Abstract: According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically determine whether one or more objects included in received network traffic contains a heap spray attack. Upon detection of a potential heap spray attack, the dynamic analysis engine may copy potential shellcode within an object included in the received network traffic, insert the copy of the potential shellcode into a second region of allocated memory and analyze the execution of the potential shellcode to determine whether characteristics associated with an exploit are present.

Abstract: The present disclosure includes: searching a code clone corresponding to a used source code from any analysis target source code; detecting a security sink and sensitive data of the security sink on the basis of patch information in the searched code clone; acquiring a source code which is from the user input point the a security sink by backwardly tracing the sensitive data detected in the analysis target source code; and verifying whether the searched code clone is a vulnerability in the analysis target source code by performing a concolic testing on the basis of a path from the input point to the security sink.

Abstract: Data may be encrypted using a public key. From a plurality of functions executable on the data, one or more functions may be selected. The selected one or more functions may be associated with the encrypted data. The selected one or more functions may provide exclusive access to the data. A data structure specifying conditions for access to the one or more functions may be created. An exclusive interface to provide access to the one or more functions may be created. The interface, upon determining that one or more conditions from the conditions are satisfied, may grant access to the one or more functions. The encrypted data, the associated one or more functions, the data structure, and the interface may be included into an object.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for receiving an encrypted version of an obfuscated stack trace representing an error generated by error handling code of obfuscated code executed by a user device, the obfuscated stack trace having obfuscated code element names corresponding to deobfuscated code element names in a deobfuscated version of the code; decrypting the encrypted stack trace to generate an obfuscated stack trace; receiving an encrypted obfuscation log that maps obfuscated code element names of the obfuscated code executed by the user device to deobfuscated code element names in the deobfuscated version of the code; decrypting the encrypted obfuscation log to generate a decrypted obfuscation log; and generating a deobfuscated stack trace using the decrypted obfuscation log, the deobfuscated stack trace having deobfuscated code element names.

Abstract: A method for providing secure connection between vehicles. A unique pair of digitally signed public key and private key is provided to each vehicle, along with additional vehicle-related data. A certificate number is generated for each vehicle and the public key, the certificate number and the attributes of the vehicle is signed by a trusted certificate generating authority. Before communicating with a second vehicle, the first vehicle sends its unique certificate to a second vehicle; the second vehicle verifies the authenticity of received unique certificate number and visible attributes by a camera. If the attributes are verified successfully, the second vehicle sends its unique certificate number to the first vehicle, along with a secret key, which is valid for the current session only. Then the first vehicle verifies the authenticity of received certificate of the second vehicle and attributes by a camera that captures visible attributes of the second vehicle.

Abstract: Techniques for multi-protocol peer-to-peer connection are described. An apparatus may comprise a discovery component to discover a remote device using a first protocol, and receive discovery information from the remote device, the discovery information including protocol information. The apparatus may comprise an authentication component to authenticate the remote device. The apparatus may comprise a connection component to establish a peer-to-peer connection with the remote device using a second protocol based on the protocol information. Other embodiments are described and claimed.

Abstract: A user terminal stores security information for each of a plurality of files during a backup of the files. The user terminal also stores information regarding the configuration settings of one or more terminals from which a user may access the plurality of files. During a restore of the files to a remote user terminal, the user terminal at which the restore command was issued utilizes the saved security information to emulate the remote terminal as a virtual endpoint for the files. The user terminal determines whether the user is authorized to access the files within the virtual endpoint based on the saved security information, and restores the files to the remote terminal if the user is authorized for access to the files within the virtual endpoint.

Abstract: A system to provide an always-on embedded anti-theft protection for a platform is described. The system comprises in one embodiment, a storage including encryption to protect data, a risk behavior logic to detect a potential problem when the data is not encrypted, a core logic component to provide logic to analyze the potential problem and to trigger a security action logic to perform the security action, when the potential problem indicates a theft suspicion, and the security action logic, to cause the platform to attempt a transition to a reduced power state when triggered by the core logic component, the transition causing the data to be encrypted.

Abstract: Embodiments herein relate to accessing secure information over a network. The secure information is read and/or modified based on a request received over the network, regardless of an operating state of an operating system (OS) of the device and/or a power state of the device.

Abstract: In a CN access network with a virtual node for at least one third party, the virtual node being used for bearing and operating the function defined by the third party, the UE accesses from a fixed access network; and the access network provides the UE with the communication connection between the UE and the virtual node of the third network/service operator. According to the embodiment the access network accommodates the virtual node to operate the function related to the third party, and improves the function topology architecture of the network, to provide users with better user experience quality.

Abstract: Methods, articles of manufacture and apparatus are disclosed to facilitate single sign-on services. An example method includes monitoring web session activity for an indication of entry of first credentials, identifying an SSO framework associated with the device in response to detecting a context event indicative of web session termination, querying the SSO framework for second credentials associated with the web session, and configuring SSO services on the device when the second credentials are absent from the SSO framework.

