Abstract: Described is system for secure proactive multi-party computation. The system securely evaluates a circuit in the presence of an adversary. The circuit receives inputs of secret values from a set of servers. A RobustShare protocol is initialized to allow each server to distribute their secret values among the other servers. A RauDouSha protocol is initialized to generate random sharings of the secret values. A Block-Redistribute protocol is initialized to redistribute the secret values amount the set of servers. For each layer of the circuit, a permutation of the secret values is performed, and each layer of the circuit is evaluated. The Block-Redistribute is protocol is initialized to re-randomize the secret values such that privacy of the secret values is preserved. A sharing of the secret values is determined for each output gate, and a Reco protocol is initialized to reveal each sharing of secret values to an intended recipient.

Abstract: Described is a system for mobile proactive secret sharing. The system utilizes a Secret-Share protocol to share, by server Pj, a secret s among a set of servers , such that a degree of polynomials used to share the secret s is d and a shared secret is denoted as [s]. A GenPoly protocol is used to cause the servers in the set of servers to generate l random polynomials of degree D. A Secret-Redistribute protocol is used to redistribute the shared secret [s] to a set of new servers ?. Finally, a Secret-Open protocol is used to open the shared secret [s].

Abstract: The present invention relates to a system for deep packet inspection and intrusion detection. The system uses a pattern matching module receiving as an input a data stream in a neural network. Neurons are activated such that when active, the neuron fires to all connecting output neurons to form a neuron spike, each neuron spike from the assigned neuron to a connecting output neuron having a delay. A delay is associated with each input character in the pattern, such that a position of each input character relative to an end of the pattern is stored in an alphabet-pattern-delay matrix (APDFM). An activation matrix (AM) is used to match each input character with a stored pattern to generate a similarity match and determine if the string of characters is the stored pattern.

Abstract: A method and apparatus for discovering a service dependency chain. Service dependencies are discovered. A potential service dependency chain is identified based on at least a portion of the service dependencies. A number of data paths are built for the potential service dependency chain. A chain transfer entropy is computed for the potential service dependency chain based on the number of data paths. A determination is made as to whether the potential service dependency chain is the service dependency chain based on the chain transfer entropy.

Abstract: A method and apparatus for discovering service dependencies. A plurality of connections is identified between nodes in a data network. A set of connection pairs is identified based on the plurality of connections identified. A set of time series is created for the set of connection pairs using monitoring data received from a plurality of sensors monitoring the data network. Service dependencies may be discovered using the set of time series.

Abstract: A method for access control of an application feature to resources on a mobile computing device. An application is prepared for installation on the mobile computing device via a processor. An application permission associated with the application is identified. The application permission relates to access of resources of the mobile computing device. Restrictions associated with the application permission are determined. A set of mandatory access control rules are defined for the application permission based on the restrictions. The set of mandatory access control rules and the application permission are combined in a loadable mandatory access control policy module. The loadable mandatory access control policy module is stored in a memory of the mobile computing device, the loadable mandatory access control policy module capable of being enforced by an operating system of the mobile computing device.

Abstract: Described is a system, method, and computer program product for ensuring that promises are kept in an anonymous system. A verifiable interaction is established between at least two users. Each user utilizes at least one pseudonym to protect their identity, which is verifiable by a third party. The pseudonyms are stored in an anonymous database controlled by the third party. The invention described herein ensures that at least one user in the verifiable interaction performs an action that is agreed upon between the users. If the user does not perform the action, then that user is prevented from establishing another verifiable interaction by the third party. In a desired aspect, the invention is utilized in an anonymous reputation system to ensure that actions that affect a user's reputation, including those that negatively impact the user's reputation, are performed as agreed upon.

Abstract: Described is a system for allowing sets of processors to engage in a secure pattern matching protocol. An input pattern is received from a first set of processors, while a text is received from a second set of processors. A matrix is constructed based on values computed for each character determined by each character's position in the pattern. The first set of processors sends an encrypted matrix to the second set of processors. The second set of processors processes each character in the text and creates a set of vectors. A final activation vector is created based on processing the set of vectors and an encrypted activation vector. The second set of processors sends the final activation vector to the first set of processors. The second set of processors decrypts the final activation vector. The system provides to the first set of processors where the pattern matches the text.

Abstract: Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist.

Abstract: Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist.