Abstract: Systems, methods, and software can be used to detect security risks in binary software code. In some aspects, a computer-implemented method comprises: receiving, at an electronic device, a set of binary software code to be loaded onto the electronic device; disassembling, by the electronic device, the set of binary software code into a set of assembly code; determining, by the electronic device, a number of occurrences of an assembly instruction in the set of assembly code; and determining, by the electronic device, whether the set of binary software code has a security risk based on the number of occurrences of the assembly instruction.

Abstract: Systems, methods, and software can be used to analyze binary software codes. In some aspects, a computer-implemented method comprises: scanning, by at least one hardware processor, a binary software code to identify one or more text strings; associating, by the at least one hardware processor, the binary software code with a software platform based on the identified one or more text strings; disassembling, by the at least one hardware processor, the binary software code based on the software platform associated with the binary software code; and detecting, by the at least one hardware processor, a security risk in the disassembled binary software code.

Abstract: Systems, methods, and software can be used to analyze security risks of a set of binary software code based on its functional context. In some aspects, a computer-implemented method comprises: receiving, by a server, a set of binary software code; determining, by the server, a functional context of the set of binary software code; determining, by the server, a security risk assessment of the set of binary software code; retrieving, by the server, a plurality of security risk assessment of other software codes having a same functional context as the functional context of the set of binary software code; comparing, by the server, the security risk assessment of the set of binary software code and the plurality of security risk assessments of other software codes having the same functional context; and generating, by the server, a security notification indicating a result of the comparing.

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include processing a binary file to determine a security risk associated with the binary file. Processing the binary file includes determining a characteristic from metadata of the binary file. The security risk associated with the binary file is based at least in part on the characteristic of the binary file.

Abstract: A method for evaluating contextual risk profiles at a computing device (110, 212, 312) in a vehicle (310), the method including obtaining information about a proximate vehicle (320, 330); utilizing the information to create a risk profile for the proximate vehicle (320, 330); and based on the risk profile, initiating an action at computing device (110, 212, 312).

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include filtering dependency code from a binary file to separate the dependency code from custom code in the binary file. The instructions further include evaluating the custom code in the binary file for a security risk.

Abstract: A method for evaluating contextual risk profiles at a computing device in a vehicle, the method including obtaining information about a proximate vehicle; utilizing the information to create a risk profile for the proximate vehicle; and based on the risk profile, initiating an action at computing device.

Abstract: A verification server comprising a memory and a processor programmed to execute instructions stored in the memory. The instructions include receiving a link registration request including a third-party link to a third-party server, validating the third-party server as a result of receiving the link registration request, generating a unique code as a result of validating the third-party server, and generating a custom link that includes the unique code.

Abstract: Systems, methods, and software can be used to configure a firewall system in a vehicle network. In some aspects, a computer-implemented method includes receiving a software code of a network node connected to a trusted network of a vehicle network that includes the trusted network internal to a vehicle and an untrusted network external to the vehicle, wherein the trusted network includes one or more functional domains for controlling functionalities of the vehicle; performing an analysis of the software code to identify connectivity of the network nodes in the vehicle network; determining connectivity information of the network nodes in the vehicle network based on the analysis, wherein the connectivity information includes at least one of Network Layer connectivity information, Transport Layer connectivity information, or Application Layer connectivity information; and configuring one or more firewalls in the vehicle network based on the connectivity information.

Abstract: Systems, methods, and software can be used to provide secure sensor data. In some aspects, a computer-implemented method includes: receiving, at a sensor security evaluation application executing on a device, sensor data from a sensor on the device; determining, by the sensor security evaluation application, a security confidence score associated with the sensor data; and transmitting, from the sensor security evaluation application, the security confidence score and the sensor data to a smart machine processor on the device.

Abstract: Methods and systems for detecting hidden sectors in a hard drive. The method may include initiating a linear copy of the hard drive and, while the hard drive is being copied, capturing images of a platter and an actuator arm within the hard drive using an imaging device. The captured images are output and they indicate a range of movement of the actuator arm across the platter during the linear copy. Ranges of movement that fail to scan across the full expected size of the platter may be indicative of a modified partition record that maliciously hides a portion of the hard drive from the copy operation.

Abstract: An autonomous or semi-autonomous vehicle may improve the overall safety of other vehicles by determining an action of a proximate vehicle based on sensor data and determining one or more expected visual cues associated with the determined action. One or more images of the proximate vehicle may then be used to detect a difference between expected visual cues and the captured images. Detected differences may be used to notify one or more entities that can then take corrective actions.

Abstract: Systems, methods, and software can be used to detect stack cookie utilization in a binary software component using binary static analysis. In some aspects, one computer-implemented method includes identifying a function defined in the binary software component, the function including one or more instructions; performing a binary static analysis of the function to determine whether the function utilizes stack cookie protection based on the one or more instructions including one or more stack cookie handling instructions; and in response to determining that the function utilizes stack cookie protection, updating a security report for the binary software component to indicate that the function utilizes stack cookie protection.

Abstract: A computer includes a memory and a processor programmed to execute instructions stored in the memory. The instructions include identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function.

Abstract: Systems, methods, and software can be used to identify functions prone to logic errors in software components using binary static analysis. In some aspects, one computer-implemented method includes identifying a function defined within a binary software component; determining one or more complexity characteristics of the function based on included instructions; determining, based on the complexity characteristics, whether the function is likely to produce errors when the instructions included in the function are executed by a processor; and in response to determining that the function is likely to contain errors, generating an indication that the function requires further review.

Abstract: Systems, methods, and software can be used to detect remote application profiling. In some aspects, one computer-implemented method includes receiving, over a network, a request from a network client directed to a particular application executed by an application server; determining whether the received request deviates from a communications profile associated with the particular application; in response to determining that the received request deviates from the communications profile, identifying the network client as an attacker; and in response to identifying the network client as an attacker, performing a defensive response with respect to the network client.

Abstract: Systems, methods, and software can be used to generating security manifests for software components using binary static analysis. In some aspects, one computer-implemented method includes performing a binary static analysis of a binary software component to determine one or more security characteristics of the binary software component; generating a security manifest for the binary software component including the determined one or more security characteristics of the binary software component; and providing the security manifest to a software management system configured to determine whether to deploy the binary software component based on the security manifest.