Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.

Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: A technique includes receiving, in a memory controller, a request to read data that is stored in the region of memory. The technique includes using the memory controller to manage access to the memory based on an initialization state indicator for the region of memory. Managing the access includes determining whether the region of memory is associated with the initialized state based on the indicator; and based at least in part on the determination, selectively bypassing accessing the memory and using the memory controller to provide data having a provide a predetermined data pattern.

Abstract: Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.

Abstract: A technique includes receiving a request to initialize a region of a memory. Content that is stored in the region is encrypted based at least in part on a stored nonce value and a key. The technique includes, in response to the request, performing cryptographic-based initialization of the memory, including altering the stored nonce value to initialize the region of the memory.

Abstract: Examples relate to efficient storage of initialization vectors in a system. One example facilitates determining an initialization vector for use in encrypting a first cache line of a first page of memory, wherein determining the initialization vector comprises concatenating a page-level counter with a first set of hierarchical counters. The first set of hierarchical counters includes a first counter associated with the first cache line; a first group counter associated with a first group of cache lines, the first group of cache lines comprising the first cache line; and a first cluster counter associated with a first cluster of cache line groups, the first cluster comprising the first group of cache lines.

Abstract: Providing a targeted security alert can include collecting participant data from a plurality of participants within a threat exchange community, calculating, using a threat exchange server, a threat relevancy score of a participant among the plurality of participants within the threat exchange community using the collected participant data, and providing, from the threat exchange server to the participant, the targeted security alert based on the calculated threat relevancy score via a communication link within the threat exchange community.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: In one implementation, a redactable document signature system includes an encoding engine, a reordering engine, and a signature engine. The encoding engine is to access a plurality of subdocuments of a document, to generate a plurality of commitment values from the plurality of subdocuments, and to generate a plurality of dummy values. Each dummy value is indistinguishable from a commitment value. The reordering engine is to define an order of the plurality of commitment values and the plurality of dummy values independent of an order of the subdocuments. The signature engine is to calculate a signature value for the document using the plurality of commitment values and the plurality of dummy values according to the order.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.

Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. It is determined that the received alert is similar to a given alert in an information repository containing information of past processes performed to address respective issues, the determining comprising comparing a property associated with the received alert to a property of alerts associated with the past processes, and the information contained in the information repository comprising actions taken in the past processes to address the respective issues. Performance of a remediation action is triggered that comprises an action, identified by the information in the information repository, taken to respond to the given alert.

Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.

Abstract: Examples relate to efficient storage of initialization vectors in a system. One example facilitates determining an initialization vector for use in encrypting a first cache line of a first page of memory, wherein determining the initialization vector comprises concatenating a page-level counter with a first set of hierarchical counters. The first set of hierarchical counters includes a first counter associated with the first cache line; a first group counter associated with a first group of cache lines, the first group of cache lines comprising the first cache line; and a first cluster counter associated with a first cluster of cache line groups, the first cluster comprising the first group of cache lines.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.