Abstract: A security agent can implement a least recently used (LRU)-based approach to suppressing events observed on a computing device. The security agent may observe events that occur on a computing device. These observed events may then be inserted into a LRU table that tracks, for a subset of the observed events maintained in the LRU table, a rate-based statistic for multiple event groups in which the subset of the observed events are classified. In response to a value of the rate-based statistic for a particular event group satisfying a threshold for the LRU-table, observed events that are classified in the event group can be sent to a remote security system with suppression by refraining from sending, to the remote security system, at least some of the observed events in the event group. The security agent may cease suppression after the rate-based statistic falls below a predetermined threshold level.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secured software agent is provided for embedding within the abstraction layer forming the operating system. The secured software agent is configured to limit access to the abstraction layer by either blocking loadable kernel modules from loading, blocking writing to the system call table or blocking requests to attach debug utilities to certified applications or kernel components.

Abstract: Facilities are provided herein to address application phishing by determining whether an application is a legitimate application it purports to be. Optical code(s) are displayed on a display device in association with an application to be authenticated for a user as being a legitimate application. Based on imaging the optical code(s) using a camera of a device of a user, data of the optical code(s) are obtained. It is automatically determines, based on the obtained data of the optical code(s), whether the application to be authenticated is authenticated as being the legitimate application, and based on this, an indication of whether the application is authenticated as being the legitimate application is provided for the user by the device.

Abstract: Disclosed are systems and associated methods for protecting systems against software intended to damage or disable computers and computer systems, commonly called “malware” especially encrypting malware. Both agent-based and agentless implementations allow the identification of malware and the protection of local and cloud-based data by observing changes to filesystem structure and the information content of files, with no need to scan memory or interfere with the processing of individual processes. The data permeability of the protected system can be dynamically changed, allowing user-directed changes to be committed to storage and backed up, while adverse or potentially adverse changes are quarantined.

Abstract: An information handling system includes a storage and a processor. The storage is configured to store malware samples and malware signatures. The processor is configured to unpack a malware sample, compare the malware sample to known malware families, extract a command-and-control domain, extract encryption keys and communication parameters, store a malware signature for the malware sample, the malware signature including information required to monitor a network for activity of the malware sample or detect the malware sample on another system, and provide the command-and-control server addresses, encryption keys, and communication parameters to a botnet tracker.

Abstract: A method and apparatus are disclosed for identifying malicious software in the technical field of computers. The method includes: obtaining, according to a source code of to-be-detected software, a function call diagram of the software; generating a feature sequence of the software according to the function call diagram, the feature sequence including an eigenvalue of at least one feature, the feature being a function in a preset function library, and the eigenvalue of the feature being a quantity of times of calling of the function by the software; and identifying whether the software is malicious software according to the feature sequence and a random forest, the random forest including at least one decision tree, and the decision tree including reference eigenvalues of multiple features. The apparatus includes: an obtaining module, a generation module, and an identification module. The present disclosure may improve identification accuracy.

Abstract: In some embodiments, a method includes processing at least a portion of a received file into a first set of fragments and analyzing each fragment from the first set of fragments using a machine learning model to identify within each fragment first information potentially relevant to whether the file is malicious. The method includes forming a second set of fragments by combining adjacent fragments from the first set of fragments and analyzing each fragment from the second set of fragments using the machine learning model to identify second information potentially relevant to whether the file is malicious. The method includes identifying the file as malicious based on the first information within at least one fragment from the first set of fragments and the second information within at least one fragment from the second set of fragments. The method includes performing a remedial action based on identifying the file as malicious.

Abstract: In one respect, there is provided a system for training a neural network adapted for classifying one or more scripts. The system may include at least one processor and at least one memory. The memory may include program code which when executed by the at least one memory provides operations including: receiving a disassembled binary file that includes a plurality of instructions; processing the disassembled binary file with a convolutional neural network configured to detect a presence of one or more sequences of instructions amongst the plurality of instructions and determine a classification for the disassembled binary file based at least in part on the presence of the one or more sequences of instructions; and providing, as an output, the classification of the disassembled binary file. Related computer-implemented methods are also disclosed.

