Abstract: A computer-implemented method for controlling time out of a device is disclosed according to an aspect of the subject technology. The method comprises determining whether at least one content-viewing criterion is satisfied; if the at least one content-viewing criterion is satisfied, then preventing the device from timing out upon expiration of a time-out period; and if the at least one content-viewing criterion is not satisfied, then timing out the device upon expiration of the time-out period.

Abstract: Techniques for processing user logins are described. One example method includes receiving a first user input to zoom out a first application, wherein the first application is displayed on a first area of a screen of a device; zooming out the first application to be displayed on a second area of the screen; and displaying an icon of a second application on a third area of the screen, wherein a user has logged into the second application on the device; receiving a second user input to drag the displayed icon of the second application from the third area to the second area; transmitting login authorization information of the second application to the first application; and submitting, by the first application, the login authorization information to a server of the second application through a server of the first application; and authorizing logging into the first application on the device.

Abstract: Techniques are described for enabling administrators of teams that use a particular service to specify which sign-on options, of multiple possible sign-on options, are assigned to the members of the teams to which the administrators belong. For example, an administrator may assign a sign-on option, which allows members of the team to use either native authentication or third-party single-sign-on authentication. Upon successful authentication of a member using third party single sign-on authentication, the member is automatically assigned to use only the third party single sign-on authentication.

Abstract: An information handling system includes a processor, a peripheral component interconnect express (PCIe) endpoint, and a PCIe downstream port. The PCIe downstream port blocks PCIe vendor-defined messages (VDMs) from the PCIe endpoint as a default mode, changes to a second mode in response to the PCIe endpoint being verified, and allows PCIe VDMs from the PCIe endpoint while in the second mode.

Abstract: An application service system receives, from a merchant service system, an application program code comprising identifying information. The identifying information is extracted and the application is distributed for operation on a user device. A user interacts with the application, creating an access request that is transmitted to the application service system along with the extracted identifying information. The application service system transmits an access token to the user device comprising the received identifying information. The user device transmits the access token with a service request to the application service system. The application service system compares the identifying information from the access token to the identifying information extracted from the application program code received from the merchant services system. If the identifying information matches, the service request is processed.

Abstract: Techniques are described herein that are capable of increasing security of a password-protected resource based on publicly available data. For instance, password generation models may be extracted from passwords (e.g., encrypted versions of the passwords) that are generated by users. A user password (e.g., encrypted version of the user password) may be received to be utilized to access a designated password-protected resource from a user of a computing device. Publicly available data regarding the user may be obtained. The password generation models may be applied using the publicly available data to generate sample passwords. The sample passwords may be compared to the user password to determine that the user password and each of one or more of the sample passwords include at least one common element. An alternative password may be recommended for use by the user in lieu of the user password.

Abstract: An extracting unit randomly extracts a block from among the blocks of instruction strings constituting the byte code of a first program and, at the time of execution of the first program, extracts the blocks which are invariably executed before the randomly-extracted block. A dividing unit randomly divides, into a plurality of blocks, the instruction strings constituting the byte code of a second program which enables detection of tampering of the first program. An inserting unit inserts the plurality of blocks, which are obtained by division by the dividing unit, at different positions in the block extracted by the extracting unit, while maintaining the execution sequence written in the second program.

Abstract: A method for determining which web page among multiple candidate web pages is similar to a given web page. For each candidate web page, a set of scoring rules is provided to score the components therein. When the given web page is compared against a candidate web page, each component that is found in both the given web page and the candidate web page under examination is given a score in accordance with the set of scoring rules that is specific to that web page under examination. A composite similarity score is computed for each comparison between the given webpage and a candidate web page. If the composite similarity score exceeds a predefined threshold value for a comparison between the given webpage and a candidate web page, that candidate web page is deemed the web page that is similar.

Abstract: A method for buffer overflow detection involves obtaining a program code configured to access memory locations in a loop using a buffer index variable, obtaining an assertion template configured to capture a dependency between the buffer index variable and a loop index variable of the loop in the program code, generating an assertion using the assertion template, verifying that the assertion holds using a k-induction; and determining whether a buffer overflow exists using the assertion.

