Abstract: In one implementation, a resource classification system identifies a plurality of resource requests and generates a plurality of resource access measures based on the plurality of resource requests. Each resource request from the plurality of resource requests is associated with a resource from a plurality of resources by a resource identifier of that resource. Each resource access measure from the plurality of resource access measures is associated with a resource from the plurality of resources. The resource classification system applies a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure, and assign a security classification to each resource from the plurality of resources based on the classification result for that resource.

Abstract: Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.

Abstract: A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key. The technique includes, in response to the request, performing cryptographic-based initialization of the memory, including altering the stored nonce value to initialize the region of the memory.

Abstract: A technique includes receiving, in a memory controller, a request to read data that is stored in the region of memory. The technique includes using the memory controller to manage access to the memory based on an initialization state indicator for the region of memory. Managing the access includes determining whether the region of memory is associated with the initialized state based on the indicator; and based at least in part on the determination, selectively bypassing accessing the memory and using the memory controller to provide data having a provide a predetermined data pattern.

Abstract: In one implementation, a resource classification system identifies a plurality of resource requests and generates a plurality of resource access measures based on the plurality of resource requests. Each resource request from the plurality of resource requests is associated with a resource from a plurality of resources by a resource identifier of that resource. Each resource access measure from the plurality of resource access measures is associated with a resource from the plurality of resources. The resource classification system applies a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure, and assign a security classification to each resource from the plurality of resources based on the classification result for that resource.

Abstract: In one implementation, a resource reference classification system includes a selection engine and a classification engine. The selection engine is to access a plurality of resource request records based on resource requests intercepted from a plurality of clients, and to select resource request records from the plurality of resource request records intercepted from a client from the plurality of clients. Each resource request record from the plurality of resource request records includes a resource reference. The classification engine is to identify, independent of the client, a root resource reference and a plurality of child resource references of the root resource reference from the resource request records.

Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: Systems and methods are provided for managing the transfer of electronic files. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a hash of the encrypted file, and sends it to a trusted third party. The trusted third party compares the hash that was computed by the receiver with another hash computed by the sender. If the two hashes match, the third party sends the file decryption key to the receiver. In some embodiments, the receiver may also send the third party payment information so that the sender, the content owner, and/or the third party can be paid for their role in the transaction. In a preferred embodiment, the payment information is only sent to, and/or used by, the third party once the third party has confirmed to the satisfaction of the receiver that the encrypted file in the receiver's possession will decrypt correctly.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: Systems and methods are provided for managing the transfer of electronic files. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a hash of the encrypted file, and sends it to a trusted third party. The trusted third party compares the hash that was computed by the receiver with another hash computed by the sender. If the two hashes match, the third party sends the file decryption key to the receiver. In some embodiments, the receiver may also send the third party payment information so that the sender, the content owner, and/or the third party can be paid for their role in the transaction. In a preferred embodiment, the payment information is only sent to, and/or used by, the third party once the third party has confirmed to the satisfaction of the receiver that the encrypted file in the receiver's possession will decrypt correctly.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.