Abstract: There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

Abstract: Examples associated with digital composition hashing are described. One example method includes receiving a digital composition file from a user. The digital composition file may include a top-level design and a hierarchy of sub-level designs. A hashed structure may be generated from the digital composition file, where a node in the hashed structure for the first sub-level design is generated based on hashes of sub-level designs below the first sub-level design in the hierarchy. The hashed structure and a hash of the digital composition file are stored in association with the user.

Abstract: An apparatus includes a first processing resource to execute a program code, and a second processing resource separate from the first processing resource. The program code includes an embedded execution unit. The execution unit, during execution of the program code, calculates a first security value for a part of the program code. The second processing resource runs a validation program. The validation program receives the first security value, checks the first security value against a second security value calculated from a corresponding part of a reference copy of the program code to obtain a check result, returns the check result to the execution unit. The execution unit performs a security-related action in response to a check result indicating a mismatch between the first security value and the second security value.

Abstract: In an example, a machine-readable medium includes instructions that, when executed by a processor, cause the processor to order, as part of an execution of a trusted process, a plurality of processes into a sequence comprising a first process, at least one intermediate process, and a last process. The machine-readable medium may further comprise instruction to cause the processor to generate, as part of an execution of the first process, a value based on a code portion of the process following the first process in the sequence, and to generate, as part of an execution of each intermediate process, a respective value based on the value generated by the process preceding the intermediate process in the sequence and based on a code portion associated with the process following the intermediate process in the sequence.

Abstract: In an example there is provided a method of applying a mitigation action to a computing system. The method comprises receiving notification of an intrusion event on a computing system. The notification identifies one or more of data, and a process affected by the intrusion event. The method comprises accessing state data corresponding to a state of the computing system prior to the intrusion event, accessing a policy specifying one or more mitigation actions to be applied to the one or more of data, and a process in response to an intrusion event, restoring the one or more of data, and the process on the basis of the state data, and applying a mitigation action according to the policy.

Abstract: Examples associated with ransomware attack monitoring are described. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated when a number of sequences of file accesses that match the predefined pattern exceeds a first threshold. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system when the number of sequences of file accesses that match the predefined pattern exceeds a second threshold. The reaction module then identifies processes associated with a suspected ransomware attack based on the logging performed by the investigation module, and resumes legitimate processes.

Abstract: An apparatus includes a first processing resource to execute a program code, and a second processing resource separate from the first processing resource. The program code includes an embedded execution unit. The execution unit, during execution of the program code, calculates a first security value for a part of the program code. The second processing resource runs a validation program. The validation program receives the first security value, checks the first security value against a second security value calculated from a corresponding part of a reference copy of the program code to obtain a check result, returns the check result to the execution unit. The execution unit performs a security-related action in response to a check result indicating a mismatch between the first security value and the second security value.

Abstract: Examples disclosed herein relate to selecting a security mitigation action based on device usage. In one implementation, a processor selects a security mitigation action for a device based on information related to usage of the device and associated usage limitations associated with the selected security mitigation action. The processor may output information related to the selected security mitigation action.

Abstract: A method of assessing a network uses a model (450) having nodes (100, 110) to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other. Dependencies or effects of the application services are found by determining paths through the nodes and links of the model (530). Such assessment can be useful for design, test, operations, and diagnosis, and for assessment of which parts of the infrastructure are critical to given services, or which services are dependent on, or could have an effect on a given part of the infrastructure. The dependencies or effects can encompass reachability information. The use of a model having links and nodes can enable more efficient processing, to enable larger or richer models. What changes in the dependencies or effects result from a given change in the network can be determined (830).

Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Each virtual infrastructure can be passivated by suspending applications, stopping operating systems, and storing state, to enable later reactivation. This is simpler for a complete virtual infrastructure than for groups of virtual entities and physical entities. It enables cloned virtual infrastructure to be created for testing, upgrading or sharing without risk to the parent. On failure, reversion to a previous working clone is feasible.

