Abstract: Embodiments herein relate to new and useful systems and methods for tokenization across code trust boundaries. An embodiment includes a method for securing data across execution contexts in a computing device. The method includes determining that first data is to be passed from a first code in a first execution context to a second code in a second execution context. The method further includes, based on determining that the first data is to be passed, tokenizing the first data to generate tokenized first data, wherein tokenizing the first data comprises substituting the first data with second data that is based on the first data to secure the first data from the second code, the second data being the tokenized first data. The method further includes passing the tokenized first data from the first code to the second code.

Abstract: A system for intrinsic runtime security includes an application code repository, a security code repository, a trusted execution context, a first sandboxed execution context and a policy enforcement module, operating based on security policy, that enables the first sandboxed execution context to modify objects without enabling unrestricted access of the first sandboxed execution context to original prototypes of the objects.

Abstract: Embodiments herein relate to new and useful systems and methods for tokenization across code trust boundaries. An embodiment includes a method for securing data across execution contexts in a computing device. The method includes determining that first data is to be passed from a first code in a first execution context to a second code in a second execution context. The method further includes, based on determining that the first data is to be passed, tokenizing the first data to generate tokenized first data, wherein tokenizing the first data comprises substituting the first data with second data that is based on the first data to secure the first data from the second code, the second data being the tokenized first data. The method further includes passing the tokenized first data from the first code to the second code.

Abstract: A system for intrinsic runtime security includes an application code repository, a security code repository, a trusted execution context, a first sandboxed execution context and a policy enforcement module, operating based on security policy, that enables the first sandboxed execution context to modify objects without enabling unrestricted access of the first sandboxed execution context to original prototypes of the objects.

Abstract: A system for intrinsic runtime security includes an application code repository, a security code repository, a trusted execution context, a first sandboxed execution context and a policy enforcement module, operating based on security policy, that enables the first sandboxed execution context to modify objects without enabling unrestricted access of the first sandboxed execution context to original prototypes of the objects.

Abstract: A system for intrinsic runtime security includes an application code repository, a security code repository, a trusted execution context, a first sandboxed execution context and a policy enforcement module, operating based on security policy, that enables the first sandboxed execution context to modify objects without enabling unrestricted access of the first sandboxed execution context to original prototypes of the objects.

Abstract: A system and method for distinguishing human input events from malware-generated events includes one or more central processing units (CPUs), one or more input devices and memory. The memory includes program code that when executed by the CPU causes the CPU to obtain a first set of input events from a user utilizing the input device. The first input events are used to obtain or derive a feature indicative of the user, such as a multi-dimensional feature vector as provided by a support vector machine. Second input events are then obtained, and the second input events are classified against the feature to determine if either the user or malware initiated the second input events.

Abstract: A system and method for distinguishing human input events from malware-generated events includes one or more central processing units (CPUs), one or more input devices and memory. The memory includes program code that when executed by the CPU causes the CPU to obtain a first set of input events from a user utilizing the input device. The first input events are used to obtain or derive a feature indicative of the user, such as a multi-dimensional feature vector as provided by a support vector machine. Second input events are then obtained, and the second input events are classified against the feature to determine if either the user or malware initiated the second input events.