Abstract: Technologies are shown for HGM based control for smart contract execution. HGM control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The HGM control rules are applied to HGMs collected from the call stack to allow or prohibit specific HGMs observed in functions or function call chains. HGM control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the HGM control rules, then the function call can be blocked from executing or completing execution. The HGM control rules can be generated by executing known sets of acceptable or vulnerable smart contracts and collecting the resulting HGMs.

Abstract: Technologies are shown for system level function based access control for smart contract execution on a blockchain. Access control rules control function calls at a system level by utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for execution of a smart contract. The access control rules are applied to the function call stack to allow or prohibit specific functions or function call chains. Access control rules can also define allowed or prohibited parameter data in the function call chain. If the function call chain or parameters do not meet the requirements defined in the access control rules, then the function call can be blocked from executing or completing execution. The access control rules can produce sophisticated access control policies based on complex function call chains.

Abstract: Technologies are shown for function level permissions control for smart contract execution to implement permissions policy on a blockchain. Permissions control rules control function calls at a system level utilizing function boundary detection instrumentation in a kernel that executes smart contracts. The detection instrumentation generates a call stack that represents a chain of function calls in the kernel for a smart contract. The permissions control rules are applied to the call stack to implement permissions control policy. Permissions control rules can use dynamic state data in the function call chain. If the dynamic state data observed in function call chains does not meet the requirements defined in the permissions control rules, then the function call can be blocked from executing or completing execution. The permissions control rules can be generated for a variety of different entities, such as a domain, user or resource.

Abstract: Technologies are shown for storing component state data for a resource on a blockchain involving generating a resource data block that corresponds to a resource that includes links that correspond to components of the resource, generating a first component state data block for a component of the resource on a blockchain that includes first state data for the first component, and setting the link for the component to reference the first component state data block. Subsequently, a second component state data block can be generated for the component with second state data and the second component state data block linked to the first component state data block.

Abstract: Disclosed is technology for storing original work data on a derivative work data blockchain along with code for verifying that derivative work data is derivative of the original work data. The technology involves receiving derivative work data from a submitting entity along with proof data showing that the derivative work is derivative of the original work. If the derivative work data is verified as derivative, then the derivative work data is appended to the derivative work data blockchain.

Abstract: Methods, systems, and media for improving computer security and performance of security are disclosed. In one example, a computer security system comprises a key management monitor, and two key elements comprising a first key element and a second key element. The first key element is stored at a first location address within a computer memory and the second key element is stored at a second location address. The key management monitor is configured to determine or receive a time duration for performing a data dump of contents of the computer memory. In one example, the key management monitor is further configured to control a location of the first key element within the computer memory, wherein the location address of the first key element is changed within a time period that is less than the time duration for performing the data dump of contents of the computer memory.

Abstract: Techniques are shown for key management using a traceable key block-chain ledger involving creating a cryptographic key at a key source, generating a genesis block for a key block-chain ledger corresponding to the cryptographic key, and securely modifying the genesis block to include metadata describing the key source. The techniques also involve performing a first key transaction with the cryptographic key, generating a first transaction block corresponding to the first key transaction with the cryptographic key and adding the first transaction block to the key block-chain ledger, and securely modifying the first transaction block to include metadata describing the first key transaction with the cryptographic key.