Abstract: Disclosed are an apparatus and method of verifying an application installation procedure. One example method of operation may include receiving an application at a computer device and initiating the installation of the application on the computer device. The method may also provide executing the application during the installation procedure and creating a hash value corresponding to the executed application data. The method may further provide storing the hash value in memory and comparing the hash value to a pre-stored hash value to determine whether to continue the installation of the application.

Abstract: Reprogramming of a redirected USB device can be restricted to prevent the redirected USB device's firmware from being modified maliciously. A virtual bus driver can be configured to monitor USB request blocks (URBs) to identify whether an URB pertains to an attempt to alter the firmware of a redirected USB device. When an URB is identified as pertaining to an attempt to alter the firmware, the virtual bus driver can block the URB unless the URB is associated with an authorized user or application. In this way, only an authorized user or application will be allowed to modify the firmware of a redirected USB device thereby ensuring that a malicious user or application cannot modify the firmware in an improper manner.

Abstract: Providing a targeted security alert can include collecting participant data from a plurality of participants within a threat exchange community, calculating, using a threat exchange server, a threat relevancy score of a participant among the plurality of participants within the threat exchange community using the collected participant data, and providing, from the threat exchange server to the participant, the targeted security alert based on the calculated threat relevancy score via a communication link within the threat exchange community.

Abstract: Technologies are disclosed herein for blocking access to some firmware variables during runtime. These firmware variables may be disallowed from runtime access (e.g., read/write access), by placing an indication of the firmware variables on a runtime blocklist. Upon completion of booting, runtime firmware services may access the runtime blocklist to determine if a firmware variable is to be accessed during runtime. In some cases, a firmware variable may be disallowed from runtime access by inclusion in the runtime blocklist, even if that firmware variable has an attribute that indicates that it is runtime accessible. The runtime blocklist may be generated based at least in part on indications of the firmware variables to be blocked during runtime. Additionally, runtime accessible firmware variables may be exposed to higher-level software, such as an O/S, if the firmware variables are not included in the runtime blocklist.

Abstract: Systems and methods are included for causing a computing device to implement a management policy prior to a user logging into an operating system on initial boot. As part of initial boot, the computing device contacts a management server for enrollment. Installation of the operating system is paused while the management server synchronizes the software and policies on the computing device. To do this prior to login, the management server can create a temporary user account to associate with the computing device and apply a default management policy. After the installation is complete, an installed management agent can gather user inputs made during login. The management agent can send these inputs to the management server for use in creating an actual user account to associate with the computing device.

Abstract: Techniques for implementing policy-based anti-rollback techniques on a computing device are described herein. As an example, a remote service may provide the computing device with a boot policy which indicates, for each boot stage of a software bootloader process, what software versions are permitted to execute. Prior to providing the computing device with the boot policy, the remote service may sign the boot policy with a private key, and include of an identifier corresponding to the computing device. At each boot stage of the bootloader process, components of the computing device may verify, using a public key, that the boot policy was signed with the private key, and that the boot policy corresponds to the computing device. After verification, the components may analyze the boot policy to determine whether each boot stage is permitted to execute a software version and boot to the next boot stage.

Abstract: Embodiments of the present disclosure disclose a method and apparatus for launching a device.

Abstract: Embodiments of the present invention are directed to data integration and threat assessment for triggering analysis of connection oscillations in order to improve data and connection security. The invention leverages a security threat assessment engine and an analytics engine to gather and process data from a combination of internal and external data sources for a third party connection. The system continuously monitors and updates a generated threat level for a third party connection to determine changes or triggers indicating a potential security threat. In response to these determined changes or triggers, the system then responds to a detected security threat and minimizes damages resulting from data compromised by third party systems. Further, the system may extract and recover data from the third party systems and alter connection channels in order to further limit losses.