Abstract: A critical data transmission architecture in avionics systems is disclosed. The system includes a module of production, a module of consumption, and at least one physical pathway linking the module of production to the module of consumption. The module of production is configured to transmit each critical datum by at least two data, one of a first independent type and one of a second independent type that cannot interfere with one another. Each datum of the first type or the second type is transmitted in the form of a data transmission unit including a portion of an application message and a message. The additional message of each transmission unit includes a verification sequence and each datum of the first type and the second type is transmitted by the same physical pathway and is generated by different module of generation.

Abstract: A technique detects mobile device emulation. The technique involves identifying, by processing circuitry, a user apparatus for mobile device emulation detection. The technique further involves collecting, by the processing circuitry, motion sensor data from the identified user apparatus (e.g., samples of accelerometer attributes, gyroscopic attributes, gravity attributes, etc. over multiple time periods). The technique further involves performing, by the processing circuitry, a motion sensor data analysis operation based on the collected motion sensor data. A result of the motion sensor data analysis operation indicates whether the identified user apparatus is a physical mobile device or an emulated mobile device.

Abstract: Internet-wide identity management is described, including providing a user interface associated with a service provider; receiving, by an identity provider, a request to login a user associated with the service provider, the service provider being different from the identity provider; providing, by the identity provider to the service provider, a login status indicating that the user is authenticated, wherein, based on the login status, the user is authorized by the service provider to access a service provided by the service provider; and providing a widget associated with the login status, the widget being configured to present one or more settings associated with the user, including a first setting and a second setting, wherein the first setting is used by the service provider and the second setting is used by another service provider and not used by the service provider, and the another service provider is different from the identity provider.

Abstract: Provided are a method and system for repairing a file at user terminal. The method comprises: scanning a file at user terminal, determining whether the file is abnormal, and acquiring file characteristics information; if the file is abnormal, then according to the file characteristics information, acquiring from a cloud server a secure file corresponding to the abnormal file and uploaded before abnormity occurring, wherein the secure file in the cloud server is acquired by directly uploading file of user terminal; and replacing the corresponding abnormal file of the user terminal with the secure file.

Abstract: A method includes generating a first sequence of data words for sending over an interface. A second sequence of signatures is computed and interleaved into the first sequence, so as to produce an interleaved sequence in which each given signature cumulatively signs the data words that are signed by a previous signature in the interleaved sequence and the data words located between the previous signature and the given signature. The interleaved sequence is transmitted over the interface.

Abstract: Methods for managing an address on a switching device, managing an address on a network switch, and screening addresses in a cloud computing environment are provided. One embodiment is directed towards a computer-implemented method for managing an address on a switching device that is communicatively coupled to a plurality of virtual machines. The method includes accessing an address pool that includes an assigned address for each virtual machine from the plurality of virtual machines. The method includes determining, on the switching device, a used address for the virtual machine from the plurality of virtual machines. The method includes determining whether the used address is matching the assigned address for each virtual machine. The method also includes routing traffic from the virtual machine to a hypervisor in response to the used address matching the assigned address.

Abstract: A computer-implemented method for enabling biometric authentication options may include (1) identifying a device that includes a biometric authentication option that provides access to a protected feature of the device and that is based on a biometric trait and an initial authentication option that provides access to the protected feature and that is not based on the biometric trait, (2) detecting an authentication action that is performed by a user on the device that provides access to the protected feature via the initial authentication option, (3) capturing biometric data describing the biometric trait of the user in connection with the user performing the authentication action on the device, and (4) using the biometric data as training data for the biometric authentication option to enable the user to access the protected feature of the device via the biometric authentication option. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system comprising a platform protected by an always-on always-available security system is described. In one embodiment, the system includes a risk behavior logic to detect a potential problem, a core logic component to provide logic to analyze the potential problem and to move the platform to a suspecting mode when the potential problem indicates a theft suspicion, and the security action logic, to send periodic alerts to a security server when the platform is in the suspecting mode, the alert including movement related data, such that the security server can take an action to protect the platform.

Abstract: Each node of a metric tree comprises a similarity hash of a member of a dataset of known message threats, calculated using a given similarity hashing algorithm. The nodes are organized into the tree, positioned such that the differences between the similarity hashes are represented as distances between the nodes. Messages are received and tested to determine whether they are malicious. When a message is received, a similarity hash of the message is calculated using the same similarity hashing algorithm that is used to calculate the hashes of the members of the dataset. The tree is searched for a hash of a known message threat that is within a threshold of distance to the hash of the received message. Searching the tree can take the form of traversal from the root node, to determine whether the tree contains a node within the similarity threshold.