Abstract: A system that detects malware by analyzing message logs to identify message patterns that are periodic with similar-sized messages. These patterns may indicate malware since malware often sends beacon messages to a command-and-control system that are often periodic and of relatively similar length. The system may group message logs by the combination of source and destination and analyze each group for patterns of periodicity and message length uniformity. Entropy may be used to measure the uniformity of message lengths and message intervals, with low (or zero) entropy suggesting malware. Message intervals that repeat after several messages may be detected by testing subsequence sums for uniformity at different possible periods. Additional factors may be used to assess the risk, such as the duration of communication, and threat intelligence on the source or destination. The system may perform automated actions to eliminate or mitigate detected risks, such as blocking further communication.

Abstract: A risk dependency platform may obtain a source code for task automation. The risk dependency platform may analyze the source code to determine one or more dependencies associated with the source code. The one or more dependencies may identify referenced source code that are included in the source code by reference. The risk dependency platform may obtain the referenced source code and may decompose the source code and the referenced source code into a plurality of tasks. The plurality of tasks may invoke a plurality of modules that are executables. The risk dependency platform may analyze the plurality of tasks to determine operations that are performed based on the plurality of modules being executed. The risk dependency platform may evaluate the operations to identify one or more risks associated with performing the operations. The risk dependency platform may perform an action based on the one or more risks.

Abstract: A method for protecting against malware when a client computer causes file operations at a server computer, comprising: gathering, by the server computer, information for each file operation performed into an event, the information including at least a identifier and a type of the operation, developing, not by the client computer, an event-level feature vector including at least two features which are numerical data representing an aspect of the gathered information for each event; grouping the event-level feature vectors into a file-level feature vector for each file; supplying, not by the client computer, the file-level feature vectors to a trained machine learning classifier and receiving as an output of the classifier at least one risk score indicating a likelihood of a presence of malware activity; and when malware activity is indicated by an aggregate risk score based on the at least one risk score, initiating incident handling.

Abstract: A process tree embedding is generated corresponding to a process tree. The process tree comprises a plurality of processes. The process tree embedding is processed with a machine learning model to generate an identification of malware associated with the process tree. In some embodiments, processing the process tree embedding with the machine learning model to generate the identification of malware associated with the process tree includes: processing the process tree embedding with the machine learning model to generate a classification of the process tree as being associated with malware; and, responsive to the classification indicating that the process tree is associated with malware, generating the identification of a first process of the plurality of processes that is relevant to the classification of the process tree as being associated with malware.

Abstract: There is provided a system and a computer-implemented method of detecting malware in real time in a live environment. The method comprises: monitoring one or more operations of at least one program concurrently running in the live environment, building at least one stateful model in accordance with the one or more operations, analyzing the at least one stateful model to identify one or more behaviors, and determining the presence of malware based on the identified one or more behaviors.

Abstract: The detection and alerting on malicious queries that are directed towards a data store. The detection is done by using syntax metrics of the query. This can be done without evaluating (or at least without retaining) the unmasked query. In order to detect a potentially malicious query, syntax metric(s) of that query are accessed. The syntax metric(s) are then fed into a model that is configured to predict maliciousness of the query based on the one or more syntax metrics. The output of the model then represents a prediction of maliciousness of the query. Based on the output of the model representing the predicted maliciousness, a computing entity associated with the data store is then alerted.

Abstract: An apparatus and method are described for authenticating extended service microcode updates. For example, one embodiment of a method comprises: storing extended service microcode update (MCU) in a memory of a processor; reading processor signature data, platform identification data, and processor extended service data from one or more registers of the processor; identifying MCU extended service period data based on processor signature data and platform identification data; determining whether to apply the extended service MCU on the processor based on a comparison between the MCU extended service period data and the processor extended service data.

Abstract: Systems and methods for Unified Extensible Firmware Interface (UEFI)-level processing of Out-of-Band (OOB) commands in heterogeneous computing platforms. In some embodiments, an Information Handling System (IHS) may include: a heterogeneous computing platform having a plurality of devices, and an OOB Microcontroller Unit (MCU), Embedded Controller (EC), or networking device integrated into or coupled to the heterogeneous computing platform and distinct from a host processor of the heterogeneous computing platform, where the OOB MCU, EC, or networking device is configured to: receive an OOB packet while the host processor is in a low-power state, and execute an OOB command contained in the OOB packet, by the host processor, at least in part through initialization of UEFI without initialization of any video device.

