Abstract: A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.

Abstract: According to various embodiments of the invention, a system and method for controlling a file system. In some embodiments, a control plane interposes between a data plane user and a data plane, intercepts file system operations, and performs control plane operations upon the file system operations. In one such embodiment, the system and method is implemented between a data plane user that is a local file system user and a data plane that is a local file system. In another such embodiment, the system and method is implemented between a data plane user that is a client and a data plane that is a file server. Furthermore, for an embodiment where the control plane that interposes between a client and a file server, the control plane can be implemented as a file system proxy. Control plane operations include, but are not limited to, observation, verification, and transformation of a file system operation.

Abstract: A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.

Abstract: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.

Abstract: A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.

Abstract: The subject disclosure presents a novel technique for balancing the tradeoff between security monitoring and energy consumption on mobile devices. Security/energy tradeoffs for host-based detectors focusing on rootkits are analyzed along two axes: a scanning frequency, and a surface of attack. Experimental results are applied to a hypervisor-based framework, and a sweet spot is identified to minimize both energy consumption and a window of vulnerability for critical operating system objects such as code pages and kernel data.

Abstract: A non-transitory computer-readable storage medium storing a set of instructions executable by a processor. The set of instructions is operable to receive a request from a node to join a trusted ad hoc network. The set of instructions is further operable to authenticate the node to join the trusted ad hoc network. The authentication is performed based on a verification that the node will comply with a security policy of the trusted ad hoc network. The set of instructions is further operable to send, to the node, a verification that the trusted ad hoc network complies with the security policy. The set of instructions is further operable to add the node to the trusted ad hoc network.

Abstract: A system and method is disclosed which may comprise receiving, via a computing device, from a first user having a first personal device, a request for sharing access to a resource or a state of a second personal device of a second user, the first user and second user having an on-line social network relationship; and determining whether to grant sharing access to the one of the resource and the state of the second personal device of the second user. Determining whether to grant sharing access may be based, at least in part, upon the nature of the on-line social network relationship. The method and apparatus may comprise registering, via the computing device, an ownership link for a personal device and an owner having a certified identity within the social network; storing the ownership link; and utilizing the ownership link for determining whether to grant sharing access.

Abstract: A system and method to ensure trustworthiness of a remote service provided by a service provider. The method includes monitoring runtime dependencies invoked during execution of a service transaction associated with the remote service, the service transaction being requested by a service requester. The method further includes determining whether a deviation exists between the runtime dependencies and a trusted list of dependencies associated with the remote service. The method also includes blocking execution of the service transaction based on determining that the deviation between the runtime dependencies and the trusted list of dependencies exists.

Abstract: Embodiments are directed to modeling propagation of an information item in an online social network. A quality value for the information item to be posted in the online social network is calculated, and the quality value is compared to a posting threshold value. The posting threshold value being determined based on a strategic user model. A propagation of the information item through the online social network is emulated based on the comparison.

Abstract: A system and method of providing trusted service transactions includes associating a commitment with a remote service. The commitment includes a trusted list of runtime dependencies to execute a transaction. The method includes monitoring an actual list of runtime dependencies invoked during execution of the transaction using a trusted monitor. Execution is blocked if a deviation of the actual list from the trusted list is detected. Therefore, a completed transaction is allowed only if no deviation is found between the trusted and invoked list of runtime dependencies. A certificate authority in cooperation with software vendors preferably provide a signed commitment. The commitment is delivered by the provider to a user upon request and verified by the requester. The transaction is then executed by the user. Therefore, trust is verified before and during the transaction and privacy of data is guaranteed after completion.

Abstract: According to various embodiments of the invention, a system and method for controlling a file system. In some embodiments, a control plane interposes between a data plane user and a data plane, intercepts file system operations, and performs control plane operations upon the file system operations. In one such embodiment, the system and method is implemented between a data plane user that is a local file system user and a data plane that is a local file system. In another such embodiment, the system and method is implemented between a data plane user that is a client and a data plane that is a file server. Furthermore, for an embodiment where the control plane that interposes between a client and a file server, the control plane can be implemented as a file system proxy. Control plane operations include, but are not limited to, observation, verification, and transformation of a file system operation.

Abstract: A distributed file system architecture, characterized as a Federated File System (FedFS), is provided as a loose clustering of local file systems existing in a plurality of cluster nodes. The distributed file system architecture is established as an ad-hoc global file space to be used by a distributed application and a separate FedFS process is created for each application. Correspondingly, the lifetime of a FedFS process is limited to the lifetime of the distributed application for which it was created. File access for files in the node cluster is provided in a location-independent manner. FedFS also supports dynamic reconfiguration, file migration and file replication. FedFS further operates on top of, and without constraint on autonomous local file systems.