Abstract: A malware detection method for detecting client participation in malware activity, in respect of a target subjected to a given attack by a client system, which is operable to run a given host application is disclosed a given security service provider is configured, which is operably coupled to the client system, to make accessible given attack information that is reported by a given attack target. An attack status query is transmitted to the security service provider from an agent that is operably coupled to the client system. In response to receiving the attack status query, the security service provider is configured to send attack information reported in respect of a given attack target to the agent, and configuring the agent to diagnose whether its corresponding client system potentially comprises an attack source of the given attack subjected on the attack target, on a basis of the received attack information.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: A method and associated systems for isolating a source of an attack that originates from a shared computing environment. A computer-security system tags outgoing packets originating from within the shared computing environment in a tamper-proof manner in order to identify which tenant of the shared environment is the true source of each packet. If one of those tenants transmits malicious packets to an external recipient, either because the tenant has malicious intent or becomes infected with malware, the transmitted malicious packets' tags allow the recipient to determine which tenant is the source of the unwanted transmissions. The recipient may then block further communications from the problematic tenant without blocking communications from other tenants of the shared environment.

Abstract: Concepts for identifying relevance of a source code change to compliance requirements are presented. One example comprises obtaining mapping information linking an item of source code with a set of compliance requirements, the mapping information representing a relationship between the item of source and the set of compliance requirements. A changed element of an item of source code is identified. The mapping information is analyzed based on the changed element to determine if the changed element relates to a compliance requirement. If it is determined that the changed element relates to a compliance requirement, an indication of th compliance requirement is generated.

Abstract: Concepts for linking source code with compliance requirements are presented. One example comprises analyzing a set of compliance requirements to identify one or more compliance topics. The example further comprises determining keywords for the identified one or more compliance topics. An item of source code is then analyzed to identify occurrences of the keywords in the source code. Mapping information representing a relationship between the item of source code and the compliance requirements is then generated based on the identified occurrence of the keywords.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: A malware detection method for detecting client participation in malware activity, in respect of a target subjected to a given attack by a client system, which is operable to run a given host application is disclosed a given security service provider is configured, which is operably coupled to the client system, to make accessible given attack information that is reported by a given attack target. An attack status query is transmitted to the security service provider from an agent that is operably coupled to the client system. In response to receiving the attack status query, the security service provider is configured to send attack information reported in respect of a given attack target to the agent, and configuring the agent to diagnose whether its corresponding client system potentially comprises an attack source of the given attack subjected on the attack target, on a basis of the received attack information.

Abstract: An authentication channel is established between a mobile device and a transaction terminal that uses a keypad for access control. The terminal keypad is assumed to be untrusted, whereas the mobile device has a trusted interface that only the device user can access and use. The transaction terminal includes a short-range communication device, and a keypad interface application configured to communicate with an external keypad device in lieu of the transaction terminal's own keypad. The mobile device includes a mobile app. In response to detecting a user access request, a handshake protocol is performed between the keypad interface application in the transaction terminal and the keypad interface function in the mobile device. If the handshake protocol succeeds, the user is notified that the transaction terminal is trusted. The user then enters his or her password and/or PIN on the mobile device in lieu of direct entry via the terminal keypad.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: A method and associated systems for isolating a source of an attack that originates from a shared computing environment. A computer-security system tags outgoing packets originating from within the shared computing environment in a tamper-proof manner in order to identify which tenant of the shared environment is the true source of each packet. If one of those tenants transmits malicious packets to an external recipient, either because the tenant has malicious intent or becomes infected with malware, the transmitted malicious packets' tags allow the recipient to determine which tenant is the source of the unwanted transmissions. The recipient may then block further communications from the problematic tenant without blocking communications from other tenants of the shared environment.

Abstract: Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

Abstract: Denial-of-service attacks are prevented or mitigated in a cloud compute environment, such as a multi-tenant, collaborative SaaS system. This is achieved by providing a mechanism by which characterization of “legitimate” behavior is defined for tenant applications or application classes, preferably along with actions to be taken in the event a request to execute an application is anticipated to exceed defined workflow limits. A set of application profiles are generated. Typically, a profile comprises information, such as a request defined by one or more request variables, one or more “constraints,” one or more “request mappings,” and one or more “actions.” A constraint is a maximum permitted workload for the application. A request mapping maps a request variable to the constraint, either directly or indirectly. The profile information defines how a request is mapped to a workload to determine whether the request is in policy or, if not, what action to take.

Abstract: An email filter updating system includes a tracking component, and a logic component. The tracking component is provided to track user navigation. This tracking compiles information about websites the user has visited and presumably may “trust” in the event an email associated with one such site or application is later received by the user's email application. The logic component uses information and a set of configurable rule-based criteria to output a characterization that a particular email message has been initiated from a site that the user has visited or should otherwise trust. The characterization is then provided to the email filter to control whether in-bound email is passed to the user's email client inbox. Further, the logic component is operative to generate filter update commands that update the email filter in an automated manner, i.e., without user input.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: Embodiments of the present invention provide systems and methods for self-certification by a developer that the software components used during development are used in a secure manner, through the use of annotations. Input and return conditions are defined in an annotation for the software components of a system. The input and return conditions are compared for a match and a warning is generated when the input and return conditions do not match.

Abstract: A method, and an associated computer system and computer program product. A login request is received from a user, to log into a computing resource, wherein the login request includes a password and a user identifier of the user. The received password is compared with a stored password to determine whether to grant access to the computing resource. Responsive to determining that the received password does not match the stored password, an authenticity of the login request is determined, based on one or more characteristics of the user and/or one or more checks performed against the received password. A score is calculated based on the determined authenticity of the login request. The login request is denied. Based on the calculated score, it is decided whether to lock the user and deny the user further access to the computing resource.