Abstract: An approach is provided that receives a set of user information pertaining to a user. The received set of information is encoded into a neural network and the neural network is trained using the encoded user information. As an output of the trained neural network, passwords corresponding to the user are generated.

Abstract: Generating an attack graph to protect sensitive data objects from attack is provided. The attack graph that includes nodes representing components in a set of components of a regulated service and edges between nodes representing relationships between related components in the set of components is generated based on vulnerability and risk metrics corresponding to each component. A risk score is calculated for each component represented by a node in the attack graph based on sensitivity rank and criticality rank corresponding to each respective component. Risk scores are aggregated for each component along each edge path connecting a node of a particular component to a node of a related component. In response to determining that an aggregated risk score of a component is greater than or equal to a risk threshold, an action is performed to mitigate a risk to sensitive data corresponding to the component posed by an attack.

Abstract: Log(s) of IT events are accessed in a distributed system that includes a distributed application. The distributed system includes multiple data objects. The distributed application uses, processes, or otherwise accesses one or more of data objects. The IT events concern the distributed application and concern accesses by the distributed application to the data object(s). The IT events are correlated with a selected set of the data objects. Risks are estimated to the selected set of data objects based on the information technology events. Estimating risks uses at least ranks of compliance rules as these rules apply to the data objects in the system, and vulnerability scores of systems corresponding to the set of data objects and information technology events. Information is output that allows a user to determine the estimated risks for the selected set of data objects. Techniques for determining ranks of compliance rules are also disclosed.

Abstract: Portions of code in an original application are randomized to generate a randomized version of the original application, wherein the randomizing does not modify expected behavior of the original application. Digital signature(s) are generated that attest to integrity of the randomized version. The digital signature(s) and either the original application or the randomized version are sent to a user device for execution or denial of execution of the randomized version based on the digital signature(s). At the user device, the randomized version is created if not received. The randomized version of the application is verified by the user device using the digital signature(s). The randomized version is executed by the user device in response to the digital signature(s) being verified or not executing the randomized version in response to the digital signature(s) not being verified.

Abstract: A method sanitizes a virtualized composite service. One or more processors provide a sanitization policy for each image within the virtualized composite service. The processor(s) analyze sanitization policies for multiple images in the virtualized composite service in order to detect inconsistencies among the sanitization policies. The processor(s), in response to finding inconsistencies between the sanitization policies, resolve the inconsistencies to produce a consistent sanitization policy, and then use the consistent sanitization policy to sanitize the virtualized composite service to create a sanitized virtualized composite service. The processor(s) receive a request for the virtualized composite service from a requester, and then respond to the request for the virtualized composite service by returning the sanitized virtualized composite service to the requester.

Abstract: A computer-implemented method sanitizes memory in a cloud environment. One or more processors in a computer receive a hypercall resulting from a call from an application running in a computer. The hypercall is to a hypervisor that manages a virtual memory. The hypercall directs the hypervisor to sanitize data in the virtual memory, where sanitizing the data applies a data remanence policy that prevents remanence data in the virtual memory from being accessed by an unauthorized user. In response to receiving the hypercall, one or more processors sanitize the data in the virtual memory that is allocated for use by the application.

Abstract: Mechanisms are provided to detect a potentially fraudulent voice conversation. The mechanisms process a corpus of electronic information to extract a fraud feature representative of at least one fraudulent activity, receive a first voice input from a user, and convert the first voice input into a textual representation of the first voice input and a set of behavioral speech characteristics associated with the user. The mechanisms generate a speech model for the user based on the textual representation and the behavioral speech characteristics, receive a second voice input from an entity requesting access to resources associated with the user, and evaluate the second voice input based on the speech model for the user and the fraud feature. The mechanisms generate an output indicating whether or not the entity is the user based on results of the evaluation.

Abstract: An approach is provided that receives a set of user information pertaining to a user. The received set of information is encoded into a neural network and the neural network is trained using the encoded user information. As an output of the trained neural network, passwords corresponding to the user are generated.

Abstract: A method for anomaly detection on a system or application used by a plurality of users includes providing an access to a memory device storing user data samples of a usage of the system or application for all users of the plurality of users. A target user is selected from among the plurality of users, using a processor on a computer, with data samples of the target user forming a cluster of data points in a data space. The data samples for the target user are used to generate a normal sample data set as training data set for training a model for an anomaly detection monitor for the target user. A local outlier factor (LOF) function is used to generate an abnormal sample data set for training the anomaly detection monitor for the target user.