Abstract: A method of monitoring compliance with a business process comprising the steps of: generating, from a record of the business process and further information not expressed explicitly within the record of the process, a canonical model of all processes of a given genre which are to be monitored; applying the canonical model to the process as recorded to generate a process-specific model in which specific process operations are expressed in canonical form; and measuring the performance of the process by generating reports, based on the algorithms contained within the process-specific model and data generated by actual performance of the process, thereby to indicate whether the process is compliant.

Abstract: A method of assessing a network uses a model (450) having nodes (100, 110) to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other. Dependencies or effects of the application services are found by determining paths through the nodes and links of the model (530). Such assessment can be useful for design, test, operations, and diagnosis, and for assessment of which parts of the infrastructure are critical to given services, or which services are dependent on, or could have an effect on a given part of the infrastructure. The dependencies or effects can encompass reachability information. The use of a model having links and nodes can enable more efficient processing, to enable larger or richer models. What changes in the dependencies or effects result from a given change in the network can be determined (830).

Abstract: A verification system and method for audit data obtained from an infrastructure serving a plurality of entities are disclosed. A central repository and a number of leaf agents are used, each leaf agent being deployed to a part of the infrastructure and arranged to generate one or more index chains, each index chain being associated with one of said entities. Leaf agents submit their index chains for storage in the central repository, each index chain including one or more indices referencing audit data from the part of the infrastructure determined to be relevant to the entity and linking to indices referencing other audit data enabling integrity and relative timing of the referenced audit data with respect to the other audit data to be verified.

Abstract: A data collation system and method is disclosed that utilise a central repository, a collection agent, one or more branch agents and one or more leaf agents. Each of the leaf agents is associated with a respective branch agent and each branch agent is associated with the collection agent. Each leaf agent is associated with a computer system and is arranged to obtain data associated with the respective computer system, secure the data, collate the secured data into a batch and transmit the batch to the leaf agent's associated branch agent. Each branch agent is responsive upon receipt of a batch to verify the batch, collate verified batches in an augmented batch and transmit the augmented batch to the collection agent. The collection agent is responsive upon receipt of an augmented batch to verify the augmented batch and store verified augmented batches in said central repository.

Abstract: A digital storage system for storing digital documents, the system comprising a trusted storage service provider including an encryption module for encrypting a digital document prior to storage thereof using an encryption key generated using a random number generator, remote archive storage sites for storing the encrypted item of data, and a corporate key store for storing an n-bit decryption key (which maybe the same as the encryption key or maybe different, but mathematically related thereto) for use in decrypting a document if required, the system further comprising a key degrading module for progressively degrading said decryption key by periodically discarding or changing at least one bit at a time thereof.

Abstract: A method of auditing a communications session by using a secure device comprises: operating a communications protocol in said secure device; and producing an audit record of at least one transaction carried out by said secure device.

Abstract: A method for packaging digital evidence for long term validation comprises forming a package of a digital document (10), an electronic signature (12) for the document (10), together with evidence (16) of the authority of the signature in the document and a time stamp (20) indicating when the document was digitally signed. All of the pieces form parts of the packaged evidence.

Abstract: A monitoring method and system for monitoring compliance of a policy in an IT infrastructure (150) are described. A modeling component (110) and an analysis system (110) are used. The modeling component (110) is arranged to model the policy and configure the analysis system in dependence on the model and the analysis system (100) is arranged to monitor aspects of the IT infrastructure (150) in dependence on the model.

Abstract: A method of generating an identity for a first party that changes over time and which can at all times be authenticated by second party wherein the method includes the steps of: the first and second parties establishing a secret between them, the secret including an entity the value of which changes over time and first and second cryptographically strong functions used to operate in sequence on the current value of that time dependent entity to generate an identity for the first party; and for predetermined intervals each of the first and second parties generating a fresh identity for the first party.

Abstract: International business requires contractual relations to be established across jurisdictions. Different jurisdictions have different laws, customs, languages and obligations concerning contractual relations. Thus a standard contract can rarely be used across different jurisdictions. Using a contract template and processing this with a mapping database using a conversion engine, enables substantially automated localisation of a contract template to be achieved. This significantly reduces the cost and effort to enter a new market.