Abstract: An example system includes a processor to receive a preprocessed query from a client device for a fully homomorphic encryption (FHE) encrypted database. The processor can execute the preprocessed query on the FHE encrypted database to generate a response. The processor can transmit a partially-processed response to the client device, which can post-process the query computation.

Abstract: A method for automatically migrating infrastructure as code (IaC) from a first cloud infrastructure platform to a second cloud infrastructure platform is provided. The method may include receiving an original IaC comprising a first type of coding language. The method may further include using natural language processing to map a connection between the first type of coding language and a second type of coding language. The method may further include based on the mapped connection, using the NLP to automatically generate a partial translation of the first type of coding language to the second type of coding language. The method may further include using a machine learning algorithm to correct at least one inaccuracy in the partial translation. The method may further include generating a complete translation and implementing a second IaC on the second cloud infrastructure platform based on the complete translation.

Abstract: A method comprising: receiving an input tensor having a shape defined by [n1, ...,nk], where k is equal to a number of dimensions that characterize the input tensor; receiving tile tensor metadata comprising: a tile tensor shape defined by [t1, ..., tk], and information indicative of an interleaving stride to be applied with respect to each dimension of the tile tensor; constructing an output tensor comprising a plurality of the tile tensors, by applying a packing algorithm which maps each element of the input tensor to at least one slot location of one of the plurality of tile tensors, based on the tile tensor shape and the interleaving stride, wherein the interleaving stride results in non-contiguous mapping of the elements of the input tensor, such that each of the tile tensors includes a subset of the elements of the input tensor which are spaced within the input tensor according to the interleaving stride.

Abstract: The present invention relates to novel techniques for monitoring changes to source code of Infrastructure as Code systems to detect attempted anomalous changes and block such changes from the code. For example, a method may comprise learning a security architecture and history of an infrastructure as code system to be deployed in at least one cloud account, monitoring changes to source code of the infrastructure as code system that are made before deployment of the infrastructure as code system to detect an anomaly, determining whether the detected anomaly affects regulated resources of the infrastructure as code system, and blocking changes to the source code of the infrastructure as code system that produce the detected anomaly that affects regulated resources of the infrastructure as code system.

Abstract: An example system includes a processor to receive, at a setup or sign-up, a first cipher including a biometric template transformed using a first transformation and encrypted using a secret key, a second cipher including a security vector encrypted using the secret key, a third cipher including the biometric template transformed using a second transformation and encrypted, and a fourth cipher including an encrypted second security vector. The processor can receive, at a runtime or sign-in, a fifth cipher and a sixth cipher. The processor can verify that the fifth cipher includes a second biometric template transformed using the first transformation and encrypted using the secret key and that the sixth cipher includes the second biometric template transformed using the second transformation by testing a format attribute of the transformation functions using comparisons of inner products.

Abstract: Privacy-preserving homomorphic inferencing utilizes batch processing on encrypted data records. Each data record has a private data portion of interest against which the inferencing is carried out. Batch processing is enabled with respect to a set of encrypted data records by techniques that ensure that each encrypted data record has its associated private data portion in a unique location relative to the other data records. The set of encrypted data records are then summed to generate a single encrypted data record against which the inferencing is done. In a first embodiment, the private data portions of interest are selectively and uniquely positioned at runtime (when the inferencing is being applied). In a second embodiment, the private data portions of interest are initially positioned with the data-at-rest, preferably in an off-line process; thereafter, at runtime individual encrypted data records are processed as necessary to adjust the private data portions to unique positions prior to batching.

Abstract: An efficient packing method that will optimize use of the homomorphic encryption ciphertext slots, trading-off size, latency, and throughput. Technology for working with tensors (multi-dimensional arrays) in a system that imposes tiles, that is, fixed-size vectors. An example of a system that imposes tiles are homomorphic encryption schemes, where each ciphertext encrypts a vector of some fixed size. The tensors are packed into tiles and then manipulated via operations on those tiles. Also, syntax for notation for describing packing details. This technology interprets the tiles as multi-dimensional arrays, and combines them to cover enough space to hold the tensor. An efficient summation algorithm can then sum over any dimension of this tile tensor construct that exists in the physical or logical addressing space of a computer data memory.

Abstract: An efficient packing method that will optimize use of the homomorphic encryption ciphertext slots, trading-off size, latency, and throughput. Technology for working with tensors (multi-dimensional arrays) in a system that imposes tiles, that is, fixed-size vectors. An example of a system that imposes tiles are homomorphic encryption schemes, where each ciphertext encrypts a vector of some fixed size. The tensors are packed into tiles and then manipulated via operations on those tiles. Also, syntax for notation for describing packing details. This technology interprets the tiles as multi-dimensional arrays, and combines them to cover enough space to hold the tensor. An efficient summation algorithm can then sum over any dimension of this tile tensor construct that exists in the physical or logical addressing space of a computer data memory.