Abstract: An apparatus and method are described for staging and activating microcode of a processor. For example, one embodiment of a processor comprises: a plurality of functional blocks, each functional block operable, at least in part, based on microcode and including a non-volatile memory to store a corresponding microcode update (MCU); a plurality of MCU staging memories, each MCU staging memory to temporarily store one or more of the MCUs for one or more corresponding functional blocks of the plurality of functional blocks; authentication hardware logic to attempt to validate each MCU of the one or more MCUs stored in each MCU staging memory, wherein each MCU is to be copied to a non-volatile memory of a corresponding functional block only after a successful authentication.

Abstract: Described techniques provide addressing schemes that account for address differences between active and inactive memory banks in dual bank memory architectures used in software over the air (SOTA) updates implemented using address swapping between the dual memory banks, including providing address translations where needed to obtain one standard addressing scheme for purposes of SOTA updates. A timing and implementation of authentication and booting techniques may ensure that signature authentication and boot processes use correct memory addresses across the dual memory banks to enable updates of both an application and a bootloader to occur. Swapping techniques are described that enable robust, secure swapping between the banks, and that enable SOTA updates to hardware security manager (HSM) software, while ensuring use of such HSM software in dual bank scenarios.

Abstract: An update detail verification system has: an update information input unit to which update information of a control system is inputted; an update information analysis unit that analyzes the update information; a verification information storage unit in which verification information concerning verification to be performed on detail of update is stored; an update and verification detail setting unit that sets detail of update to be executed on the control system and detail of verification to be executed on the update, among the result of analysis and the verification information; an update and verification execution time estimation unit that estimates an execution time required for executing the update and verification; and an execution feasibility determination unit that, by making a comparison between the estimated execution time and a predetermined limited time, determines whether or not the execution of update and verification can be completed within the limited time.

Abstract: Aspects of the disclosure include methods and systems for performing automated software testing using chaos engineering. An exemplary method can include obtaining a plurality of fault scenarios and executing a test script on software under test during application of each of the plurality of fault scenarios, wherein the test script simulates the execution of a function of the software under test. The method also includes recording, for each of the plurality of fault scenarios, telemetry data regarding the execution of the function of the software under test and identifying a vulnerability of the software under test based on the recorded telemetry data.

Abstract: An embodiment constructs a knowledge graph based on data received from a system wherein the knowledge graph comprises a plurality of entities and relationships among the plurality of entities which represent a context information of the knowledge graph. The embodiment assigns a unique identifier to a designated entity. The embodiment expresses in natural language the unique identifier, an associated label, an associated property name, an associated property value, an associated relationship label and an associated relationship property name. The embodiment trains, using a machine learning algorithm, a foundation model responsive to inputting the natural language expression and applying a prompt comprising a cryptographic criterion, wherein the foundation model is trained to solve a task associated with the cryptographic criterion.

Abstract: Embodiments of systems and methods utilizing hardware models to detect side-channel vulnerabilities in processor designs are disclosed. Programs and inputs are tested in an instruction set simulator. Implementing the processor design in the instruction set simulator generates contract traces. A hardware simulator is implemented of the processor design. Implementing the hardware simulator results in hardware traces that indicate the data and execution are observable as a result of the hardware simulation. If the data and execution indicated by any of the hardware traces is not the same as that the data and execution indicated by at least one of the contract traces, a side-channel vulnerability is detected. Since the side-channel vulnerability was detected using a hardware simulation, an actual physical processor with the hardware design does not have to be used to test the hardware for the processor design.

Abstract: Provided are techniques for generating 3-dimensional (3D) models and connections to provide vulnerability context. For a first vulnerability of a first asset, first vulnerability data comprising first vulnerability attributes is retrieved. A second vulnerability of a second asset is identified based on the second vulnerability having second vulnerability data comprising second vulnerability attributes that include one or more common vulnerability attributes with the first vulnerability attributes. Anchor points for the first vulnerability and the second vulnerability are created based on the one or more common vulnerability attributes. A first 3-dimensional (3D) model is generated for the first vulnerability that incorporates the first vulnerability attributes, and a second 3D model is generated for the second vulnerability that incorporates the second vulnerability attributes. The first 3D model and the second 3D model are displayed with one or more connections based on the anchor points.

