Abstract: A computer system de-identifies data by selecting one or more attributes of a dataset and determining a set of data de-identification techniques associated with each attribute. Each de-identification technique is evaluated with respect to an impact on data privacy and an impact on data utility based on a series of metrics, and a data de-identification technique is recommended for each attribute based on the evaluation. The dataset is de-identified by applying the de-identification technique that is recommended for each attribute. Embodiments of the present invention further include a method and program product for de-identifying data in substantially the same manner described above.

Abstract: Methods and systems are described in the present disclosure for training a model for detecting malicious objects on a computer system. In an exemplary aspect, a method includes: selecting files from a database used for training a detection model, the selection is performed based on learning rules, performing an analysis on the files by classifying them in a hierarchy of maliciousness, forming behavior patterns based on execution of the files and parameters of the execution, training the detection model according to the analysis of the files and the behavior patterns, verifying the trained detection model using a test selection of files to test determinations of harmfulness of the test selection of files, and when the verification fails, retraining the detection model using a different set of files from the database, otherwise applying the detection model to a new set of files to determine maliciousness.

Abstract: A computer system de-identifies data by selecting one or more attributes of a dataset and determining a set of data de-identification techniques associated with each attribute. Each de-identification technique is evaluated with respect to an impact on data privacy and an impact on data utility based on a series of metrics, and a data de-identification technique is recommended for each attribute based on the evaluation. The dataset is de-identified by applying the de-identification technique that is recommended for each attribute. Embodiments of the present invention further include a method and program product for de-identifying data in substantially the same manner described above.

Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

Abstract: A security assessment service for implementing security assessments based on security credentials utilized to access network-based services. The system implements security assessments associated with various actions attributed to different types of techniques that can be utilized for compromised security information. The processing result of the security assessment can be utilized to determine the result of the techniques associated with the security assessment, the performance of security monitoring services, and an anticipated result on a virtual network.

Abstract: In some embodiments, a plurality of real-time monitoring node signal inputs receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system. A threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs, may receive the streams of monitoring node signal values and, for each stream of monitoring node signal values, generate a current monitoring node feature vector. The threat detection computer platform may then compare each generated current monitoring node feature vector with a corresponding decision boundary for that monitoring node, the decision boundary separating a normal state from an abnormal state for that monitoring node, and localize an origin of a threat to a particular monitoring node. The threat detection computer platform may then automatically transmit a threat alert signal based on results of said comparisons along with an indication of the particular monitoring node.

Abstract: A key generation device includes a generation circuit, a concealment processing unit, and a cryptography processing unit. The generation circuit generates a value dependent on hardware. When acquiring a concealed cryptographic key, the concealment processing unit generates first data by performing a mask process to the concealed cryptographic key by using the value generated by the generation circuit, generates second data by decoding the first data by a first error correction decoding method, and generates a cryptographic key by decoding the second data by a second error correction decoding method. When acquiring the concealed cryptographic key and a plain text or an encrypted text, the cryptography processing unit acquires the cryptographic key corresponding to the concealed cryptographic key from the concealment processing unit, and encrypts the plain text or decrypts the encrypted text by using the cryptographic key.

Abstract: A threat management facility generates a simulated phishing threat based on one or more characteristics of a network user. Based on whether the user fails to respond appropriately to the simulated phishing threat, the threat management facility may implement one or more prophylactic measures to remediate the security weakness exposed by the user's failure to respond appropriately to the simulated phishing threat. For example, a security policy for an endpoint associated with the user may be adjusted to address the security weakness. Additionally, or alternatively, the user may be enrolled in training directed at reducing the likelihood that the user will be the victim of an actual phishing attack in the future.

Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution across scope boundaries. A cross-scope secrets management service (“SMS”) can be utilized to store, renew and distribute secrets across boundaries in a distributed computing environment such as regional boundaries. In some embodiments, locally scoped secrets management services subscribe to receive updates from the cross-scope secrets management service. As secrets are renewed, they are automatically propagated to a subscribing local scope and distributed by the local secrets management service. In various embodiments, SMS can autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored.

Abstract: Discloses are systems, methods and computer readable mediums for automated verifications of potential vulnerabilities of one or more sites or code utilizing one or more neural networks. The systems, methods and computer readable mediums can transmit one or more scan operations to one or more sites, receive one or more responses to the one or more scan operations, tokenize the one or more responses, transmit to one or more neural networks the one or more tokenized responses, receive from the one or more neural networks verification of the one or more tokenized responses, and determine one or more confidences of the one or more verified responses.