Abstract: Technologies are provided in embodiments for using compiling techniques to harden software programs from branching exploits. One example includes program instructions for execution to obtain a first encoded instruction of a software program, the first encoded instruction including a first opcode in a first field to be performed when the first encoded instruction is executed, identify a vulnerable value in a second field within the first encoded instruction, where the vulnerable value includes a second opcode, determine that the first encoded instruction can be replaced with one or more alternative encoded instructions that do not contain the vulnerable value, and replace the first encoded instruction with the one or more alternative encoded instructions.

Abstract: Methods and apparatus are provided for private set membership using aggregation for reduced communications. A determination is made as to whether at least one data element of a client is in a data set of a server by: obtaining a transformation of the at least one data element; receiving a response from the server based on the transformation of the at least one data element, wherein the transformation comprises one or more of a Bloom filter-based transformation that employs a Bloom filter comprising a plurality of hash functions and an encryption-based transformation; and determining whether the at least one data element is in the data set based on the response, wherein one or more of the response and the determining is based on a result of at least one aggregation of a plurality of values that depend on the at least one data element and one or more items in the data set.

Abstract: Data privacy information pertaining to particular data hosted by a first workload provisioned to a first location can be received. The first workload can be monitored to determine whether the first workload is accessed by a second workload, determine whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload, and determine whether the second workload has access to the particular data hosted by the first workload. If so, the first workload can be automatically provisioned to a second location to which provisioning of the first workload is allowed based on the data privacy information.

Abstract: A system and method for securing data in a storage medium is disclosed. The system comprises a computing device, a database in communication with the computing device, and a user device including the storage medium is configured to access the computing device via a network. Computing device is configured to collect one or more parameters from at least one of the user device and the computing device. A seed key is generated based on the parameters using a digest algorithm. The computing device is configured generate a key using the seed key and MD5 and semi-Random SHA encryption. The computing device is configured to use the key to encrypt or decrypt data that accesses to and from a portion of the storage medium. The computing device is configured to execute encrypt and decrypt process through inline function without storing keys. The parameter includes server paired parameters and user device parameters.

Abstract: Embodiments disclosed herein describe systems and for isolating data communicated to and from peripherals coupled to an LPC bus or similar shared bus. In embodiments, the isolated data may be communicated to only a targeted peripheral while other peripherals receive masked data.

Abstract: Systems and methods for generating and handling tokenized links pointing to web-accessible files are provided herein. The tokenized link obscures the filepath of the file and is associated with a permission scope that consists of a set of criteria for evaluating conditions for access to the file. The link may be freely shared and still provide access restrictions within a domain to the linked file without needing to modify the permissions for the file itself. A user with access to the file may thus freely share the link with other users, who may in turn share the link with yet other users, and be assured that only authorized users will gain access to the file. The tokenized links thereby improve the security of the files, the user experience of the distributing and receiving users, and the functionality of the devices using the tokenized links.

Abstract: Artificial intelligence, big data, and crowd sourcing techniques are utilized to efficiently and effectively determine permissions that should be granted to a party within an organization. In one example, the permissions granted to a party within an organization are determined using one or more algorithms to identify, weight, and correlate historical and current permissions to party attributes for parties within the organization and/or for similar parties in similar organizations. In one example, the activity of the party within the organization is then monitored and the permissions granted the party are automatically modified as needed to allow the party to perform their tasks in the organization as the party's responsibilities within the organization evolve.

Abstract: A system for providing an ingest proxy and query rewriter for secure data is described. In an example implementation, the system may include a proxy configured to obfuscate data, generate maps of the obfuscated data to the original data, and send the obfuscated data to an analysis server. The analysis server may be configured to generate analysis data relevant to the obfuscated data and the original data by analyzing the obfuscated data. The analysis server may send the analysis data and an identification of the obfuscated data to a user device in response to a request from the user device. The user device may be configured to detect the identification of the obfuscated data in the signal received from the analysis server and retrieve the analysis data from a client device via the proxy.