Abstract: Detecting security vulnerabilities through dynamic testing with canary programs is disclosed, including issuing, by a test tool, a call to an application one or more parameters that reference a canary program; determining, by the test tool, whether the application called the canary program; and logging, by the test tool, a security vulnerability of the application in response to determining that the application called the canary program.

Abstract: Various embodiments include systems and methods of implementing a machine learning model for calculating confidence scores associated with potential security vulnerabilities. The machine learning model is trained using vulnerability data associated with a set of previously identified vulnerabilities, where the vulnerability data indicates whether a previously identified vulnerability is a true positive or a false positive. In some embodiments, scan traffic data may be obtained. The scan traffic data may be associated with potential security vulnerabilities detected via scan engine(s) that implement application security testing. The machine learning model may be used to determine respective confidence scores for each potential security vulnerability. According to some embodiments, responsive to a request for scan findings associated with a particular application, the respective confidence scores may be displayed via a vulnerability analysis graphical user interface.

Abstract: A code repository stores source code. An insider threat detection system stores instructions for detecting code defects and criteria indicating predetermined types of code defects that, when present, are associated with intentional obfuscation of one or more functions of the source code. The insider threat detection system receives an entry of source code and detects, using the model, a set of code defects in the entry of source code. A defect type is determined for each code defect, thereby determining a set of defect types included in the entry of source code. If it is determined that each of the predetermined types of code defects indicated by the criteria is included in the determined set of defect types, the entry of source code is determined to include an insider threat.

Abstract: A security control method, constituted of: receiving risk analysis information comprising data regarding a plurality of threats, each of the plurality of threats associated with a respective asset; loading a control database comprising data regarding a plurality of security controls; for each of the plurality of threats, matching one or more of the plurality of security controls to one or more attack steps of one or more attack paths associated with the respective threat; for each of the plurality of threats, selecting at least a subset of the matched security controls; and for each of the plurality of threats, outputting information regarding the selected security controls.

Abstract: An information processing device includes a control unit. The control unit acquires user information indicating whether or not the first user is permitted to provide the third party with the first data related to the travel received from the vehicle on which the first user is riding. Then, when the first user is permitted to provide the first data to the third party, the control unit transmits the first data to the third party server. In addition, when the first user does not allow the first data to be provided to the third party, the control unit prohibits the transmission of the first data to the third party server.

Abstract: Systems and methods for secure deduplication of encrypted content. A system generally includes a client, a key server, a fingerprint index, and a storage service. The client can perform chunking of a file, hashing of chunks to generate tags, and encryption of chunks using a salted key from the key server. The fingerprint index checks for duplicate ciphertexts using the tags. The storage service saves non-duplicate ciphertext.

Abstract: Embodiments of the present disclosure relate to a method of encrypting a secret storage structure. The method may include storing a secret in a secret storage structure. The secret storage structure may be encrypted by encrypting the secret using a wrap key that is generated based at least on a hardware-based root key and a first context. The secret storage structure may additionally be encrypted by encrypting the secret storage structure using an authentication key that is generated based at least on the hardware-based root key and a second context.

Abstract: The disclosed includes the steps of: providing a predetermined set of recorded roles whereby the user associated with the recorded roles contains at least a permission allowing the user to get access to resources of a technical system during execution of the software system on the technical system, computing a plurality of combinations of intersection sets based on the predetermined recorded roles if the at least one permission of the first and the at least one permission of the second further role overlaps, creating a Venn diagram with a first and second graphical display element representing a first role and a second further role respectively; and displaying the Venn diagram for use by a user in debugging the roles in the software system, wherein the first and the second display element is placed in a visual representation to give the user the cue for each of the intersection sets.

Abstract: One embodiment provides a method, the method including: receiving, at an information handling device in operative communication with a central device during a predetermined time period, context data of a user of the information handling device; identifying, from the context data and utilizing a software management system, that a permission status of the user from the central device restricts access of the user to an application on the information handling device during the predetermined time period; and allowing, responsive to the central device adjusting the permission status of the user based upon the context data of the user, the user to access to the application. Other aspects are claimed and described.

