Abstract: There is disclosed in an example a computing apparatus, comprising: a network interface; a messaging application to communicate via the network interface; and one or more logic elements comprising a security layer, discrete from the messaging application, to: generate a message; secure the message; and send the message via the messaging application.

Abstract: Providing synchronous processing of the designated computing events using hardware-assisted virtualization technology by performing at least the following: detecting a designated computing event using a high priority, low capability routine, creating a copy code in an alternate memory space of a first code located in a first memory space, modifying the copy code to call for analysis of at least a portion of the copy code that corresponds to the first code, switching execution of the first code with the modified copy code using an address translation data structure that translates a guest memory address to a host memory address after a return of the high priority, low capability routine; and analyzing synchronously the at least a portion of the code within the copy code that corresponds to the first code based on the replacement of the first code with the modified copy code.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: There is disclosed in one example, a computing apparatus, including: first one or more logic elements providing a code module, the code module comprising a member having a branching policy designating either a public or private member; second one or more logic elements providing a policy engine, operable to: receive a first branch instruction to the member; determine that the branch instructions does not meet the policy; and take a security action. There is also disclosed a method of providing a policy engine, and a computer-readable medium having stored thereon executable instructions for providing a policy engine.

Abstract: Protecting personally identifiable information data collected and/or stored in physical objects with embedded electronic devices by performing at least the following: obtaining a plurality of personally identifiable information algorithms for a plurality of electronic user devices, determining a relevant personally identifiable information algorithm from the plurality of personally identifiable information algorithms, executing the relevant personally identifiable information algorithm over the relevant personally identifiable information from one of the electronic user devices to construct a personally identifiable information data result, and transmitting the personally identifiable information data result without transmitting the relevant personally identifiable information to a remote computing system.

Abstract: In an example, there is disclosed a computing apparatus, comprising: a psychological state data interface to receive psychological state data; one or more logic elements, including at least one hardware element, comprising a verification engine to: receive a requested user action; receive a psychological state input via the psychological state data interface; analyze the psychological state input; and bar the requested user action at least partly responsive to the analyzing.

Abstract: In an example, there is disclosed a computing apparatus, including a processor, including a trusted execution instruction set; a memory having an enclave portion, wherein the enclave is accessible only via the trusted execution instruction set; a swap file; and a memory management engine operable to: allocate a buffer within the enclave; receive a scope directive to indicate that the buffer is in scope; and protect the buffer from swapping to the swap file while the buffer is in scope. There is further disclosed an method of providing a memory management engine, and one or more computer-readable storage mediums having stored thereon executable instructions for providing the memory management engine.

Abstract: Providing synchronous processing of the designated computing events using hardware-assisted virtualization technology by performing at least the following: detecting a designated computing event using a high priority, low capability routine, creating a copy code in an alternate memory space of a first code located in a first memory space, modifying the copy code to call for analysis of at least a portion of the copy code that corresponds to the first code, switching execution of the first code with the modified copy code using an address translation data structure that translates a guest memory address to a host memory address after a return of the high priority, low capability routine; and analyzing synchronously the at least a portion of the code within the copy code that corresponds to the first code based on the replacement of the first code with the modified copy code.

Abstract: A combination of hardware monitoring and binary translation software allow detection of return-oriented programming (ROP) exploits with low overhead and low false positive rates. Embodiments may use various forms of hardware to detect ROP exploits and indicate the presence of an anomaly to a device driver, which may collect data and pass the indication of the anomaly to the binary translation software to instrument the application code and determine whether an ROP exploit has been detected. Upon detection of the ROP exploit, the binary translation software may indicate the ROP exploit to an anti-malware software, which may take further remedial action as desired.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a secured storage communicatively coupled to the client. The system further includes a client application including computer-executable instructions on the medium. The instructions are readable by the processor. The application is configured to manage a trusted image of software of a client in a secured storage and, upon a signal indicating malware on the client, restore the trusted image to the client independent of an operating system and user processes of the client.

Abstract: In an example, there is disclosed a computing apparatus, including a processor, including a trusted execution instruction set; a memory having an enclave portion, wherein the enclave is accessible only via the trusted execution instruction set; a swap file; and a memory management engine operable to: allocate a buffer within the enclave; receive a scope directive to indicate that the buffer is in scope; and protect the buffer from swapping to the swap file while the buffer is in scope. There is further disclosed an method of providing a memory management engine, and one or more computer-readable storage mediums having stored thereon executable instructions for providing the memory management engine.

Abstract: There is disclosed in one example, a computing apparatus, including: first one or more logic elements providing a code module, the code module comprising a member having a branching policy designating either a public or private member; second one or more logic elements providing a policy engine, operable to: receive a first branch instruction to the member; determine that the branch instructions does not meet the policy; and take a security action. There is also disclosed a method of providing a policy engine, and a computer-readable medium having stored thereon executable instructions for providing a policy engine.