Abstract: A system, method, and device for cloud forensics and incident response is provided. In an embodiment, a computer-implemented method for performing cloud forensics and incident response includes intercepting, by a cloud incident response module (CIRM), communication between a virtual machine (VM) and a hypervisor. The method also includes extracting, by the CIRM, data from the communication between the VM and the hypervisor according to a forensic policy. Intercepting and extracting the data are transparent to the VM and to the hypervisor. Intercepting and extracting the data are independent of the VM and the hypervisor.

Abstract: Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback.

Abstract: A method for implementing automated threat alert triage via data provenance includes receiving a set of alerts and security provenance data, separating true alert events within the set of alert events corresponding to malicious activity from false alert events within the set of alert events corresponding to benign activity based on an alert anomaly score assigned to the at least one alert event, and automatically generating a set of triaged alert events based on the separation.

Abstract: Systems and methods for malware detection using multiple neural networks are provided. According to one embodiment, for each training sample, a supervised learning process is performed, including: (i) generating multiple code blocks of assembly language instructions by disassembling machine language instructions contained within the training sample; (ii) extracting dynamic features corresponding to each of the code blocks by executing each of the code blocks within a virtual environment; (iii) feeding each code block into a first neural network and the corresponding dynamic features into a second neural network; (iv) updating weights and biases of the neural networks based on whether the training sample was malware or benign; and (v) after processing a predetermined or configurable number of the training samples, the neural networks criticize each other and unify their respective weights and biases by exchanging their respective weights and biases and adjusting their respective weights and biases accordingly.

Abstract: First and second computer source codes are generated by a case-based inference engine based on first and second parameters received via a user interface. The first and second parameters are different but are both associated with a desired result. The second computer source code is generated as a semantically equivalent variant of the first computer source code to provide for protection against a cyber-attack.

Abstract: Techniques are provided for anomaly-based ransomware detection of encrypted files. One exemplary method comprises obtaining metadata for an encrypted file; applying an anomaly detection technique to the metadata to compare at least one attribute in the metadata to one or more corresponding historical baseline values for the at least one attribute; and determining whether the encrypted file comprises a ransomware encryption based on the comparison. In some embodiments, one or more of file extension attributes, file size attributes and file name attributes in the metadata are compared to the one or more corresponding historical baseline values to identify a ransomware attack.

Abstract: A method, computer program product and computer system are provided. A processor retrieves a target file for inspection of malware. A processor converts the target file to a time domain format. A processor determines one or more time-frequency domain features of the converted target file. A processor generates a malicious classification for the target file based on the one or more time-frequency domain features of the converted target file and one or more classification models.

Abstract: The present invention analyzes the text of a received file to determine if the file likely is a forensic artifact of a ransomware attack on a computer system. If the computer system concludes that the file is likely an artifact of a ransomware attack, the system terminates or ignores all related processes, thereby minimizing the harm caused to the computer system.

Abstract: A method that involves generating, for source code, a set of nodes for a set of statements comprising a first statement and a second statement, wherein each node of the set of nodes comprises a dataflow fact and a statement of the set of statements; identifying a source node and a sink node of the set of nodes; determining that the source node is backward reachable from the sink node by analyzing an incoming access path; and, in response to the determination, identifying a potential taint flow from the source node to the sink node.

Abstract: A storage system in one embodiment comprises a plurality of storage devices and a storage controller. The storage controller is configured to generate a plurality of snapshots of a storage volume of the storage system at respective different points in time, to monitor a differential between a given one of the snapshots and the storage volume, and to generate an alert indicative of at least a potential ransomware attack on the storage system based at least in part on the monitored differential satisfying one or more specified conditions. The one or more specified conditions illustratively comprise a specified minimum amount of change in the storage volume relative to the given snapshot of the storage volume. Compressibility of the storage volume is also taken into account in generating the alert in some embodiments. The storage controller illustratively initiates restoration of the storage volume utilizing a selected snapshot responsive to confirmation of an actual attack.

