Abstract: A method, system and apparatus are disclosed. According to one or more embodiments, a data node is provided. The data node includes processing circuitry configured to: receive an anomaly estimation for a first privatized dataset, the first private dataset being based on a dataset and a first noise profile, apply a second noise profile to the dataset to generate a second privatized dataset, the second noise profile being based at least on the anomaly estimation, and optionally cause transmission of the second privatized dataset for anomaly estimation.

Abstract: A method, system and apparatus are disclosed. According to one or more embodiments, a detection node in communication with a network function virtualization, NFV, system operating a NFV stack that is logically separable into a plurality of levels including a first level and a second level is provided. The detection node includes processing circuitry configured to: translate an executed first level event sequence to at least one translated second level event sequence, and compare the at least one translated second level event sequence to an executed second level event sequence to at least in part detect inconsistencies between the at least one translated second level event sequence and the executed second level event sequence where the executed second level event sequence and the executed first level event sequence being part of a multi-level sequence flow.

Abstract: A method, computing device and system are disclosed for evaluating security of virtual infrastructures of tenants in a cloud environment. At least one security metric may be calculated for virtual infrastructures of a tenant based on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure. At least one security parameter may be evaluated for the first tenant based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the first tenant relative to the at least one other tenant in the multi-tenant virtualized infrastructure.

Abstract: Systems and methods for verifying the validity of a network link are described herein. A verification packet and an associated packet handling flow can be generated and added to a network in order to investigate a link between network nodes (e.g. switches).

Abstract: A method, system and apparatus are disclosed. In one or more embodiments, a differential privacy, DP, node is provided. The DP node includes processing circuitry configured to: receive a query request; receive a first input corresponding to a utility parameter; receive a second input corresponding to a privacy parameter; select a baseline DP mechanism type based at least on a query request type of the query request, the first input and the second input, where the baseline DP mechanism type includes at least a noise parameter; generate a noise distribution based on the baseline DP mechanism type using a first value of the noise parameter; and determine a DP query result based on applying the noise distribution to the query request applied on a data set.

Abstract: Systems and methods for anonymizing data are provided herein. A network node can receive privacy constraints from a data owner and utility requirements from at least one data processor. An anonymization mechanism can be selected for each data attribute in a data set, based on its specified privacy constraint and/or utility requirement, from the available anonymization mechanism(s) appropriate for its associated attribute type.

Abstract: A node including processing circuitry configured to: generate anonymized data based at least in part on a first cryptographic key and network data, calculate a coordination vector, generate initialized data based at least in part on the anonymized data, a second cryptographic key and the coordination vector, transmit the initialized data, the random vector, a security policy and instructions to analyze n iterations of the initialized data and the security policy using the random vector and the second cryptographic key, and receive results of the analysis of the n iterations of the initialized data and the security policy using the random vector and the second cryptographic key. The analysis of an m iteration of the n iterations correspond to an analysis of the initialized data with prefix preservation where the analysis of the remaining iterations of the n iterations fail to be prefixed preserved.

Abstract: A node includes processing circuitry configured to encrypt first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data and anonymize the first encrypted data to generate anonymized data where the anonymizing of the first encrypted data includes segmenting the first encrypted data and the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier, encrypt the anonymized data using a second cryptographic key to generate encrypted anonymized data, transmit the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key, receive analysis data resulting from the analysis of the encrypted anonymized data, and determine verification results from the received analysis data.

Abstract: A node includes processing circuitry configured to encrypt first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data and anonymize the first encrypted data to generate anonymized data where the anonymizing of the first encrypted data includes segmenting the first encrypted data and the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier, encrypt the anonymized data using a second cryptographic key to generate encrypted anonymized data, transmit the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key, receive analysis data resulting from the analysis of the encrypted anonymized data, and determine verification results from the received analysis data.

Abstract: A method, computing device and system are disclosed for evaluating security of virtual infrastructures of tenants in a cloud environment. At least one security metric may be calculated for virtual infrastructures of a tenant based on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure. At least one security parameter may be evaluated for the first tenant based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the first tenant relative to the at least one other tenant in the multi-tenant virtualized infrastructure.

Abstract: Systems and methods for verifying the validity of a network link are described herein. A verification packet and an associated packet handling flow can be generated and added to a network in order to investigate a link between network nodes (e.g. switches).

Abstract: A node including processing circuitry configured to: generate anonymized data based at least in part on a first cryptographic key and network data, calculate a coordination vector, generate initialized data based at least in part on the anonymized data, a second cryptographic key and the coordination vector, transmit the initialized data, the random vector, a security policy and instructions to analyze n iterations of the initialized data and the security policy using the random vector and the second cryptographic key, and receive results of the analysis of the n iterations of the initialized data and the security policy using the random vector and the second cryptographic key. The analysis of an m iteration of the n iterations correspond to an analysis of the initialized data with prefix preservation where the analysis of the remaining iterations of the n iterations fail to be prefixed preserved.

Abstract: A method for a survey server for managing query communications between at least a requester server and at least one data holding entity is provided. The requester server holds a first share of a private key and the survey server holds a second share of the private key. An encrypted query is received and then forwarded to at least one data holding entity. A plurality of comparison responses is received. Each comparison response is generated by a private comparison protocol that compares the encrypted query with encrypted data. The encrypted data having been encrypted using the public key. Each comparison response having been partially decrypted with the first share of the private key and placed in the array in a randomized order. The array is decrypted using the second share of the private key. At least one result of the query is determined.

Abstract: A method for a survey server for managing query communications between at least a requester server and at least one data holding entity is provided. The requester server holds a first share of a private key and the survey server holds a second share of the private key. An encrypted query is received and then forwarded to at least one data holding entity. A plurality of comparison responses is received. Each comparison response is generated by a private comparison protocol that compares the encrypted query with encrypted data. The encrypted data having been encrypted using the public key. Each comparison response having been partially decrypted with the first share of the private key and placed in the array in a randomized order. The array is decrypted using the second share of the private key. At least one result of the query is determined.

Abstract: A computer based system accelerates code execution by speeding up method calls. A virtual machine includes a loader, interpreter and a thread manager. The loader constructing a hash-table using method signatures, and the interpreter searching the hash-table for locating methods. The interpreter using a method call cache having a pointer to a receiver for accelerating code execution. The thread manager using a depth level for accelerating locking state transitions.