Abstract: A system and method of scrubbing sensitive data from records using patterns and large language models (LLM). The method includes receiving a request to process a record comprising data including sensitive data. The method includes identifying, based on one or more regex rules, a first set of scrubbing candidates associated with the record. The method includes identifying, by a processing device and based on a large language model (LLM), a second set of scrubbing candidates associated with the record. The method includes generating, based on the first set of scrubbing candidates and the second set of scrubbing candidates, a scrubbed record by scrubbing the record to remove the sensitive data.

Abstract: An information processing apparatus includes an access attribute estimating unit that estimates access attributes representing attributes for an access request for an information asset, transmitted to the information asset from a terminal device, a likelihood calculation unit that calculates a likelihood for each access attribute, an access risk calculation unit that calculates an access risk for the access request, using the likelihoods, and a determination unit that determines whether to permit the access request for the information asset, based on the access risk.

Abstract: A content management system for collecting files from one or more submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder in response to a public file request. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: A printing system comprises an information processing apparatus, an image forming apparatus and a server that provides a print service. The information processing apparatus makes a request to the server for information for obtaining print data to be printed, displays a screen that includes a print code based on the information, makes a request to the server for a verification identification number of the print data and displays on a display unit the obtained verification identification number. The image forming apparatus reads the displayed print code, displays a screen for inputting the displayed verification identification number, transmits information included in the print code and the input verification identification number to the server, and in a case where the server successfully verifies the verification identification number, obtains the print data from the server and print the print data.

Abstract: Systems and methods for generating and maintaining differential privacy while providing accurate values can include obtaining a plurality of noise-added values, processing the plurality of noise-added values to determine a predicted value. The plurality of noise-added value may be utilized to determine one or more accuracy values that can be compared to a threshold to determine if more data is to be obtained and processed before providing a predicted value.

Abstract: An information processing apparatus is provided. The information processing apparatus has a power-saving function for changing a mode of the information processing apparatus from a normal mode to a power-saving mode in which a power consumption amount is smaller. When a predetermined condition is satisfied, the apparatus obtains an access token and an expiration time of the access token from the authorization server, stores an expiration time of an obtained access token and the access token in association with each other, and returns, if the information processing apparatus is in the power-saving mode, to the normal mode and updating at least some of obtained and stored access tokens when an expiration time of at least one access token out of the obtained and stored access tokens is reached.

Abstract: Using entropy to prevent inclusion of payload data in code execution log data. Embodiments determine that a payload data item associated with code execution log data has entropy exceeding a defined entropy threshold and identify a particular executable code that interacted with the payload data item. Embodiments then take a preventative action that excludes the payload data item from inclusion with a record of execution of the particular executable code. Examples of preventative actions include preventing the payload data item from being exported from the computer system, preventing the payload data item from being included in the code execution log data, and adding the payload data item to a block list in reference to the particular executable code.

Abstract: A privacy-preserving method of accessing a model as a service (e.g., a language model) receives an input prompt authored in a first domain having data intended to be maintained private. In response, and using a conversion model, the input prompt authored in the first domain is converted to a second domain to create a converted input prompt. The converted input prompt preserves a semantic context of the input prompt. The converted input prompt is then delivered to the model as a service, which returns a response in the second domain. Using the conversion model, the response is then converted back into the first domain to create a converted response. The converted response has the semantic context of the input prompt. The converted response is provided as a reply to the input prompt. The conversion model may be trained using data collected from user interactions with the model as a service.

Abstract: Methods and systems for managing operation of a data pipeline are disclosed. To manage operation of a data pipeline when a portion of data is inaccessible may require generating synthetic portion of data to generalize the inaccessible portion of data. Prior to the generation of the synthetic portion of data, an analysis of an intended use of the inaccessible portion of data may be performed. The analysis may reduce the likelihood of generation and use of synthetic portion of data that is unreliable. Once obtained, the synthetic portion of data may be analyzed to determine a likelihood that the synthetic portion of the data may successfully generalize the inaccessible portion of data. When the synthetic portion of data is determined to meet or exceed quality criteria, the synthetic portion of data may be utilized by the data pipeline.