Abstract: A method for managing a secure element embedded in an equipment comprising an NFC controller. The secure element comprises a security indicator. The method comprises the steps of: on receipt of a triggering command sent by the NFC controller, the secure element switches in a test context; on receipt of a restore command sent by an application, the secure element sets the security indicator, such as a counter of unusual events, to a predefined value only if the secure element is in test context; and on receipt of an ending command sent by the NFC controller, the secure element switches in a Live context. The secure element keeps a track of the switch in the test context and denies any further triggering commands. The method enables reset of security indicator after manufacturing and test where the security indicator may have been affected.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing data element stored in a blockchain network. One of the methods includes receiving a request from a client computing device to store a data element into the blockchain network by a blockchain data element processing server. The blockchain data element processing server determines whether the client computing device is authorized to store the data element into the blockchain network and whether the data element is a sensitive data element. If the client computing device is authorized to store the data element into the blockchain network and the data element is not a sensitive data element, the blockchain data element processing server stores the data element that is encrypted using an encryption algorithm into the blockchain network.

Abstract: Systems and methods for controlling access to one or more computing resources relate to generating session credentials that can be used to access the one or more computing resources. Access to the computing resources may be governed by a set of policies and requests for access made using the session credentials may be fulfilled depending on whether they are allowed by the set of policies. The session credentials themselves may include metadata that may be used in determining whether to fulfill requests to access the one or more computing resources. The metadata may include permissions for a user of the session credential, claims related to one or more users, and other information.

Abstract: A technology is described for a virtual secure region. An example method may include receiving a request for data stored in a secure computing service environment executing on computing resources used to provide a public computing service environment, where the secure computing service environment may be separated from the public computing environment using encryption. In response to the request, a secure region account that corresponds to a public region account may be identified using a translation table that maps the secure region account to the public region account. A storage location for the data may be identified within the secure computing service environment specified by the secure region account, and the data may be obtained from the storage location within the secure computing service environment. The data may then be transferred to the public computing service environment.

Abstract: The technology disclosed simulates and analyzes spread of malware through an organization as a result of sharing files using cloud-based services. This analysis is based on actual user and file sharing characteristics collected on a user-by-user and file-by-file basis. The technology disclosed traces connections among the users by traversing a directed graph constructed from the user-by-user data and the file-by-file data. It then simulates the spread of malware, from an entry point user zero through the organization, via the cloud-based services, using the directed graph to simulate user exposure to, infection by, and transmission of the malware within the organization. It then produces a visualization of the spread from the entry point user zero, to users within a user partition to which the user zero belongs, at varying transmission distances from the user zero.

Abstract: One or more techniques and/or systems are provided for audio verification. An audio signal, comprising a code for user verification, may be identified. A second audio signal is created comprising speech. The audio signal and the second audio signal may be altered to comprise a same or similar volume, pitch, amplitude, and/or speech rate. The audio signal and the second audio signal may be combined to generate a verification audio signal. The verification audio signal may be presented to a user for the user verification. Verification may be performed to determine whether the user has access to content or a service based upon user input, obtained in response to the user verification audio signal, matching the code within the user verification audio signal. In an example, the user verification may comprise verifying that the user is human.

Abstract: In certain embodiments, a web services system receives a request to provision a device, such as a telephone, as an authentication device. The web services system initiates display of an image communicating a key to allow the telephone to capture the image and to send key information associated with the key. The web services system receives the key and determines that the key information is valid. In response to the determination, the web services system sends a seed to the telephone to provision the telephone to be an authentication device. The telephone can use the seed to generate one-time passcodes to access a service of the web services system.

Abstract: A set of resource requests that each includes authorization-supporting data for receiving a requested resource can be received. For each request, augmenting data associated with part of the data is retrieved, and it is determined whether access is authorized based on the augmenting data and the authorization-supporting data. A machine-learning model is trained using representations of the set of resource requests and the authorization determinations. Additional requests are processed by the trained model to generate corresponding authorization outputs. One or more identifiers to flag for inhibition of resource access are determined based on the authorization outputs. Upon detecting that a new resource request to access a particular resource includes an identifier of the one or more identifiers, a new authorization output is generated to inhibit access to the particular resource.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing data element stored in a blockchain network. One of the methods includes receiving a request from a client computing device to store a data element into the blockchain network by a blockchain data element processing server. The blockchain data element processing server determines whether the client computing device is authorized to store the data element into the blockchain network and whether the data element is a sensitive data element. If the client computing device is authorized to store the data element into the blockchain network and the data element is not a sensitive data element, the blockchain data element processing server stores the data element that is encrypted using an encryption algorithm into the blockchain network.

Abstract: A method, system, and apparatus are provided for preventing glitch attacks by using a glitch processing hardware unit (1) to deactivate a glitch filter connected between the monitored line and a reset processing unit in response to detecting a voltage glitch on a monitored line during a specified security system sequence and (2) to automatically drive a requested reaction in response to the voltage glitch by driving one of a plurality of configurable reactions comprising a device reset reaction and a process restart request, thereby preventing the voltage glitch from maliciously influencing the specified security system sequence.