Abstract: Described are techniques for application hardening. The techniques include generating application traces using fuzzing for an application with a known security vulnerability, where the application traces include good traces that do not result in exploitation of the known security vulnerability and bad traces that result in exploitation of the known security vulnerability. The techniques further include identifying code segments that are executed by the bad traces and not executed by the good traces. The techniques further include modifying the identified code segments using binary rewriting.

Abstract: Described herein is a topic evaluation engine that operates in connection with a messaging service by analyzing individual text-based messages, received during a text-based communication session, to identify various message characteristics of each text-based message, and/or to infer one or more topics to which each message relates. Each message that is determined to have a particular message characteristic is then forwarded to any application that previously subscribed with the messaging service to receive messages having the specific message characteristic. Similarly, each message that is associated with a specific topic is distributed to any application integrated with the messaging service that has previously subscribed with the messaging service to receive messages relating to the specific topic. The integrated applications can then process the message and provide enhanced functionality.

Abstract: A critical-object guided operating system fuzzing method, system, and computer program product for guiding an operating system fuzzer to find security-related bugs in a kernel space of the operating system that includes identifying critical/sensitive objects, determining binary code addresses that result in access to the critical/sensitive objects, and executing the operating system fuzzer based on the binary code addresses.

Abstract: Described are techniques for dynamic quarantining of containers. The techniques include a system including a plurality of computing nodes configured to implement a plurality of queued containers. The system further includes a container scheduler comprising at least one plugin, where the at least one plugin is configured to cause the container scheduler to perform a method including assigning cybersecurity risk scores to the plurality of queued containers. The method further includes assigning cybersecurity risk tolerances to the plurality of computing nodes. The method further includes scheduling the plurality of queued containers to the plurality of computing nodes based on compatible combinations of the cybersecurity risk scores and the cybersecurity risk tolerances.

Abstract: A method to test an OS kernel interface, such as an eBPF helper function. The interface has a grammar that defines the kernel interface. Testing is carried out using eBPF code that invokes and tests the interface using a fuzzing engine. To facilitate the process, additional user space code is configured to generate at least one kernel event that triggers the eBPF code to run, and to transform inputs from the fuzzing engine according to the grammar that defines the kernel interface. After loading the eBPF code into the OS kernel, the user space code issues the kernel event that causes the eBPF code to run. In response, and as the fuzzing engine executes, the eBPF code records arguments sent to the OS kernel through the kernel interface. The arguments are passed through a data structure shared by the eBPF code and the user space code. By recording the arguments and other diagnostic information, the security of the kernel interface is evaluated.

Abstract: A method, apparatus and computer program product for scheduling placement of containers in association with a set of hosts. The technique utilizes metrics that characterize container-specific risks. A first metric is a host interface risk for a container that quantifies how similar or dissimilar the container is relative to other containers running on a host. Preferably, host interface risk is derived with respect to a system call interface comprising a set of system calls, and the metric is based at least in part on a measure of dissimilarity among system calls. A second metric is a data sensitivity score that quantifies a degree to which sensitive data accesses are associated to the container. Based at least in part on the host interface risk scores and the data sensitivity scores, one or more containers are automatically scheduled for placement on the set of hosts to minimize security risk for the set of hosts.

Abstract: Described are techniques for application hardening. The techniques include generating application traces using fuzzing for an application with a known security vulnerability, where the application traces include good traces that do not result in exploitation of the known security vulnerability and bad traces that result in exploitation of the known security vulnerability. The techniques further include identifying code segments that are executed by the bad traces and not executed by the good traces. The techniques further include modifying the identified code segments using binary rewriting.

Abstract: A method, computer system, and a computer program product for data processing, comprising obtaining a plurality of files from a data source. These files are analyzed the files for information about the content and in order to determine structural information of each file. Once the files have been analyzed, information in each file may be sorted and categorized by common content. Sensitive information may also be extracted and categorized separately. Information may then be then merged using the categories to create a single unified file.

Abstract: An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.

