Abstract: A cross-domain solution architecture includes a higher-security domain and a lower-security domain. The higher-security domain (i) processes data on a higher-security level, and (ii) includes a hardware-based trusted executed environment (TEE) running a formally verified microkernel. The lower-security domain (i) processes data on a lower-security level having lower security than the higher-security level, and (ii) includes a trusted computer base (TCB). The TCB operates in the higher-security domain and the lower-security domain to pass data from the lower-security domain to the higher-security domain through a first data diode, and to pass data from the higher-security domain to the lower-security domain through a second data diode.

Abstract: The present disclosure presents blockchain-based cyber security management systems and related methods. One such method comprises obtaining cyber intelligence input data from a cyber defender computing device, wherein the cyber defender computing device manages network security of a network, wherein the cyber intelligence input data identifies a cyber attacker or a victim of a cyber attack on the network; executing one or more Cyber Security Management (CSM) functions with the cyber intelligence input data received from the cyber defender computing device and cyber data stored in the blockchain ledger, wherein the cyber data stored in the blockchain ledger provides details on a cyber attack on a network that is managed by another cyber defender computing device; and outputting an alert to the cyber defender computing device with a potential cyber attacker or potential victim of the cyber attack on the network managed by the cyber defender computing device.

Abstract: Disclosed herein are new methods and systems for detecting obfuscated programs. We build a recursive traversal disassembler that extracts the control flow graph of binary files. This allows us to detect the presence of interleaving instructions, which is typically an indication of the opaque predicate anti-disassembly trick. Our detection system uses some novel features based on referenced instructions and the extracted control flow graph that clearly distinguishes between obfuscated and normal files. When these are combined with a few features based on file structure, we achieve a very high detection rate of obfuscated files.

Abstract: Disclosed herein are new methods and systems for detecting obfuscated programs. We build a recursive traversal disassembler that extracts the control flow graph of binary files. This allows us to detect the presence of interleaving instructions, which is typically an indication of the opaque predicate anti-disassembly trick. Our detection system uses some novel features based on referenced instructions and the extracted control flow graph that clearly distinguishes between obfuscated and normal files. When these are combined with a few features based on file structure, we achieve a very high detection rate of obfuscated files.

Abstract: A computer-implemented method for detecting malicious websites includes collecting data from a website. The collected data includes application-layer data of a URL, wherein the application-layer data is in the form of feature vectors; and network-layer data of a URL, wherein the network-layer data is in the form of feature vectors. Determining if a website is malicious based on the collected application-layer data vectors and the collected network-layer data vectors.