Abstract: A method to protect data in a database. The method includes detecting an actual flow path for an API call between a source node and a destination node, determining whether the actual flow path for the API call deviates from an expected flow path for the API call, and in response to determining that the actual flow path for the API call deviates from the expected flow path by a predetermined threshold, denying access to data sought by the API call at the destination node.

Abstract: A computing platform is configured to (i) receive configuration data defining a permissions group for a construction project, the configuration data indicating a data domain and a set of actions performable on data objects within the data domain that have a particular value for a particular data object attribute, (ii) after receiving the configuration data, receive a data access request, on behalf of a user account, for a data object within the data domain, (iii) determine that the user account is a member of the permissions group, (iv) determine that the data object has the particular data object attribute with the particular value and thereby satisfies the condition, and (v) based on determining that (a) the user account is a member of the permissions group and (b) the data object satisfies the condition, determine that the user account is permitted to perform the set of actions on the data object.

Abstract: A consent block is a type of block that may be stored in a blockchain. Each consent block has an owner and may store an owner consent contract, i.e., a smart contract containing owner-specified access rules that determine who may access data assets that are stored in other blocks of the blockchain and owned by the same owner. The consent block may alternatively store a global consent contract containing global access rules that supersede owner-specified access rules. The consent block also stores a hash value determined from the consent contract and a previous hash value of the block immediately preceding the consent block. The consent contract and the position of the consent block in the blockchain are verifiable from the hash value. Each consent block, once added to the blockchain, becomes part of the immutable record of data stored in the blockchain, and therefore leaves an auditable trail.

Abstract: One embodiment is directed to a system for providing secure access to a digital asset subject to a promotional redemption by a user, comprising: a computing device configured to divide the digital asset into a plurality of portions and to encrypt each of the portions in the plurality using an asset key such that they may be stored on a decentralized peer-to-peer file sharing system; wherein the computing device is configured to create a manifest document based upon the division of the digital asset and storage of the portions thereof on the decentralized peer-to-peer file sharing system, such that given the access key, the manifest document, and a promotional code provided by the user, the digital asset may be securely reassembled by the user operating a client computing system.

Abstract: Systems and methods for simplifying and consolidating permission sets from multiple heterogeneous file storage systems are disclosed. An example method includes acquiring from the first file storage system a first set of file system permissions having a first set of permission semantics, and acquiring from a second file storage system a second set of file system permissions having a second set of permission semantics that are different from the first set of permission semantics. The first set of file system permissions and the second set of file system permissions are converted to a unified set of file system permissions having unified permission semantics that are different from the first set of permission semantics and the second set of permission semantics. The unified set of file system permissions can be analyzed to make a determination regarding security levels of the first file storage system and of the second file storage system.

Abstract: This disclosure relates generally to method and system for providing data privacy in service operations. Identifying risk arising from processing of user request in service operations is time consuming and monitoring insider threats is a difficult task. The method includes receiving a user request for a service comprising a plurality of sensitive attributes and further a vulnerability rating is assigned to each sensitive attribute. To mitigate the risk, the method estimates a disclosure proportion for the plurality of sensitive attributes and a masking operation is performed. Further, a sensitivity score is computed to allocate the user request to an agent associated with an agent registry with enabled data privacy and minimal data exposure. The agent is monitored by computing an agent mis-usability score to assess an insider threat risk. Additionally, a feedback alert is notified to autotune the plurality of privacy settings.

Abstract: The present disclosure provides techniques for detecting sensitive information that include: determining a first likelihood that a record contains a given type of sensitive information using a first detection technique that involves providing one or more inputs to a machine learning model based on the record and receiving the first likelihood as an output from the machine learning model based on the one or more inputs; determining a second likelihood that the record contains at least the given type of sensitive information using a second detection technique comprising a search of the record; applying a policy to determine whether the record contains sensitive information based on the first likelihood and the second likelihood; performing one or more actions based on whether the record contains sensitive information; and revising the policy based on a ground truth label indicated whether the record contains sensitive information.