Abstract: Provides a method to control the Background Region of a Memory Protection Unit (MPU) in order to create isolated privileged tasks (ptasks), which are an important step in the process of converting ordinary tasks to unprivileged tasks (utasks) and which also offer improved security and reliability in privileged mode.

Abstract: Methods, apparatus, systems, and computer-readable media are provided for interactive assistant modules to safely access and provide restricted content in group contexts. In various implementations, a dialog between a first individual and an interactive assistant module may be determined to be sensorially perceivable by at least a second individual. Restricted content that is to be automatically incorporated into the dialog by the interactive assistant module may be identified. In various implementations, access to the restricted content may be controlled by the first individual. In various implementations, the restricted content may be conditionally incorporated into the dialog in response to a determination that the second individual is authorized to perceive the restricted content.

Abstract: A computer system may perform substitutions for fields in a set of records, where performing a given substitution involves replacing a field in the set of records with a replacement field, and the substitutions remove the context information in the set of records while maintaining relevance of the set of records. Then, the computer system may generate an artificial set of records based, at least in part, on the set of records, where a given artificial record includes one or more modified portions of the set of records. Next, the computer system may combine the set of records and the artificial set of records into a second set of records, where at least some phrases or values in the second set of records are uniformly distributed.

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

Abstract: New tokenization tables are derived at intervals in order to increase the security of tokenized data that is transferred between two endpoints. Generation of the new tokenization tables is based on previous tokenization tables, which advantageously allows the generation process to be performed locally at the two endpoints independently of an external tokenization table provider. New tokenization tables can periodically be distributed to the endpoints as a new starting point for derivation.

Abstract: Methods and systems for providing an access of a network to a user are disclosed. A method includes receiving a selection of at least one Service Set Identifier (SSID) associated with the network from the user. The user may select the at least one SSID from a plurality of SSIDs on a computing device. The method further includes presenting an embedded multimedia along with a connect option on the computing device based on the selection of the at least one SSID. The method also includes connecting the computing device to the network based on a selection of the connect option. The method furthermore includes opening at least one webpage associated with at least one uniform resource locator (URL) related to the multimedia on the computing device.

Abstract: Methods, systems and computer program products for health data protection. Embodiments commence upon receiving a data access request message from a participant in a health ecosystem. The data access request message comprises an indication of one or more health data sets that are held by or at least potentially of interest to the participant. System components are configured to receive the message and to identify the participant. Based on parameter values corresponding to a data protection policy of the participant, a data protection scheme is generated. The scheme includes parameter values derived from the data protection policy. The parameter values of the scheme are used to generate a variation of the health data set that is formed by applying one or more data anonymization, data obfuscation or other data protection techniques to the health data set. A balance among the parameters is calculated so as to achieve a desired outcome.

Abstract: A method and system for implementing a cloud-based dead drop for isolated recovery systems. Specifically, the disclosed method and system entail the interjection of an object store as an intermediate storage relay between a production system and an isolated recovery system. The object store minimizes, if not eliminates, the exposure of data secured in the isolated recovery system from external cyber threats and attacks, as well as launches the deployment of the isolated recovery system as a service that may support any system.

Abstract: Disclosed herein are a fixed-location Internet-of-Things (IoT) device for protecting secure storage access information and a method for protecting secure storage access information of the fixed-location IoT device.

Abstract: Aspects of the disclosure relates to systems and methods for locking a display device of a host computer remotely using a management controller, and providing a banner notification on the locked display device. The system includes a computing device as the host computer, which has a display device, and a management controller. When the management controller receives a locking command, the management controller, in response to the locking command, performs the following operations: generating a locking instruction, and sending the locking instruction to the computing device to lock the display device; and generating a message display instruction including a message to be displayed, and sending the message display instruction to the display device of the computing device, in order to display the message on the display device. Thus, a local user at the computing device may be notified by the message that the display device is locked.

