Abstract: In an example, there is disclosed a system and method for providing a service-oriented architecture, including request/response, over a publish/subscribe framework. In one embodiment, a system is disclosed for adding layers upon a publish/subscribe messaging framework for sophisticated messaging such as point-to-point (request/response) and the ability to query for available services, in a reliable, scalable manner.

Abstract: In an example, a context-aware network is disclosed, including threat intelligence services provided over a data exchange layer (DXL). The data exchange layer may be provided on an enterprise service bus, and may include services for classifying objects as malware or not malware. One or more DXL brokers may provide messaging services including, for example, publish-subscribe messaging and request-response messaging. Advantageously, DXL endpoint devices must make very few assumptions about other DXL endpoint devices.

Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.

Abstract: Technologies for privacy-safe security policy evaluation include a cloud analytics server, a trusted data access mediator (TDAM) device, and one or more client devices. The cloud analytics server curries a security policy function to generate a privacy-safe curried function set. The cloud analytics server requests parameter data from the TDAM device, which collects the parameter data, identifies sensitive parameter data, encrypts the sensitive parameter data, and transmits the encrypted sensitive parameter data to the cloud analytics server. The cloud analytics server evaluates one or more curried functions using non-sensitive parameters to generate one or more sensitive functions that each take a sensitive parameter. The cloud analytics server transmits the sensitive functions and the encrypted sensitive parameters to a client computing device, which decrypts the encrypted sensitive parameters and evaluates the sensitive functions with the sensitive parameters to return a security policy.

Abstract: In one embodiment, a system includes: a processor; a security processor to execute in a trusted executed environment (TEE), the security processor to execute memory reference code (MRC) stored in a secure storage of the TEE to train a memory coupled to the processor; and the memory coupled to the processor. Other embodiments are described and claimed.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: Premise-based policies can be applied in the management of mobile devices and other computing devices within a system. A computing device is detected using close proximity wireless communication and location information is sent to the computing device using close proximity wireless communication. Policies applied to the computing device can be based at least in part on the location information.

Abstract: In an example, a context-aware network is disclosed, including threat intelligence services provided over a data exchange layer (DXL). The data exchange layer may be provided on an enterprise service bus, and may include services for classifying objects as malware or not malware. One or more DXL brokers may provide messaging services including, for example, publish-subscribe messaging and request-response messaging. Advantageously, DXL endpoint devices must make very few assumptions about other DXL endpoint devices.

Abstract: In an example, there is disclosed a system and method for providing a service-oriented architecture, including request/response, over a publish/subscribe framework. In one embodiment, a system is disclosed for adding layers upon a publish/subscribe messaging framework for sophisticated messaging such as point-to-point (request/response) and the ability to query for available services, in a reliable, scalable manner.

Abstract: In an example, there is disclosed a method or system for merging multiple system trees of different resources based in multiple locations over a data exchange layer. In one embodiment, there is disclosed a system for merging assets of different types within one or more tree-based locations. For example, an end node may be represented in a single location, a single message broker may provide services for and be represented in multiple locations. The asset to asset relationships within merged trees may be used to ensure availability of services and visualization of the system for management purposes.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: A tracking station detects a mobile data processing system (DPS) within communication range of a short range wireless module of the tracking station. In response to detecting the mobile DPS, the tracking station obtains identification data for the mobile DPS from a security module of the mobile DPS. The tracking station uses the identification data to obtain credentials to access secure storage on the mobile DPS. The tracking station automatically generates security configuration data for the mobile DPS, based on multiple factors pertaining to the mobile DPS, such as identity of the mobile DPS, a location of the mobile DPS, capabilities of the mobile DPS, etc. The tracking station uses the credentials to write the security configuration data to the secure storage of the mobile DPS. The security configuration data calls for the mobile DPS to automatically disable or enable at least one component. Other embodiments are described and claimed.

Abstract: In an example, a system and method are disclosed for location-based security for devices such as portable devices. A portable device may be provided with a short-range transceiver (such as RIFD) that is detectable when a user enters or exits an area. The device may also include an encrypted storage divided into a plurality of discrete units. Upon entering an area, the devices identity and location are provided to a policy server. In response, the policy server may wirelessly provide security tokens to the portable device that enable decryption of specific storage units authorized for access in that area. When a user passes back through a portal to the area, the security tokens are revoked, so that access to secured units of the storage is restricted.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: A query from a particular mobile device is identified that indicates an attempt, by the particular mobile device, to access a particular application. It is determined whether the particular application has been assessed for inclusion in one or more of the plurality of whitelists and, based on the determination, an assessment of the particular application can be performed, which can include accessing a copy of the particular application and assessing the copy of the particular application to identify one or more attributes of the particular application. For each of a plurality of whitelists, a determination is made whether the particular application should be included in the whitelist based on the attributes. Each whitelist can be associated with a respective one of a plurality of entities and based on a policy corresponding to the respective entity, each entity is associated with a respective plurality of mobile devices.

Abstract: Premise-based policies can be applied in the management of mobile devices and other computing devices within a system. A computing device is detected using close proximity wireless communication and location information is sent to the computing device using close proximity wireless communication. Policies applied to the computing device can be based at least in part on the location information.

Abstract: A system, method, and computer program product are provided for conditionally preventing the transfer of data. In use, a request to transfer data is identified. In addition, a location of the data is determined. Further, the transfer of the data is conditionally prevented based on the location.

Abstract: A combination of shim and back-end server applications may be used to identify and block the installation of malicious applications on mobile devices. In practice, a shim application registers with a mobile device's operating system to intercept application installation operations. Upon intercepting an attempted installation operation, the shim application identifies the application seeking to be installed, generates a key uniquely identifying the application, and transmits the key over a network connection to a back-end server. The back-end server may be configured to crawl the Internet to identify malicious applications and compile and maintain a database of such applications. Upon receiving a key from the shim application, the back-end server can search its database to locate a matching application and, if found, respond to the mobile device with the application's status (e.g., malicious or not). The shim application can utilize this information to allow or block installation of the application.

Abstract: A system, method, and computer program product are provided for conditionally preventing the transfer of data. In use, a request to transfer data is identified. In addition, a location of the data is determined. Further, the transfer of the data is conditionally prevented based on the location.

Abstract: An application is identified as installed on a particular mobile device. An action involving the application is identified, the action to be performed using the particular mobile device. It is determined whether the action is an approved action based on at least one policy associated with the particular mobile device. A determination that the action is unapproved can results in an attempt to prevent the action. Further, in certain instances, a whitelist or blacklist can be generated based on determinations of whether identified application actions conform to one or more policies associated with the particular mobile device.