Abstract: An attack code detection device includes a learning unit configured to generate a model that learns, using a known labeled malicious document file including an ROP code, as learning data, a feature of a byte sequence being a component of a document file, and a feature of a byte sequence being a component of an ROP code, a detection unit configured to detect the ROP code included in an inspection target unknown document file, based on the model, and a malignancy determination unit configured to determine, based on a detection result, whether the inspection target unknown document file is a malicious data series that executes attack using ROP.

Abstract: Measurement methods, devices and systems based on a trusted high-speed encryption card are disclosed. One of the methods includes: a BIOS actively measuring at least one firmware in a device if an integrity measurement result made by a trusted security chip for the BIOS indicates that the integrity thereof is not corrupted; loading one or more firmware if the integrity of the one or more firmware in the device actively measured by the BIOS is not corrupted; and forbidding a system of the device from being started or controlling the system to enter into a non-secure mode if the integrity of one or more firmware in the device actively measured by the BIOS is corrupted.

Abstract: A method includes storing basic input/output system (BIOS) firmware instructions at a first flash memory device included at an information handling system. The BIOS firmware includes an initial boot block. BIOS data is stored at a second flash memory device. A baseboard management controller validates instructions included at the initial boot block.

Abstract: A method for starting a trusted embedded platform based on TPM industrial control includes taking a Core Root of Trust Measurement (CRTM) as a source of a trust chain and executing CRTM after electrifying an embedded platform; conducting trust measurement of BIOS and starting BIOS after passing measurement; BIOS measuring Bootloader and extending a measured value into PCR corresponding to TPM; after passing the measurement, transferring a control execution right to Bootloader; and Bootloader measuring OS kernel start process, recording a measured value into PCR of TPM, and executing a start flow of OS after passing the measurement. The method performs measurement before start of each part of a start process, and measured values are also stored in the PCR corresponding to TPM. When the start process is tampered by an attacker, an integrity measurement mechanism terminates the execution of a program, thereby ensuring the security of the embedded platform.

Abstract: To analyze open-source code at a large scale, a security domain graph language (“SGL”) has been created that functions as a vulnerability description language and facilitates program analysis queries. The SGL facilitates building and maintaining a graph database to catalogue vulnerabilities found in open-source components. This vulnerability database generated with SGL is used for analysis of software projects which use open source components. An agent which interacts with the vulnerability database can perform a scan of a software project to identify open-source components used in the project and submit queries to the vulnerability database to identify vulnerabilities which may affect the open-source components in the project. Results of the scan are presented to a user in the form of a vulnerability report which indicates vulnerabilities that have been discovered and which open-source components the vulnerabilities affect.

Abstract: A system, method and apparatus for detecting whether an application is virtualized comprises identifying a storage location relevant to an application; writing a value to the storage location, storing the value written to the storage location, reading the identified storage location with a non-virtualized process, and checking if the read from the non-virtualized process matches the value.

Abstract: In an example embodiment, a system analyzes a set of computer routines. The system may perform an analysis including a determination of a likelihood of vulnerability to unexpected behavior for one or more computer routines of the set. Based upon the analysis, the system may identify one or more computer routines of the set having the likelihood of vulnerability. The system may asynchronously and dynamically manipulate at least one of the one or more computer routines through a testing technique. The system may determine unexpected behavior of at least one of the one or more computer routines.

Abstract: A method, apparatus and product for firmware verification. The method comprises obtaining a list of libraries utilized by a firmware. The method comprises determining a set of vulnerabilities of the firmware by identifying vulnerabilities corresponding to each library of the list of libraries. The method further comprises determining a set of remedial actions for the set of vulnerabilities, the set of remedial actions including an offline remedial action and an online remedial action. The method further comprises determining for the set of vulnerabilities a combination of remedial actions based on estimated costs and estimated runtime overheads of the set of remedial actions. The method further comprises providing an output based on the combination of remedial actions.

Abstract: In an illustrative embodiment, methods and systems for cybersecurity assessment of an organization's technology infrastructure include identifying features of the technology infrastructure and automatically generating a threat profile relevant to both the technology infrastructure and the organization's business (and/or business objectives), where the threat profile includes potential threat actors and threat scenarios applicable to the technology infrastructure. The methods and systems may include evaluating cybersecurity controls of the organization's technology infrastructure in light of the threat profile to identify and rate vulnerabilities within the technology infrastructure.

Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.

Abstract: A method selectively disables commands that are utilized by changed code. One or more processors and/or a user identify changes in a source code that result in changed code in the source code. The processor(s) and/or user associate the changed code with affected application program interfaces (APIs) that are used by the changed code. The processor(s) and/or user identify which commands are utilized by the changed code, and selectively disable the commands that are utilized by the changed code while leaving all other commands enabled in the affected APIs.

Abstract: Various examples relate to detecting vulnerabilities in managed client devices. In some examples, a system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.

Abstract: There is disclosed in one example a server apparatus, including: a hardware platform including a processor and a memory; a network interface; and a vulnerability assessment server engine including instructions encoded within the memory to instruct the processor to: receive via the network interface an endpoint payload including a platform identification string, including an identifier for an application and an identifier for an action to be taken by the application; query a vulnerability database and platform identification string database to procure an application-specific reputation for the action; and send via the network interface the application-specific reputation for the action.

Abstract: Systems, computer program products, and methods are provided for storing data files within a distributed trust computing network, such as a blockchain network, which acts as a source of truth for the digital copy. In response to storing the data file within the distributed trust computing network, a machine-readable code is generated that when read by an authorized entity provides access to the certified digital copy stored within the distributed trust computing network. In this regard the machine-readable code serves as a pointer to the distributed trust computing network and the storage location within the trust network and, in specific embodiments the code is dynamic so as to provide access privileges (e.g., security credentials required to access, the content authorized to access, duration period for accessing and the like).

Abstract: Methods, apparatus, and processor-readable storage media for encryption using wavelet transformation are provided herein. An example computer-implemented method includes generating a modified item of cryptographic information by randomly incorporating one or more characters into a user-provided item of cryptographic information; converting the modified item of cryptographic information to a matrix code; creating multiple bands of data by applying wavelet transformation to the matrix code; generating one or more encrypted items of cryptographic information by converting a selected one of the multiple bands of data into a sequence of multiple characters by applying an encoding process to the selected band of data; and storing the encrypted items of cryptographic information in a database for use in authentication requests.

Abstract: A risk assessment platform receives an indication of a first user authentication event associated with a user's attempt to access a first protected resource, and collects first user and device attributes associated with a first authentication process applied to the user and the user's device. The risk assessment platform receives an indication of a second user authentication event associated with the user's attempt to access a second protected resource, and collects second user and device attributes associated with a second authentication process applied to the user and the user's device. The risk assessment platform determines a level of risk of identity fraud associated with the user based on the first and second user and device attributes, and grants or denies the user access to the second protected resource based on the determined level of risk of identity fraud associated with the user.

Abstract: Techniques and structures to provide secure data transfer between entities in a multi-user on-demand computing environment. An electronic device may comprise at least one physical memory device, one or more processors coupled with the at least one physical memory device, the one or more processors configurable to create a scratch organization within the computing environment, receive, via a user interface, a metadata selection comprising a plurality of metadata resources which define a set of components for a service implemented in an origin organization of the multi-user, on demand computing environment, extract the plurality of metadata resources from the origin organization within the computing environment into a metadata bundle, and deploy the metadata bundle in the scratch organization. Additional subject matter may be described and claimed.

Abstract: Example storage systems, storage devices, and methods provide secure transfer of data between peer storage devices using protection information. Data operation commands may be received that use a protection information data block format for transferring a target data block between peer storage devices. A local data operation may operate on the target data block in a first storage device and compare at least one protection information tag value to a first data check value. At least one destination verification protection information tag value and the target data block may be transferred to a second storage device through a peer communication channel. The destination verification protection information tag value may be compared to a destination data block protection information tag value by the second storage device. The second storage device may then execute a data operation on the target data block.

Abstract: There is provided an information processing apparatus including a processor that generates a plurality of pieces of authority information for obtaining user information classified into a plurality of categories, in which the processor generates the authority information to correspond to each of a plurality of the categories.