Abstract: A method of managing Proxy Objects by attaching Meta Data to each Proxy and HD Object and translating 2D coordinates into 3D coordinates from within a 3D CAD model with additional data being added through a 360 viewer. The method enables the user to programmatically swap one Proxy Object with one or more HD Objects. All Proxy Objects and HD Objects are stored in a secure database structure while providing access by users to the proxy objects and all related product information. Non-technical and non-CAD users can configure objects within a space by selecting an object, browsing a catalog of possible alternative objects, viewing specific product details and then selecting the object to replace the selected object. Once a new object is selected, a photo realistic 360 image of a scene is created in real time.

Abstract: The present invention concerns a method for generating technical design solutions satisfying a given performance target for a building. The method comprises: selecting a design model for the building; selecting a first set of design parameters from a first database; qualifying and/or quantifying the design parameters in the first set; generating a first set of design parameter combinations from the first set of design parameters; attributing the first set of design parameter combinations to the design model to obtain a first set of design alternatives; accessing a second database to determine the impact of the first set of design alternatives on a performance of the building; and ranking the first set of design parameters according to their contribution to the performance of the building.

Abstract: A method for enabling user-customization of a controller design for simulation comprises accessing at least one library of individual simulation component models for controller components. The method further comprises receiving information describing an architecture of a customized controller design corresponding to a controller that controls communications between other parts of a first target system. The method additionally comprises generating a controller simulation model for the customized controller design based on the first architectural information, the controller simulation model including instances of a plurality of the simulation component models.

Abstract: Synthetic object detection data is generated for a modeled sensor, such as a camera. Scenario data specifying objects, such as vehicles, sensor intrinsics, such as focal length, principal point, and image size, and sensor extrinsics, such location and orientation in the scenario of the sensor, may be received. An object detector model may detect a given object in the scenario if it lies within the sensor's field of view, is large enough, and is not occluded. Two dimensional (2D) image plane position and velocity measurements may be generated. A measurement noise model may add noise to the measurements. Position, velocity, and measurement noise may be mapped into a three dimensional (3D) world coordinate system. An object detection list that includes time of detection, detected position and velocity, measurement accuracy, and an object classification for detected objects may be output.

Abstract: Embodiments are disclosed for solving a Boolean formula generated from an input design using an iterative loop using a computer-implemented Boolean satisfiability solver. An example method includes accessing data qualifier signals indicating one or more variables in a Boolean formula. The example method further includes marking the one or more variables in the Boolean formula as data qualifier variables based on the respective data qualifier signals. The example method further includes instructing a computer implemented Boolean satisfiability solver to solve the Boolean formula using an iterative loop, where operation of the iterative loop is prioritized based on the data qualifier variables. Corresponding apparatuses and non-transitory computer readable storage media are also provided.

Abstract: A timing error analysis method includes, extracting, from error information, a design value related to a delay amount of a signal path and a feature that is an input when a machine learning model learns with the design value as an output, estimating a correct answer value of the design value from the feature and the machine learning model learning a relationship between the design value and the feature, comparing the design value with the correct answer value and storing a comparison result, generating a comparison result list including countermeasures for eliminating the timing error according to the comparison result, aggregating signal paths included in the comparison result list for each design block to generate an error list including information indicating the signal paths aggregated for each of the design blocks and the countermeasures, and outputting the error list.

Abstract: A simulation switching device of computer control chips is disclosed, including an addin card body, a plurality of computer control chips having different operation frequencies arranged on the addin card body, a graphics processing device in information connection with each of the computer control chips, an operation control device in information connection with each of the computer control chips and the graphics processing device, and an inspection module in information connection with the operation control device. To use, the operation control device detects a voltage of the graphics processing device. If the voltage is in an unstable condition, then the inspection module performs simulation to inspect a condition that will be generated by driving another one of the computer control chips that has a relatively high operation frequency, and automatic switching is made to the computer control chip having the relatively high operation frequency to make the voltage stable.

