Abstract: In one embodiment, an online social network accesses a place-entity cluster comprising a number of place-entity nodes corresponding to a particular place-entity having a geographic location. One of the place-entity nodes is identified as an initial canonical place-entity cluster connected to the other place-entity nodes by redirection edges. A cluster score is calculated for each place-entity node in the cluster, and nodes having a cluster score above a threshold is identified. One of the identified place-entity nodes is selected as a replacement canonical place-entity node. If the replacement node is different from the initial canonical node, then the place-entity cluster is updated by adding or removing at least one place-entity node from the cluster based on their respective cluster scores.

Abstract: A system for managing privacy of shared content. The system includes a terminal device and a server device. The terminal device includes a content receiving device configured to receive content, a storage configured to store content by the content receiving device, a privacy setting determiner, a content obfuscator; and a transmitter configured to transmit obfuscated content. The server device includes a receiver configured to receive the obfuscated content from the transmitter of the terminal device, a publisher configured to publish the obfuscated content, and a de-obfuscator configured to, based on the received request to change privacy settings, de-obfuscate the at least a portion of the received content to generate de-obfuscated content.

Abstract: A system for managing privacy of shared content. The system includes a terminal device and a server device. The terminal device includes a content receiving device configured to receive content, a storage configured to store content by the content receiving device, a privacy setting determiner, a content obfuscator; and a transmitter configured to transmit obfuscated content. The server device includes a receiver configured to receive the obfuscated content from the transmitter of the terminal device, a publisher configured to publish the obfuscated content, and a de-obfuscator configured to, based on the received request to change privacy settings, de-obfuscate the at least a portion of the received content to generate de-obfuscated content.

Abstract: Systems and methods for managing privacy settings of shared content include receiving content associated with an object; receiving privacy settings associated with the object associated with the received content; based on the received privacy settings, obfuscating, at least a portion of the content associated with the object to generated obfuscated content; and transmitting the obfuscated content to a publishing server, wherein the publishing server publishes the obfuscated content to one or more third parties.

Abstract: Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a

Abstract: Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a

Abstract: Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a

Abstract: Systems and methods for data loss prevention while preserving privacy are described, including receiving a data communication originating from an online account of a user device associated with the enterprise; performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication; encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise; receiving a software agent-encrypted database of enterprise communication and the host-encrypted data communication, re-encrypted by the software agent; decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication; if the match exists, reporting the match to the software agent; and if the match does not exist,

Abstract: Systems and methods for privacy-preserving data loss detection include performing a sweep of online information for a candidate data leakage to generate an online data set; performing an analysis of the online data set to determine that the online information is a candidate data leakage; the host encrypting the data communication and providing the host-encrypted data communication to a software agent at the enterprise; in response to receiving the host-encrypted data communication, the software agent encrypting a database of enterprise information and re-encrypting the host-encrypted data communication, and providing the same to the host; the host decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; determining whether a match exists between the encrypted database of information and the software agent-encrypted data communication; and based on whether the match exists, the software agent taking a first action or the host taking a

Abstract: In one embodiment, an online social network accesses a place-entity cluster comprising a number of place-entity nodes corresponding to a particular place-entity having a geographic location. One of the place-entity nodes is identified as an initial canonical place-entity cluster connected to the other place-entity nodes by redirection edges. A cluster score is calculated for each place-entity node in the cluster, and nodes having a cluster score above a threshold is identified. One of the identified place-entity nodes is selected as a replacement canonical place-entity node. If the replacement node is different from the initial canonical node, then the place-entity cluster is updated by adding or removing at least one place-entity node from the cluster based on their respective cluster scores.

Abstract: Systems and methods for data loss prevention while preserving privacy are described, including receiving a data communication originating from an online account of a user device associated with the enterprise; performing an analysis to determine that the data communication is a candidate data leakage, based on a context of the data communication; encrypting the data communication, and providing the host-encrypted data communication to a software agent at the enterprise; receiving a software agent-encrypted database of enterprise communication and the host-encrypted data communication, re-encrypted by the software agent; decrypting a host-encrypted aspect of the re-encrypted data communication to generate a software agent-encrypted data communication; performing a matching operation to determine whether a match exists between the encrypted database of information and the software agent-encrypted data communication; if the match exists, reporting the match to the software agent; and if the match does not exist,

Abstract: Systems and methods for managing privacy settings of shared content include receiving content associated with an object; receiving privacy settings associated with the object associated with the received content; based on the received privacy settings, obfuscating, at least a portion of the content associated with the object to generated obfuscated content; and transmitting the obfuscated content to a publishing server, wherein the publishing server publishes the obfuscated content to one or more third parties.

Abstract: Systems and methods for protecting sensitive data in communications are described, including identifying first information in content created by a user for a communication; sending the first information to a vault; receiving, from the vault, an identifier associated with the first information; replacing the first information in the content with second information that is associated with the first information and does not provide any indication of the content of the first information; and sending the communication comprising the content with the second information and the identifier.

Abstract: Evaluating a threat model for structural validity and descriptive completeness. A threat modeling application provides a progress factor or other overall score associated with the structural validity and descriptive completeness of the threat model being evaluated. The structural validity is evaluated based on a data flow diagram associated with the threat model. The descriptive completeness is evaluated by reviewing descriptions of threat types in the threat model. The progress factor encourages modelers to provide effective models to a model reviewer, thus saving time for the model reviewer.

Abstract: An application may watch to see if information passes a defined trust barrier. If defined information passes a defined trust barrier, an alert may be issued. The alert may include informing a developer of the specific code section that triggered the alert.

Abstract: All execution paths of one or more assemblies in managed code are simulated to find the permissions for each execution path. The managed code can correspond to a managed shared library or a managed application. Each call in each execution path has a corresponding permissions set. When the library or application has permissions to execute that are not less than the required permission sets for the execution paths, any dynamic execution of the library or application will not trigger a security exception The simulated execution provides a tool that can be used to ensure that code being written will not exceed a maximum security permission for the code. A permission set can be determined by the tool for each assembly corresponding to an application and for each entry point corresponding to a shared library.

Abstract: Identifying threats to an information system by analyzing a structural representation of the information system. In some embodiments, a data flow diagram corresponding to the information system is analyzed based on predefined criteria. Potential threats to elements of the data flow diagram are identified based on the predefined criteria. The threats are prioritized and provided to a user for further testing. In an embodiment, the user performs fuzz testing of application programs in the information system based on the prioritized threats.

Abstract: Excluding selected elements in a data flow diagram from a threat model. The selected elements are marked as informational. An automated threat modeling system generates a threat model report for the elements in the data flow diagram except for the elements marked as informational. Excluding the informational elements from the threat model and threat model report reduces the complexity of the threat analysis and enables a modeler to focus the threat model on elements of interest.

Abstract: Evaluating a threat model for structural validity and descriptive completeness. A threat modeling application provides a progress factor or other overall score associated with the structural validity and descriptive completeness of the threat model being evaluated. The structural validity is evaluated based on a data flow diagram associated with the threat model. The descriptive completeness is evaluated by reviewing descriptions of threat types in the threat model. The progress factor encourages modelers to provide effective models to a model reviewer, thus saving time for the model reviewer.

Abstract: A system for fuzzing requests and responses using a proxy includes a client that may include a client application, a server that may include a server application, and a proxy coupled between the client and the server. The proxy communicates message traffic between the client and the server related to testing the client application or the server application. The proxy is adapted to store a template resulting from the message traffic into a data store to facilitate later fuzzing of requests or responses contained in the message traffic. A user interface for presenting events resulting from the fuzzing is also described.