Abstract: An information provision apparatus includes a memory configured to store personal data for each user, and a processor coupled to the memory and configured to in response to receiving a request for first personal data of a first user from a terminal device, determine difference between first data stored in the memory as the first personal data at a first time of receiving the request and second data stored in the memory as the first personal data at a second time before the first time, provision of the second data being permitted, perform, in accordance with the difference, determination of whether provision of the first data is permitted, and when it is determined that the provision of the first data is permitted, transmit the first data to the terminal device.

Abstract: An information management apparatus includes: a management data storage unit that stores therein a basic data management table in which, when business document data sent from a terminal device to a specified recipient is received over a network, the received business document data is stored in association with identification information of the recipient and identification information of the sender of the business document data and a deletion data management table that contains a condition for making at least partial data of the business document data inaccessible to the recipient; and a data processing unit that makes, when the sender or recipient takes an action defined in the condition set in the deletion data management table, at least the partial data of the business document data inaccessible to the recipient.

Abstract: Sensitive data is protected in a software product. A source file of the software product is compiled to generate an object file, in which the source file includes at least one piece of sensitive data marked with a specific identifier. The object file has a secure data section for saving storage information of the at least one piece of sensitive data at compile-time and run-time. The object file is linked to generate an executable file. The executable file updates the secure data section at run-time. Sensitive data is also protected when a core dump is generated.

Abstract: A computer system, processor, and method for processing information is disclosed that includes watching logical operations to detect unauthorized attempts to access a register, and taking evasive action in response to detecting unauthorized attempts to access the register. In an embodiment, the register is a hidden, secret, restricted, or undocumented register, and the method further includes, in response to unauthorized attempts to access the secret register, locking the contents of the secret register. The evasive action may include one or more of interrupting the operations of the processor; causing the processor to shut-down, malfunction, lock, self-destruct; no longer providing read or write permission or access to the register; releasing data disguised to look like the real register data while not releasing the real data; and combinations thereof.

Abstract: Disclosed is a system for controlling access of one or more applications to a storage device, including: a storage device including one or more memories; and a kernel implemented between the applications and the storage device, in which when the kernel receives a first access request to the storage device from a first application, the kernel transmits to the storage device first memory address information to be accessed by the first application and a first access code included in the first access request, and the storage device stores a database for an authorized access code for each memory address information and controls the first application to access a memory corresponding to the first memory address information according to whether the first memory address information and the first access code are present in the database.

Abstract: Embodiments for mitigating cache-based data security vulnerabilities in a computing environment are provided. Cache pollution due to speculative memory accesses within a speculative path is avoided by delaying data updates to a cache and memory subsystem until the speculative memory accesses are resolved. A speculative buffer is used to maintain the speculative memory accesses such that a state of the cache remains unchanged until the speculative memory accesses are committed.

Abstract: Disclosed systems and methods initiate an instance of an isolated application on a node computing device. The systems determine that the isolated application requests exclusive access to a block storage resource, create a control group associated with the block storage resource to provide access to members of the control group and set an access rate limit to zero for non-members of the control group, and assign the isolated application to the control group.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure user-defined function definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure user-defined function definition is hidden from the second account and visible to the first account.

Abstract: The storage or transmission of genomic data is realized by employing a structured compressed genomic dataset in a file or in a stream of genomic data. Selective access to the data, or subsets of the data, corresponding to specific genomic regions is achieved by employing user-defined labels based on data classification and a specific indexing mechanism.

Abstract: A system for controlling access within an enterprise to information associated with recipients of an electronic message campaign of the enterprise sent to a plurality of recipient devices wherein the enterprise includes hierarchically structured Business Units having an enterprise level Business Unit at the highest level and a plurality of second level Business Units and an enterprise system communicatively coupled to a network and including an enterprise level device communicatively coupled to a plurality of second level devices includes a server and an electronic message engine The server is configured to assign an enterprise account to the enterprise system and to allow the enterprise level device to communicate selected portions of the recipient list. The electronic message engine is configured to generate electronic messages within a message campaign for sending to recipients identified by each of the second level devices from the selected portions of the recipient list.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.