Abstract: One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

Abstract: A method (and structure) generates a classifier for an anomalous detection monitor for a target user on a system or application used by a plurality of users and includes providing an access to a memory device storing user data samples for all users of the plurality of users. A target user is selected from among the plurality of users. Data samples for the target user and data samples for other users of the plurality of users are used to generate a normal sample data set and an abnormal (anomalous) sample data set to serve as a training data set for training a model for an anomaly detection monitor for the target user.

Abstract: Generating an attack graph to protect sensitive data objects from attack is provided. The attack graph that includes nodes representing components in a set of components of a regulated service and edges between nodes representing relationships between related components in the set of components is generated based on vulnerability and risk metrics corresponding to each component. A risk score is calculated for each component represented by a node in the attack graph based on sensitivity rank and criticality rank corresponding to each respective component. Risk scores are aggregated for each component along each edge path connecting a node of a particular component to a node of a related component. In response to determining that an aggregated risk score of a component is greater than or equal to a risk threshold, an action is performed to mitigate a risk to sensitive data corresponding to the component posed by an attack.

Abstract: Generating an attack graph is provided. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics corresponding to each component in the set of components of the regulated service is identified. The attack graph that includes nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between related components in the set of components is generated based on the vulnerability and risk metrics corresponding to each component in the set of components.

Abstract: An approach is provided that receives audible signals from a microphone at a device. The approach compares the received audible signals to an expected audio signal, with the expected audio signal being a first segment playing at the device. A determination is made whether, based on the comparison, the first segment was played at an audible level at the device. If the first segment was audibly played, then the approach plays additional audible content (a second segment, etc.). On the other hand, if the first segment was inaudible, then the approach inhibits further playing of audible content, such as the second segment.

Abstract: A computer-implemented method sanitizes memory in a cloud environment. One or more processors in a computer receive a hypercall resulting from a call from an application running in a computer. The hypercall is to a hypervisor that manages a virtual memory. The hypercall directs the hypervisor to sanitize data in the virtual memory, where sanitizing the data applies a data remanence policy that prevents remanence data in the virtual memory from being accessed by an unauthorized user. In response to receiving the hypercall, one or more processors sanitize the data in the virtual memory that is allocated for use by the application.

Abstract: Mechanisms are provided to detect a potentially fraudulent voice conversation. The mechanisms process a corpus of electronic information to extract a fraud feature representative of at least one fraudulent activity, receive a first voice input from a user, and convert the first voice input into a textual representation of the first voice input and a set of behavioral speech characteristics associated with the user. The mechanisms generate a speech model for the user based on the textual representation and the behavioral speech characteristics, receive a second voice input from an entity requesting access to resources associated with the user, and evaluate the second voice input based on the speech model for the user and the fraud feature. The mechanisms generate an output indicating whether or not the entity is the user based on results of the evaluation.

Abstract: A method sanitizes a virtualized composite service. One or more processors provide a sanitization policy for each image within the virtualized composite service. The processor(s) analyze sanitization policies for multiple images in the virtualized composite service in order to detect inconsistencies among the sanitization policies. The processor(s), in response to finding inconsistencies between the sanitization policies, resolve the inconsistencies to produce a consistent sanitization policy, and then use the consistent sanitization policy to sanitize the virtualized composite service to create a sanitized virtualized composite service. The processor(s) receive a request for the virtualized composite service from a requester, and then respond to the request for the virtualized composite service by returning the sanitized virtualized composite service to the requester.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in software components of an application based on a static code analysis identifying start and end operations on sensitive data in the software components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the software components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the software components of the application. A dynamic code analysis is performed on the application during execution of the application to prevent executing source code of the application from recording in the audit logs the sensitive data processed by the application.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in components of an application based on a static code analysis identifying start and end operations on sensitive data in the components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the components of the application.

Abstract: Sanitizing a virtual machine image of sensitive data is provided. Labeling dependencies and sanitization dependencies between a plurality of software components in the virtual machine image are identified based on labeling execution policies located in a labeler module and sanitization execution policies located in a sanitizer module, respectively. The labeler module and the sanitizer module are inserted in the virtual machine image. A sensitivity level label of a plurality of sensitivity labels is attached to identified sensitive data from the sensitive data contained in the virtual machine image based on the identified labeling dependencies. In response to receiving an input to perform a sanitization of the identified sensitive data having attached sensitivity level labels contained in the virtual machine image, the sanitization of the identified sensitive data having the attached sensitivity level labels contained in the virtual machine image is performed based on the identified sanitization dependencies.