Abstract: A computer-implemented method for combining static and dynamic code analysis may include 1) identifying executable code that is to be analyzed to determine whether the executable code is capable of leaking sensitive data, 2) performing a static analysis of the executable code to identify one or more objects which the executable code may use to transfer sensitive data, the static analysis being performed by analyzing the executable code without executing the executable code, 3) using a result of the static analysis to tune a dynamic analysis to track the one or more objects identified during the static analysis, and 4) performing the dynamic analysis by, while the executable code is being executed, tracking the one or more objects identified during the static analysis to determine whether the executable code leaks sensitive data via the one or more objects. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Power consumption on a mobile computing device is reduced, by identifying and managing apps that prevent the mobile device from sleeping while the screen is off. It is detected when the screen is turned off and when it is subsequently turned back on. During the ensuing period of time, it is determined which specific apps prevent the mobile device from sleeping. This can take the form of identifying each specific app on the mobile device that has an unreleased wake lock at any point during the given period of time while the screen is off. The prevention of the device from sleeping while the screen was off is quantified by app according to power consumption, based on factors such as duration. Any apps for which the quantified prevention of the mobile device from sleeping while the screen was off meets a specific threshold are identified and managed.

Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing controls for application behavior may include (1) identifying an application that is distributed via an application repository and that is configured to use a permission on a computing platform that enables the application to access a feature of the computing platform, (2) receiving a request to reconfigure the application to intercept and interfere with attempts by the application to use the permission, (3) reconfiguring the application, in response to the request, to intercept and interfere with attempts by the application to use the permission, (4) determining that an updated version of the application is available via the application repository, and (5) reconfiguring the updated version of the application to intercept and interfere with attempts by the application to use the permission in response to an instruction to update the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for aggregating event information may include 1) identifying a plurality of social networking data feeds, 2) identifying a time and a location of an event involving at least one person associated with at least one social networking data feed within the plurality of social networking data feeds, 3) mining the plurality of social networking data feeds for event data about the event, and 4) creating an event document from the event data to describe the event. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for providing secure mobile email communications is described. At least one application programming interface (API) of a native email client is hooked in order to transmit data securely via email. The native email client is native to an operating system of the mobile device. An email originating from a registered application is detected, via the hooked API. The email includes the data to transmit securely. The registered application is registered in a registry according to a mobile application authentication procedure. The registry includes a plurality of registered applications authenticated according to the mobile application authentication procedure.

Abstract: A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed.

Abstract: A computer-implemented method for detecting client types may include identifying a communication from a client system transmitted according to a network protocol, analyzing the communication to determine at least one protocol implementation characteristic that describes how the client system implemented the network protocol in the communication, submitting the protocol implementation characteristic to a protocol implementation database that correlates client types with protocol implementation characteristics and receiving, in response to submitting the protocol implementation characteristic, a client type of the client system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service.

Abstract: A server computer system receives mobile device activity data from a mobile device. The server computer system verifies that the mobile device activity data matches mobile device activity data that is stored at the mobile device and generates a shared secret at the server computer system using the received mobile device activity data. The shared secret at the server computer system matches a shared secret generated at the mobile device.

Abstract: Selective projection of user interface elements between a host and a plurality of guests is provided according to a configurable policy. User interface elements generated by guests and/or the host are captured. It is determined whether to project captured elements into the user interface with which the user is currently interacting, based on the policy. In some cases, it is determined to project a captured element originating from a first user interface into a second user interface with which the user is currently interacting, based on factors such as source, destination, element attributes, element contents and/or element type. Responsive to such a determination, the captured element is projected into the current user interface, thereby presenting the projected element to the user.

Abstract: A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for inter-virtual machine communication are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for interaction with a guest virtual machine comprising monitoring image loads into electronic memory of a guest virtual machine using a secure virtual machine, identifying a memory structure having a specified format, and performing, using the secure virtual machine, at least one of reading one or more portions of the identified memory structure and setting a value in the identified memory structure.

Abstract: A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.

Abstract: Misspelled words are identified in incoming email messages. The presence of misspelled words in emails is used to help determine which the emails are spam. Various statistical information concerning the number, prevalence, distribution, etc. of misspelled words in email messages is analyzed to detect spam or other forms of undesirable email, such as phishing emails. In some embodiments, the language in which an email is written is identified in order to aid in the identification of misspelled words. In some embodiments, the analysis of the misspelling information is combined with other techniques used to identify undesirable email.

Abstract: A unique (or nearly unique) set of search terms (called a “Search Resource Locator,” or SRL) is used to locate information on a web page. An SRL can be used like a Uniform Resource Locator (URL) as a navigational element that finds and brings up a corresponding web site. Unlike a URL, however, an SRL is not a static address for the web site, but is instead a representation of a collection of search terms that can be used to find the site or a substantially similar site. A provided tool generates SRLs for web pages.

Abstract: A secure component communication management system provides secure, trusted communication between components in a hypervisor based virtual computing environment. A hypervisor security extension generates a container level private key/public key pair. The hypervisor security extension container injects the container level public key into one or more VM(s) that are to securely receive trustworthy data. The hypervisor security extension container encrypts data to transmit to VMs with the container level private key, and injects the encrypted data into one or more target VM(s), such that the injected data is trusted by the VM(s). The one or more VM(s) receive the container level public key and data encrypted with the container level private key, injected by the hypervisor security extension container. These VM(s) use the public key to decrypt injected data encrypted with the private key, such that the decrypted data is trusted.

Abstract: A computer-implemented method for providing secure mobile email communications is described. At least one application programming interface (API) of a native email client is hooked in order to transmit data securely via email. The native email client is native to an operating system of the mobile device. An email originating from a registered application is detected, via the hooked API. The email includes the data to transmit securely. The registered application is registered in a registry according to a mobile application authentication procedure. The registry includes a plurality of registered applications authenticated according to the mobile application authentication procedure.

Abstract: A computer correlates web and email attributes to detect spam. A security module on a client collects attributes of a web site to which an email address was submitted and attributes of an email message sent to the email address that was previously submitted. The security module analyzes the attributes of the web site and the email message to determine whether the email message was sent to the email address responsive to the submission of the email address to the web site. Based on the analysis, the security module determines whether the email message is spam. A machine learning module on a security server establishes training data describing the attributes of the web site to which email addresses were submitted and attributes of legitimate emails received in response to the address submissions. The machine learning module generates an attributes classifier for the security module for spam detection.