Abstract: Systems and methods for robotic path planning are disclosed. In some implementations of the present disclosure, a robot can generate a cost map associated with an environment of the robot. The cost map can comprise a plurality of pixels each corresponding to a location in the environment, where each pixel can have an associated cost. The robot can further generate a plurality of masks having projected path portions for the travel of the robot within the environment, where each mask comprises a plurality of mask pixels that correspond to locations in the environment. The robot can then determine a mask cost associated with each mask based at least in part on the cost map and select a mask based at least in part on the mask cost. Based on the projected path portions within the selected mask, the robot can navigate a space.

Abstract: Systems and methods assisting a robotic apparatus are disclosed. In some exemplary implementations, a robot can encounter situations where the robot cannot proceed and/or does not know with a high degree of certainty it can proceed. Accordingly, the robot can determine that it has encountered an error and/or assist event. In some exemplary implementations, the robot can receive assistance from an operator and/or attempt to resolve the issue itself. In some cases, the robot can be configured to delay actions in order to allow resolution of the error and/or assist event.

Abstract: Provided herein are N-(2-aminophenyl)-prop-2-enamide derivatives, such as those of Formula (I), methods for the synthesis thereof, and uses thereof in the treatment of cancer, such as SALL4-expressing cancer, in a cell or subject in need thereof.

Abstract: Multiple execution traces of an application are accessed. The multiple execution traces have been collected at a basic block level. Basic blocks in the multiple execution traces are scored. Scores for the basic blocks represent benefits of performing binary slimming at the corresponding basic blocks. Runtime binary slimming is performed of the application based on the scores of the basic blocks.

Abstract: Persistent storage contains a training dataset and a test dataset, each with units of text labelled from a plurality of categories. A machine learning model has been trained with the training dataset to classify input units of text into the plurality of categories. One or more processors are configured to: read the training dataset or the test dataset; determine distributional properties of the training dataset or the test dataset; determine, using the machine learning model, saliency maps for tokens in the training dataset or the test dataset; perturb, by way of token insertion, token deletion, or token replacement, the training dataset or the test dataset into an expanded dataset; obtain, using the machine learning model, classifications into the plurality of categories for the expanded dataset; and based on the distributional properties, the saliency maps, and the classifications, identify causes of failure for the machine learning model.

Abstract: An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.

Abstract: A method, apparatus and computer program product for scheduling placement of containers in association with a set of hosts. The technique utilizes metrics that characterize container-specific risks. A first metric is a host interface risk for a container that quantifies how similar or dissimilar the container is relative to other containers running on a host. Preferably, host interface risk is derived with respect to a system call interface comprising a set of system calls, and the metric is based at least in part on a measure of dissimilarity among system calls. A second metric is a data sensitivity score that quantifies a degree to which sensitive data accesses are associated to the container. Based at least in part on the host interface risk scores and the data sensitivity scores, one or more containers are automatically scheduled for placement on the set of hosts to minimize security risk for the set of hosts.

Abstract: A method, system, and computer-usable medium for analyzing security data formatted in STIX™ format. Data related to actions performed by one or more users is captured. Individual tasks, such as analytics or extract, transform, load (ETL) tasks related to the captured data is created. Individual tasks are registered to a workflow for executing particular security threat or incident analysis. The workflow is executed and visualized to perform the security threat or incident analysis.

Abstract: The system for responding to a set of words includes an interface and a processor. The interface is configured to receive the set of words. The processor is configured to determine a token from the set of words; determine an entity and an associated keyword from the token, wherein the entity is associated with an entity type; determine an intent based at least in part on the set of words; match the entity to an entity of the intent based on the associated keyword; and determine a response based on the intent and the entity.

Abstract: A mounting assembly for an adjustable arrest distance fall-protection system includes an offset stanchion comprising a hollow body and a first bore formed through the hollow body, an arm connected at a first end to the hollow body, and a mounting tube comprising a first end configured to fit within the hollow body and a second bore configured to align with the first bore. The fall protection system can include multiple mounting assemblies, with a fall-arrest cable extending therebetween.

Abstract: Reducing attack surface by selectively collocating applications on host computers is provided. System resources utilized by each application running in a plurality of host computers of a data processing environment are measured. Which applications running in the plurality of host computers that utilize similar system resources are determined. Those applications utilizing similar system resources are collocated on respective host computers.