Abstract: A disclosed method for managing enterprise security posture includes maintaining a security system repository (SSR) including information mapping one or more software libraries to vulnerability information indicative of one or more identified vulnerabilities, providing one or more library scanning tools configured to scan the one or more software libraries and provide notifications indicative of one or more new vulnerabilities, generating an SSR catalog indicative of vulnerability information pertaining to the one or more software libraries, and an enhanced plugin module (EPM) is provided wherein the EPM is configured to consume installed application metadata enabling to produce an inventory indicative of updates to deploy.

Abstract: In an embodiment, a System-on-Chip (SoC) may include: a plurality of core domains, and a memory coupled to the plurality of core domains through a hardware firewall, wherein the hardware firewall is configured to enforce an adaptive Deny-By-Default (DBD) access policy in response to an event. In another embodiment, a circuit, may include: an access control policy generator configured to produce an adaptive DBD policy, and a hardware firewall coupled to the access control policy generator, the hardware firewall configured to enforce the adaptive DBD policy. In yet another embodiment, a method may include: storing an indication of a first DBD configuration state, the first DBD configuration state usable to enforce a first DBD access control policy, and changing the stored indication to a second DBD configuration state, the second DBD configuration state usable to enforce a second DBD access control policy.

Abstract: An information handling system may include a processor to execute code of a threat level detection module to receive and store in memory labeled data descriptive of operating environment variables related to the information handling system including operating environment variables selected from a basic input/output system (BIOS) setting, an information handling system hardware setting, and at least one of an operating system (OS) environment setting, a developer tool access setting, or a network setting; the processor to determine, via execution of a machine learning process of the threat level detection module, a threat level value; and a security module associated with a first application executed on the information handling system to: map the threat level value with the first application; and adjust the security level associated with the first application based on the provided threat level value to modify security checks operating with the first application.

Abstract: A multi-lane transmitting apparatus includes lanes, and each lane includes a serializer circuit to convert parallel bits to serial bits. A clock signal generator generates a first clock signal having phases. A deserializer circuit converts serial bits to parallel bits. A Built-In Self-Test (BIST) circuit includes a signal generator circuit for generating a signal having bits in a defined pattern. A comparator circuit compares a pattern of bits of an output signal with the defined pattern. A BIST lane circuit monitors a status of the lanes. A BIST central circuit receives the status and determines if a number of lanes having an unmatched status is less than a threshold value. A phase extrapolator circuit adjusts a phase of the first clock signal when the number of the lanes is less than the threshold value.

Abstract: An integrated circuit includes a primary initiator domain (ID) circuit including having a processor core, a responder domain (RD) control circuit, and a reset controller. Secondary ID circuits, each include a processor core and a reset controller. RD circuitry is coupled to communicate with the primary ID circuit and the secondary ID circuits and includes RD resource circuits. The RD control circuit is configured to allocate each of the RD resource circuits to a first initiator domain consisting of the primary ID circuit or one of the secondary ID circuits, and when one of the secondary ID circuits enters a reset mode of operation, the RD resource circuit allocated to the one of the secondary ID circuits enters a reset while the remaining RD resource circuits are not affected by the reset.

Abstract: An information handling system may identify a process identifier of a client application that has requested a connection with the information handling system. The information handling system may obtain an access control list of a process associated with the process identifier. The information handling system may determine whether to establish a connection between the client application and the information handling system based, at least in part, on analysis of the access control list.

Abstract: Systems and methods for coalescing and/or aligning publications in a publication/subscription architecture to reduce the number of publication events and to improve the performance of microservices in a communications network are provided. A method, according to one implementation, includes the step of obtaining client-based tolerance input with respect to a plurality of subscriptions requested by a plurality of clients in a publication/subscription system. Based on the client-based tolerance input, the method also includes the step of adjusting the timing of publications to reduce the phase variability of the plurality of subscriptions.

Abstract: An information handling system may include at least one processor and a non-transitory, computer-reading medium having instructions thereon that are executable by the at least one processor for: providing access to one or more objects via a plurality of application programming interface (API) endpoints; receiving a call to a particular API endpoint from an app; and determining, based on a security identifier (SID) of the app, whether the call should be allowed; wherein the SID of the app is based on one or more custom capabilities defined in a manifest of the app.

Abstract: A one-time programmable (OTP) memory has a plurality of pages. A predefined section of each page is configured to store error policy bits. When an indicator in a first predefined location has a first value, the page is configured to store data with error correction code (ECC) bits, and when the indicator has a second value, at least a portion of the page is configured to store data with redundancy. Address translation circuitry is configured to, in response to receiving an access address, use a second predefined location of an accessed page of the plurality of pages accessed by the access address to determine a physical address in the accessed page which corresponds to the access address.

