degree of the central HFEv-polynomial while, at the same time, increasing the number of Vinegar variables and Minus equations. The new design speeds up the signature generation process by two orders of magnitude (hundreds of times) compared to QUARTZ. We present also new methods to use multivariate signature schemes to build a white box encryption scheme. This technique is applicable to all existing multivariate signature designs including the HFEV-design and the improvements.

Abstract: A method of managing tokens is provided. The method includes receiving, by a token management system from a user device, a request from a user to register a token with the token management system. The token is associated with the user and is stored by an entity computing system associated with a first entity of a plurality of entities. Each of the plurality of entities is associated with an entity computing system that stores at least one token of a plurality of tokens that are each registered with the token management system and each associated with the user. The method further includes modifying, by the token management system, the token stored by the entity computing system associated with the first entity based on a token command from the user. The modification includes associating the token with a different entity of the plurality of entities relative to the first entity.

Abstract: A system is provided for training a machine learning model to detect malicious container files. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one processor provides operations including: processing a container file with a trained machine learning model, wherein the trained machine learning is trained to determine a classification for the container file indicative of whether the container file includes at least one file rendering the container file malicious; and providing, as an output by the trained machine learning model, an indication of whether the container file includes the at least one file rendering the container file malicious. Related methods and articles of manufacture, including computer program products, are also disclosed.

Abstract: A management system manages a plurality of information handling systems by creating custom policies for each information handling system based on information gathered from or about each information handling system indicating, e.g., the user's intent, use, request for usage, security posture, productivity needs, and/or behavior. The management system creates custom policies to avoid unnecessarily impacting a user's productivity.

Abstract: Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.

Abstract: The present disclosure includes apparatuses, methods, and systems for run-time code execution validation. An embodiment includes a memory, and circuitry configured to monitor run-time executable code stored in a secure array of the memory device and receive an indication that a portion of the run-time executable code executed, wherein the indication includes a received Message Authentication Code (MAC) and take an action in response to the indication that the portion of the run-time executable code failed to execute.

Abstract: Proposed is a data security maintenance method for data analysis application, including a data selection step of selecting data to be analyzed from a linked database management system (DBMS), a data request step of requesting the data to be analyzed, a data transformation step of transforming the data to be analyzed using a predetermined transformation method, a data analysis step of analyzing the transformed data to be analyzed, an error comparison step of comparing analysis errors for each transformation method, a tradeoff step of determining the extent of analysis accuracy and the extent of data security, and a data provision step of providing the result of analysis of the data to be analyzed.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying copyrighted material based on embedded copyright information. One of the methods includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with the textual content, wherein the text and the copyright information are recorded on a blockchain of a blockchain network; adding, by the computing device, one or more function words to the textual content without altering a meaning of the textual content; and embedding, by the computing device, the unique ID in the function words to produce an information-embedded textual content that enables retrieval of the copyright information from the blockchain based on the unique ID.

Abstract: An apparatus, method and computer program product for repairing security vulnerabilities of an application running on a mobile device. The method comprises: monitoring, by a hardware processor running a mobile device application, an application program interface (API) request associated with a data access operation, the data access operation associated with a security vulnerability. The method determines one or more private values provided by the data access operation and tracks, for each determined private value, a use of the private value by the mobile device application. Further, the method determines from the tracked usage, whether a private value has been transformed in a manner associated with the security vulnerability. For each private value that has been transformed, using the processor to modify the private value deemed a security vulnerability prior to an access by the mobile device application.

Abstract: An example first device disclosed herein is to obtain, from a library of the first device, a pre-master secret value and a master secret value associated with a session key for a communication session between the first device and a second device, the library instrumented to log the pre-master and master secret values during handshaking, the session key based on the pre-master secret value, the master secret value and data strings exchanged during the handshaking. The disclosed example first device is also to capture a packet level trace corresponding to the communication session, the packet level trace including the data strings and encrypted data. The disclosed example first device is further to determine the session key based on the pre-master secret value, the master secret value and the data strings without use of a proxy, and decrypt the encrypted data with the session key to obtain decrypted data.

Abstract: With the success of programming models such as OpenCL and CUDA, heterogeneous computing platforms are becoming mainstream. However, these heterogeneous systems are low-level, not composable, and their behavior is often implementation defined even for standardized programming models. In contrast, the method and system embodiments for the heterogeneous parallel primitives (HPP) programming model disclosed herein provide a flexible and composable programming platform that guarantees behavior even in the case of developing high-performance code.

Abstract: Systems, methods, and computer-readable media for gathering network intrusion counter-intelligence. A system can maintain a decoy network environment at one or more machines. The system can identify a malicious user accessing network services through the network environment. Further, the system can receive network service access requests from the user at one or more machines in the network environment and subsequently direct the network service access requests from the malicious user to the decoy network environment based on an identification of the malicious user. The network services access requests can be satisfied with network service access responses generated in the decoy network environment. Subsequently, the system can maintain malicious user analytics based on the network service access requests of the malicious user that are directed to the decoy network environment.

Abstract: Methods, systems, and devices for transparent data encryption are described. A transparent proxy may enforce a specific encryption policy for a data transmission from a source host to a target host, where the transparent proxy determines if the data transmission is encrypted according to a specific encryption policy prior to forwarding the data transmission to the target host. As such, if the data transmission is not encrypted according to the specific encryption policy, the transparent proxy may encrypt the data transmission and then forward it to the target host. Alternatively, if the transparent proxy determines that the data transmission is encrypted according to the specific encryption policy, then the transparent proxy may refrain from further encrypting the data transmission and forward the data transmission to the target host without the additional encryption.

Abstract: A method and system for classification of cyber-threats is provided. The method includes receiving a request for classifying a cyber-threat detected by a cyber-security system, wherein the request includes initial information about the detected cyber-threat; enriching the initial information about the detected cyber-threat to provide textual information about at least one perceived threat related to the detected cyber-threat; and classifying each of the at least one perceived threat into a security service, wherein the classification is performed based on the respective textual information.