Abstract: An embodiment of the present disclosure describes a mechanism for handling a complex query that includes two or more sub-queries. To resolve the first sub-query, access to private data is required. The mechanism involves performing dependency parsing to determine the sub-queries and their dependency order. Data sources are selected based on user settings, historical data access, success records, and metadata analysis. A private data access request is generated and sent with access attributes and a custom message to the access approver. The custom message explains the reason for the request, potential impact, and duration of data use. Private data and inputs from the access approver are received, determining how the data will be used, maintained, or deleted. The first sub-query is then resolved with the received data, followed by the resolution of other sub-queries based on the dependency order.

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

Abstract: The present disclosure provides an end-to-end efficient privacy-preserving computation apparatus and method for secure two-party matrix inversion, relating to the technical field of privacy-preserving computation. In the present disclosure, the respective corresponding output matrices are determined using the privacy-preserving computation request and the private data matrices and then sent to the requesting party of the secure two-party inversion computation, so that the requesting party obtains the final inversion computation result. This solves the problems of large computation and communication overhead in ciphertext space caused by the introduction of homomorphic encryption and oblivious transfer techniques in the prior art, as well as the privacy and security issues caused by the leakage of original data and the loss of precision in floating-point number calculation due to the limitation of fixed-length digits in ciphertext computation.

Abstract: A federated query engine system and method for multiple datasets is enhanced with privacy preserving features. It may, for example, limit the movement of data from one or more of the datasets being accessed. It may use cryptographic long-term keys, enabling fuzzy table joins that do not require a comparison of the plaintext column values. The query plan may leverage the particular infrastructure of the storage system that houses each of the datasets. The query engine receives a standard SQL query, translates the query into a logical plan for performing the query across the multiple datasets, converts the logical plan into physical plans that are specific to the implementational architecture of the multiple datasets, and sends these physical plans to SQL workers located near the data warehouses housing each dataset.

Abstract: Embodiments of the present disclosure are directed to, among other things, monitoring a user device to determine whether a user associated with the device is safe. In some examples, a user (which may be referred to herein as an “initiator” establishes a device monitoring session (which may be referred to herein as “session”) with a user, or a group of users, so that the user(s) are notified either when the initiator has safely ended the device monitoring session or receives access to session data that was collected during the session. In some configurations, the session can be handed off from a first user device that is currently active to a different user device. Instead of the first user device always being the device that interacts with the server, a different first user device may be selected as the active device to interact with the server.

Abstract: Systems and methods for the matching of records from secret datasets within a zero-trust environment is provided. In some embodiments, a first set of protected information is processed in a first secure enclave to generate a first output. Identifiers of the first output are encrypted as a first hash. The entire first output may be encrypted as a first encrypted payload, which is then transferred to a second secure enclave. A second set of protected information is processed in the second secure enclave to generate a second output. Identifiers of the second output are encrypted as a second hash. The first hash and the second hash may undergo a matching process which identifies candidate data.

Abstract: Systems and methods for the deployment and operation of an algorithm in a zero-trust environment are provided. In some embodiments, an algorithm is encrypted by an algorithm developer within a zero-trust computing node, using a public key. This generates a payload that is transferred to a core management system which in turn distributes the payload to one or more sequestered computing nodes located within the infrastructure of one or more data stewards. The sequestered computing nodes are designed to preserve privacy of data assets and the algorithm. Next the payloads are decrypted, using a private key, within the sequestered computing nodes. This yields the algorithm that can be run against the data assets of the data steward. A report is generated that can be shared with the appropriate parties.

Abstract: A system includes a first application programming interface (API), a second API, and a third API. The first API is configured to receive an input to configure a data sharing permission for a data sharing service. The second API is configured to receive, from a plurality of experience providers, an API response containing data of the user. The third API is configured to classify the data according to a classification scheme such that the data of the user is classified into a plurality of overlapping data categories, generate a user data corpus comprising the classified data of the user, and provide the user with selectable data categories based on the user dataset.

Abstract: In some implementations, a device may receive a request for data, wherein the request is associated with one or more parameters. The device may obtain, based on receiving the request, the data. The device may generate, using the data, differentially private data via a differential privacy function that uses a privacy parameter to control a level of noise that is inserted into the data to generate the differentially private data, wherein the privacy parameter is based on the one or more parameters. The device may provide, in response to the request, the differentially private data.

Abstract: In some embodiments, there is provided a system, which comprises a processor, and at least one non-transitory computer readable media storing instructions.