Abstract: An integrated circuit includes a primary initiator domain (ID) circuit including having a processor core, a responder domain (RD) control circuit, and a reset controller. Secondary ID circuits, each include a processor core and a reset controller. RD circuitry is coupled to communicate with the primary ID circuit and the secondary ID circuits and includes RD resource circuits. The RD control circuit is configured to allocate each of the RD resource circuits to a first initiator domain consisting of the primary ID circuit or one of the secondary ID circuits, and when one of the secondary ID circuits enters a reset mode of operation, the RD resource circuit allocated to the one of the secondary ID circuits enters a reset while the remaining RD resource circuits are not affected by the reset.

Abstract: A multi-lane transmitting apparatus includes lanes, and each lane includes a serializer circuit to convert parallel bits to serial bits. A clock signal generator generates a first clock signal having phases. A deserializer circuit converts serial bits to parallel bits. A Built-In Self-Test (BIST) circuit includes a signal generator circuit for generating a signal having bits in a defined pattern. A comparator circuit compares a pattern of bits of an output signal with the defined pattern. A BIST lane circuit monitors a status of the lanes. A BIST central circuit receives the status and determines if a number of lanes having an unmatched status is less than a threshold value. A phase extrapolator circuit adjusts a phase of the first clock signal when the number of the lanes is less than the threshold value.

Abstract: A method for automatically scaling a number of robots leveraging interactive sessions to be used within a system infrastructure, dynamically based on workload, is provided. The method includes: receiving a request for a number of robots to be provisioned within the system infrastructure; validating an availability of the requested number of robots; monitoring a CPU utilization and a memory utilization within the system infrastructure; adjusting the requested number of robots based on the CPU utilization and/or the memory utilization; and releasing the adjusted number of robots for facilitating use thereof to perform corresponding tasks within the system infrastructure.

Abstract: An integrated circuit includes a first processing domain configured to run a first operating system and a second processing domain configured to run a second operating system that is different than the first operating system. The integrated circuit further includes a time stamp timer circuit in the first processing domain configured to provide a first time stamp value to the first processing domain and an adjusted second time stamp value to the second processing domain. The time stamp timer circuit includes a timer adjust circuit configured to synchronize the adjusted second time stamp value when a power up signal is received by the time stamp timer circuit from the second processing domain.

Abstract: Systems and methods are provided for detecting the presence of a key logger program that is executing on a processing device of an information handling system by inputting simulated keystrokes to an information handling system with known key stroke characteristic/s (e.g., quantity of keystrokes as a function of time, keystroke data size as a function of time, and/or keystroke values as a function of time), and monitoring to detect resulting system activity characteristics that match the known key stroke characteristic/s of the simulated key strokes.

Abstract: Systems and methods are provided that may be implemented to secure a publicly-hosted web application so that it will render only within the determined context of a trusted client application. Such an authentication decision may be made, for example, using front-end web application code that is rendered in a client web view together with client application code to authenticate the client application context in which the web page is rendered. In this way, the web application may validate that it is being rendered in the context of a trusted and/or well-known client application rendering engine/environment.

Abstract: An information handling system may identify a process identifier of a client application that has requested a connection with the information handling system. The information handling system may obtain an access control list of a process associated with the process identifier. The information handling system may determine whether to establish a connection between the client application and the information handling system based, at least in part, on analysis of the access control list.

Abstract: An information handling system may include a processor to execute code of a threat level detection module to receive and store in memory labeled data descriptive of operating environment variables related to the information handling system including operating environment variables selected from a basic input/output system (BIOS) setting, an information handling system hardware setting, and at least one of an operating system (OS) environment setting, a developer tool access setting, or a network setting; the processor to determine, via execution of a machine learning process of the threat level detection module, a threat level value; and a security module associated with a first application executed on the information handling system to: map the threat level value with the first application; and adjust the security level associated with the first application based on the provided threat level value to modify security checks operating with the first application.

Abstract: Systems and methods are provided for detecting the presence of a key logger program that is executing on a processing device of an information handling system by inputting simulated keystrokes to an information handling system with known key stroke characteristic/s (e.g., quantity of keystrokes as a function of time, keystroke data size as a function of time, and/or keystroke values as a function of time), and monitoring to detect resulting system activity characteristics that match the known key stroke characteristic/s of the simulated key strokes.

Abstract: Pre-boot authentication at an information handling system is selectively bypassed based upon conditions detected at the information handling system that indicate a trusted environment. A security monitor integrated with the pre-boot authentication system detects predetermined conditions that authorize bypassing of the pre-boot authentication, such as location, behavior or password type indications of a trusted environment. In one embodiment, a password is input with touches to match a timing and position passcode, such as by mimicking a musical rhythm.

Abstract: Systems and methods to secure platform application services between platform client applications and platform services in an information handling system. The information handling system may include a client application that may transmit an application service request over an application services inter-process communication (IPC) channel. The information handling system may also include a server services application that may receive the application service request from the client application via the application services IPC channel. The server services application may query a publisher name of the client application and authenticate the client application based on the publisher name of the client application and a list of trusted client application publishers maintained by the server services application. When the client application is authenticated, the server services application may process the first application service request.