Abstract: The present disclosure relates to a computer-implemented method for parasitic extraction. The method may include providing, using one or more processors, an electronic design having IP and/or metal fill content associated therewith. The method may further include identifying at least one layer associated with the content to be modeled and identifying at least one layer associated with the content to be ignored. The method may also include discarding one or more shapes associated with the at least one layer associated with the content to be modeled and replacing each discarded shape with an alternative shape. The method may further include modeling the electronic design including the alternative shape, wherein modeling is electrically aware in a horizontal and a vertical direction.

Abstract: A method for enhancing a chip layout may include obtaining the chip layout including a first layer including first and second tracks, a first route occupying the first track, and an open net including open terminals. The method may further include grouping the open terminals into at least a first subset of open terminals, calculating, based on the first subset, a region of interest (ROI), determining that neither the first track nor the second track within the ROI can be used to connect all the open terminals in the first subset, determining that the first track can be used to connect all the open terminals in the first subset after moving the first route from the first track to the second track, moving, the first route from the first track to the second track, and attempting to connect all the open terminals in the first subset using the first track.

Abstract: The present invention provides a circuit design method, wherein the circuit design comprises the steps of: designing a plurality of paths, wherein each path comprises a plurality of elements; determining if the paths have enough timing margin to determine at least one specific path; and replacing at least one specific element within the specific path by a configurable gate array cell, wherein a function of the configurable gate array cell is the same as a function of the specific element.

Abstract: Virtualized infrastructure instances are provided for running applications where electronic documents are rendered. The documents may comprise active content associated with risk of security issues. The documents are pre-processed to determine required software functionality for rendering. An index table including documents' characteristics relevant for displaying is generated. The characteristics include a correspondingly defined application for rendering a document, an OS for running the application, other. An identification of a document is received for displaying in a UI application separate from the virtualized instances. The first document is rendered on a virtualized instance from the infrastructure instances. The virtual instance is selected based on requirements for rendering the requested document, such as compatible application and OS. The rendered first document at the virtualized instance is displayed at the UI application on a virtual screen.

Abstract: The image processing apparatus includes an accepting unit, first and second storage units, and a controller. The first storage unit stores frequency order data for each language. The controller, using character image data in a font cache area, performs rasterization processing on PDL data. The controller sets first and second cache areas. The controller, based on frequency order data corresponding to a selected language, generates character image data in descending order of character use frequency. The controller has the character image data generated based on frequency order data stored in the first cache area.

Abstract: A tag management system in a computer data network can be used to manage one or more tag configurations with templates. A template may enable efficient tag configuration by causing presentation of an improved user interface that facilitates user-specified mappings between a custom content site and predefined tag management attributes. By completing a template, which may depend on other templates or have templates that depend on it, the tag management system can automatically deploy complex tag management configurations to track end user interactions over a data network.

Abstract: A system comprises a display unit; an input device configured to receive user input; and a processing unit communicatively coupled to the display unit and the input device. The processing unit is configured to cause the display unit to display a plurality of lines of natural language text on the display unit together with corresponding annotations including a plurality of relation lines. The processing unit is further configured to adjust spacing between each of the plurality of lines of natural language text based on the corresponding annotations.

Abstract: A method and system including a code comment module; a unified code processor in communication with the code comment module and operative to execute processor-executable process steps to cause the system to: receive initiation of an integrated development environment program; receive at least one element; initiate an editor in response to the received at least one element; receive a markup annotation, wherein the markup annotation is associated with the received at least one element; receive one or more comments to be formatted by the received markup annotation; and display the at least one element and the formatted comment. Numerous other aspects are provided.