Abstract: The disclosed computer-implemented method for detecting anomalous messages in automobile networks may include (1) receiving automobile-network messages that are expected to be broadcast over an automobile network of an automobile, (2) extracting a set of features from the automobile-network messages, and (3) using the set of features to create a model that is capable of distinguishing expected automobile-network messages from anomalous automobile-network messages. The disclosed computer-implemented method may further include (1) detecting an automobile-network message that has been broadcast over the automobile network, (2) using the model to determine that the automobile-network message is anomalous, and (3) performing a security action in response to determining that the automobile-network message is anomalous. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, computer program products, computer systems, and the like, which provide security in cloud-based services using lightweight replicas, are disclosed. The methods, computer program products, computer systems, and the like include detecting an intrusion into an application server, dynamically provisioning a replica application server in a server system in response to the detecting the intrusion, and transitioning a datastream from the application server to the replica application server, where the application server is provisioned in the server system, the intrusion is an attack on the application server, and the attack is conducted via a datastream between a first computing system and the application server. The replica application server is a replica of at least a portion of the application server.

Abstract: Techniques for redirecting input/output are disclosed. In one particular embodiment, the techniques may be realized as a method for redirecting input/output comprising the steps of method for redirecting input/output comprising configuring a first virtual machine with a recorder for library interposition, configuring a replica virtual machine with a player for library interposition, receiving a first recorded event from the first virtual machine, and transferring the first recorded event to the replica virtual machine for replay.

Abstract: The disclosed computer-implemented method for detecting discrepancies in automobile-network data may include (1) receiving data that indicates at least one attribute of an automobile and that was conveyed via an automobile-network message that was purportedly broadcast over an automobile network of the automobile, (2) receiving additional data that indicates the same attribute of the automobile and that was not conveyed via any automobile-network message that was broadcast over the automobile network, (3) detecting a discrepancy between the data and the additional data, and (4) performing a security action in response to detecting the discrepancy between the data and the additional data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for obscuring network services may include (1) identifying a local network comprising at least one client and at least one host, where the host provides a service that is not bound to any routable address on the local network and the client is expected to send messages to the service, (2) provisioning the client with a proxy that intercepts the messages directed to the service by the client, identifies the host that provides the service, and adds at least one layer of encryption to the messages, (3) configuring the proxy to route the messages through an onion routing network within the local network that comprises at least one onion routing node, and (4) configuring the onion routing network to remove the at least one layer of encryption from the messages before forwarding the messages. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.

Abstract: A method is provided for creating a behavior pattern of a computer program which comprises at least one source code with a plurality of program operations which are arranged in a logical succession and the source code is provided with annotations. Each annotation is referencing to a respective program operation and the annotations are read out automatically by a modeling tool, which is running on a processing unit and generating the behavior pattern of the computer program by arranging the annotations which have been read out according to the logical succession of the program operations and providing the generated behavior pattern, so that the generated behavior pattern can be represented via a representing unit. Furthermore, an appropriate server and an appropriate network system are provided.

Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.

Abstract: The present description refers in particular to example computer-implemented methods, example computer program products, and example computer systems for automatically generating or verifying a digital signature for a message. The message may be representable in a hierarchical tree structure. An example computer-implemented method may comprise: selecting, from a message MT, a sub-message M to be signed, the sub-message M comprising at least one element; generating a well-formed context CMt for the sub-message M, wherein the well-formed context CMt defines a derivation path to the element in the message MT at a time t, the element being marked [M] in the well-formed context CMt; generating a message digest ?M from the sub-message M and a context digest ?C from the well-formed context CMt; and generating a signature S by applying a secret key SA of a user A to the message digest ?M and to the context digest ?C.

Abstract: A method and a system for evaluation of risk of conflict between a number of integrating security solutions. In a computer system, a number of fragmentary security solutions are received. A set of the received fragmentary security solutions is integrated to form a composite security solution to satisfy a number of security requirements. In one aspect, the security requirements are established during a design of a computer system. A risk of conflict between the set of integrating fragmentary security solutions is evaluated. In another aspect, the risk of conflict between the set of integrating fragmentary security solutions exists at authority level and at configuration level. Conflict at authority level arises when different authorities control the same fragmentary security solution. Conflict at configuration level arises when integrating fragmentary security solutions share configuration data.

Abstract: The present description refers in particular to a computer implemented method, computer program product, and computer system for dynamic separation of duties (SoD) during workflow execution. Based on at least one policy file, at a monitoring module, at least one node to be logged from a message in a message pipe of one or more messages exchanged when executing a workflow instance may be specified. Information on the at least one logged node may be passed to an enforcer. SoD violation for the at least one logged node may be checked at the enforcer. If, for the at least one logged node, SoD is violated, action may be taken based on the at least one policy file.

Abstract: The present description refers in particular to a computer-implemented method, a computer program product, and a computer system for automatically generating a digital signature for a message, the message being representable in a hierarchical tree structure and to a computer-implemented method, a computer program product, and a computer system for automatically verifying a digital signature of a message, the message being representable in a hierarchical tree structure.

Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product for input validation and output validation to prevent SQL injections. In one aspect, an embodiment of the invention involves a service (e.g., a web service operating on a server) receiving a request message from a client over a network. The server includes a handler for checking the request message according to a first method, prior to sending the request message to the service. In addition, the handler checks a response message (from the service) according to the first method, prior to sending the response message to the client.

Abstract: A method is provided for creating a behavior pattern of a computer program which comprises at least one source code with a plurality of program operations which are arranged in a logical succession and the source code is provided with annotations. Each annotation is referencing to a respective program operation and the annotations are read out automatically by a modeling tool, which is running on a processing unit and generating the behavior pattern of the computer program by arranging the annotations which have been read out according to the logical succession of the program operations and providing the generated behavior pattern, so that the generated behavior pattern can be represented via a representing unit. Furthermore, an appropriate server and an appropriate network system are provided.

Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.