Abstract: A lithium metal battery cell has an electrolyte and an anode comprising an anode current collector and a thin film metal layer formed on the anode current collector, the thin film metal layer consisting of a metal that forms a solid solution with lithium metal. The thin film metal layer is configured to promote dense lithium deposition between the thin film metal layer and the electrolyte during charging.

Abstract: A lithium metal battery cell has an electrolyte and an anode comprising an anode current collector and a composite interlayer formed on the anode current collector between the anode current collector and the electrolyte. The composite interlayer consists of conductive carbon and a metal additive, the composite interlayer configured to promote dense lithium deposition in the anode during charging. The metal additive in the composite interlayer is a metal that forms a solid solution with lithium metal.

Abstract: A method is provided for reducing memory consumption by a rule engine. The method includes receiving attack trees, each having nodes and edges. Each node represents a security event and is associated with a detection rule for detecting an occurrence thereof. Each edge connects a respective node pair. The method includes assigning a watchpoint to each leaf node. The method includes moving the watchpoint assigned to any leaf node to a next upstream node, responsive to detecting an occurrence of the security event represented by the leaf node. The method includes erasing the watchpoint assigned to all downstream nodes relative to the next upstream node, responsive to the next upstream node being connected to a next downstream node using an edge having an “OR” join type. Only the rules for nodes currently having the watchpoint assigned are loaded into a memory device during runtime, while excluding rules for remaining nodes.

Abstract: Techniques for analyzing data based on the vulnerability of the corresponding device are provided. A plurality of devices are classified into a plurality of groups based on respective measures of vulnerability associated with each device, and a respective weighting factor is determined for each respective group of the plurality of groups based at least in part on a number of devices included in the respective group. An evidentiary value of data received from a first device of the plurality of devices is modified, based on the respective weighting factor associated with the first device. Further, a probable state of a physical environment is determined, based in part on the data received from the first device.

Abstract: A computer-implemented method is provided for ensuring a particular service level provided by multiple devices. The method includes maintaining, by a database, complementation parameters for a set of device groups. Each of the device groups includes at least two devices such that one of the two devices can complement at least one functionality of another one of the at least two devices in a same one of the device groups. The method further includes monitoring, by a processor operatively coupled to the database, the devices in the device groups to detect device malfunctions. The method also includes, responsive to a detection of a malfunctioning device from among the device groups, ensuring, by the processor, the particular service level by changing complementation parameters of a corresponding one of the devices paired with the malfunctioning device.

Abstract: A system prevents divulgation of sensitive data in two snapshots, taken at different times, of one or more systems. The system identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes a difference with respect to each of the two snapshots. The system performs a pattern reducing process that removes, from the set, any file having, as the at least one difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The system performs a commonality reducing process that removes, from the set, any file having, as the at least one difference, a common difference between different system users. The system annotates data in remaining files in the set as potentially being sensitive data. The predetermined non-sensitive difference is determined using a Sandbox host. The common difference is determined using an actual one of the systems.

Abstract: Operation testing without side effects may be enabled by a method including preparing a copy of a directory set of at least a part of a host system disk, creating a link to a file in a first directory in the host system disk, in a second directory of the copy of the directory set, wherein the second directory corresponds in position to the first directory in the directory set, and starting a non-privileged system using a disk image including the copy of the directory set and the created link.

Abstract: Monitoring a process on an Internet of Things (IoT) device is performed by receiving, by the IoT device, a network data transfer from an external device; and receiving, by the IoT device, meta-information of the network data transfer. The meta-information can be generated, based on the network data transfer, by a network monitoring device. Additionally, the IoT device detects a file storing data of the network data transfer based on the meta-information. Further, the IoT device monitors a process relating to the detected file on the IoT device.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method performs a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method performs a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method annotates data in remaining files in the set as potentially being the sensitive data, subsequent to the reducing processes. The two snapshots include at least one Sandbox-based image.

Abstract: Monitoring a process on an Internet of Things (IoT) device is performed by receiving, by the IoT device, a network data transfer from an external device; and receiving, by the IoT device, meta-information of the network data transfer. The meta-information can be generated, based on the network data transfer, by a network monitoring device. Additionally, the IoT device detects a file storing data of the network data transfer based on the meta-information. Further, the IoT device monitors a process relating to the detected file on the IoT device.

Abstract: A computer-implemented method is provided for ensuring a particular service level provided by multiple devices. The method includes maintaining, by a database, complementation parameters for a set of device groups. Each of the device groups includes at least two devices such that one of the two devices can complement at least one functionality of another one of the at least two devices in a same one of the device groups. The method further includes monitoring, by a processor operatively coupled to the database, the devices in the device groups to detect device malfunctions. The method also includes, responsive to a detection of a malfunctioning device from among the device groups, ensuring, by the processor, the particular service level by changing complementation parameters of a corresponding one of the devices paired with the malfunctioning device.

Abstract: Techniques for analyzing data based on the vulnerability of the corresponding device are provided. A plurality of devices are classified into a plurality of groups based on respective measures of vulnerability associated with each device, and a respective weighting factor is determined for each respective group of the plurality of groups based at least in part on a number of devices included in the respective group. An evidentiary value of data received from a first device of the plurality of devices is modified, based on the respective weighting factor associated with the first device. Further, a probable state of a physical environment is determined, based in part on the data received from the first device.

Abstract: A computer-implemented method, a computer program product, and a computer system for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

Abstract: A system prevents divulgation of sensitive data in two snapshots, taken at different times, of one or more systems. The system identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes a difference with respect to each of the two snapshots. The system performs a pattern reducing process that removes, from the set, any file having, as the at least one difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The system performs a commonality reducing process that removes, from the set, any file having, as the at least one difference, a common difference between different system users. The system annotates data in remaining files in the set as potentially being sensitive data. The predetermined non-sensitive difference is determined using a Sandbox host. The common difference is determined using an actual one of the systems.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method includes identifying a set of files from among a plurality of file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method includes performing a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method includes performing a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method includes annotating data in remaining files in the set of files as potentially being the sensitive data, subsequent to the reducing processes.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method includes identifying a set of files from among a plurality of file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method includes performing a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method includes performing a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method includes annotating data in remaining files in the set of files as potentially being the sensitive data, subsequent to the reducing processes.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method identifies a set of files from among file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method performs a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method performs a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method annotates data in remaining files in the set as potentially being the sensitive data, subsequent to the reducing processes. The two snapshots include at least one Sandbox-based image.

Abstract: Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.

Abstract: A method is provided for reducing memory consumption by a rule engine. The method includes receiving attack trees, each having nodes and edges. Each node represents a security event and is associated with a detection rule for detecting an occurrence thereof. Each edge connects a respective node pair. The method includes assigning a watchpoint to each leaf node. The method includes moving the watchpoint assigned to any leaf node to a next upstream node, responsive to detecting an occurrence of the security event represented by the leaf node. The method includes erasing the watchpoint assigned to all downstream nodes relative to the next upstream node, responsive to the next upstream node being connected to a next downstream node using an edge having an “OR” join type. Only the rules for nodes currently having the watchpoint assigned are loaded into a memory device during runtime, while excluding rules for remaining nodes.

Abstract: A computer-implemented method, a computer program product, and a computer system for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.