Abstract: The present invention relates to novel techniques for monitoring changes to source code of Infrastructure as Code systems to detect attempted anomalous changes and block such changes from the code. For example, a method may comprise learning a security architecture and history of an infrastructure as code system to be deployed in at least one cloud account, monitoring changes to source code of the infrastructure as code system that are made before deployment of the infrastructure as code system to detect an anomaly, determining whether the detected anomaly affects regulated resources of the infrastructure as code system, and blocking changes to the source code of the infrastructure as code system that produce the detected anomaly that affects regulated resources of the infrastructure as code system.

Abstract: Embodiments may include techniques to prevent illegal ciphertexts using distance computations on homomorphic and/or functional encrypted templates while detecting whether the resulting distance does not meet requirements for validity.

Abstract: Embodiments may provide distance computations on homomorphic and/or functional encrypted vectors while detecting whether the resulting distance has wrapped around due to the vectors having elements not in an allowed range. A method of user authentication processing may comprise receiving and storing enrollment information from a client computer system, the enrollment information comprising a template of authentication data and at least one additional encrypted vector, receiving an additional template to be used to authenticate the user from the client computer system, authenticating the user using the received additional template using the stored template and the stored at least one additional encrypted vector, and determining that authentication is successful when the received additional template matches the stored template and is valid based on the stored at least one additional encrypted vector.

Abstract: Embodiments may provide techniques to detect cyber-security events in IoT data traffic that provide improved detection accuracy and preservation of privacy.

Abstract: Embodiments may provide techniques that may provide more accurate and actionable alerts by cloud workload security systems so as to improve overall cloud workload security. For example, in an embodiment, a method may be implemented in a computer system comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, and the method may comprise generating performance and security information relating to a software system during development of the software system, generating performance and security information relating to the software system during deployed operation of the software system, matching the performance and security information generated during development of the software system with the performance and security information generated during deployed operation of the software system to determine performance and security alerts to escalate, and reporting the escalated performance and security alerts.

Abstract: Embodiments of the present systems and methods may provide encrypted biometric information that can be stored and used for authentication with undegraded recognition performance. For example, in an embodiment, a method may comprise storing a plurality of encrypted trained weights of a neural network classifier, wherein the weights have been trained using biometric information representing at least one biometric feature of a person, receiving encrypted biometric information obtained by sampling at least one biometric feature of the person and encrypting the sampled biometric feature, obtaining an match-score using the encrypted trained neural network classifier, the match-score indicating a probability that the received encrypted biometric information matches the stored encrypted biometric information, and authenticating the person when the probability that received encrypted biometric information matches the stored encrypted biometric information exceeds a threshold.

Abstract: Embodiments may include techniques to prevent illegal ciphertexts using distance computations on homomorphic and/or functional encrypted templates while detecting whether the resulting distance does not meet requirements for validity.

Abstract: Embodiments may provide distance computations on homomorphic and/or functional encrypted vectors while detecting whether the resulting distance has wrapped around due to the vectors having elements not in an allowed range. A method of user authentication processing may comprise receiving and storing enrollment information from a client computer system, the enrollment information comprising a template of authentication data and at least one additional encrypted vector, receiving an additional template to be used to authenticate the user from the client computer system, authenticating the user using the received additional template using the stored template and the stored at least one additional encrypted vector, and determining that authentication is successful when the received additional template matches the stored template and is valid based on the stored at least one additional encrypted vector.

Abstract: An example system includes a processor to receive, at a setup or sign-up, a first cipher including a biometric template transformed using a first transformation and encrypted using a secret key, a second cipher including a security vector encrypted using the secret key, a third cipher including the biometric template transformed using a second transformation and encrypted, and a fourth cipher including an encrypted second security vector. The processor can receive, at a runtime or sign-in, a fifth cipher and a sixth cipher. The processor can verify that the fifth cipher includes a second biometric template transformed using the first transformation and encrypted using the secret key and that the sixth cipher includes the second biometric template transformed using the second transformation by testing a format attribute of the transformation functions using comparisons of inner products.

Abstract: A data manager determines an appropriate number of clusters for continuous data using unsupervised learning. The data manager selects an appropriate number of clusters based on at least one temporal stability measure between continuous data from at least two time intervals.

Abstract: Embodiments may provide techniques to detect cyber-security events in IoT data traffic that provide improved detection accuracy and preservation of privacy.

Abstract: Systems for generating attack event logs are disclosed. An example system includes a storage device for storing an event log template. The system also includes a processor to receive a selection of the event log template, and receive an attack description comprising user instructions to fabricate synthetic log entries according to a format defined in the event log template. The attack description includes variables and rules for determining values for the variables. The processor generates the attack event log by determining values that satisfy the rules and writing the values into selected fields of the event log template.