Abstract: Various techniques to detect and prevent reverse engineering of computer programs are disclosed. A program may be used as a key in an asymmetric cryptographic scheme, where modification of the program would destroy its usefulness as a key. An operator may be dispersed among different lines of code, so that unauthorized insertion or removal of lines of code causes the code to fail. Content of memory may be hashed at different times to detect unauthorized memory access. Code may be modified and hashes computed and compared to hashes expected from such modification. A duration of execution may be measured and compared to an expected duration, where deviation from expected may indicated unauthorized modification of code. Variables may be mapped according to a secret agreed logic to thwart eavesdropping. A program may be made labyrinthine and complex, so that its useful flow paths are difficult to discern.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including generating the virtual PLC application comprising at least two objects arranged in at least a horizontal section, wherein the horizontal section is configured to execute the two objects at the same time, and wherein at least one of the two objects uses a template that specifies mappings between a first data format of first data associated with a first data source and a second data format of second data associated with a third-party application. The method also including executing the virtual PLC application by: identifying when a change has been made to the first data, and converting, via the at least one of the two objects using the template, the first data having the first data format to the second data having the second data format.

Abstract: The present invention relates to a computer-implemented method for obscuring sensitive data. The method comprises: acquiring, by a processor, image data; extracting, by the processor, structured data from the image data, the structured data being sensitive data and having a defined functional format and a defined visual format; generating, by the processor, artificial data that is different from the structured data, the artificial data having the same functional format as the structured data; generating, by the processor, artificial image data based on the image data in which the structured data is replaced with the artificial data, the artificial data being based on the visual format of the structured data; and outputting, by the processor, the artificial image data.

Abstract: A method that ensures validity, reliability, preservation, and accessibility of data and its related metadata for an underlying asset or project using blockchain technology, specifically non-fungible tokens, the modern cloud, and cryptography.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms is described. An example method can include copying, to a first cloud computing entity using a consumer account of the first cloud computing entity, a first subset of a data set associated with a provider account of a second cloud computing entity, wherein the provider account of the second cloud computing entity does not have access to the first cloud computing entity, and then copying, to a third cloud computing entity using a consumer account of the third cloud computing entity, a second subset of the data set, wherein the provider account of the third cloud computing entity does not have access to the first cloud computing entity, for which the first subset of the data set is different from the second subset of the data set.

Abstract: A semiconductor device includes a processor unit, a memory storing a boot program, a reset controller and an address check unit. The reset controller controls a reset for the processor unit based on a reset request and outputs a boot address for the boot program to be executed after reset release to the processor unit. The address check unit performs a tampering check for the boot address output from the reset controller and outputs a boot address error signal based on a tampering check result.

Abstract: The present disclosure concerns methods and systems for registering dynamically created packaged applications with an operating system. A dynamically created packaged application may not include a way to authenticate the packaged application but may declare a dependency on a host package. The host package may include a verified signature and be registered with the operating system. The host package may include a host runtime that references an executable included in the host package. The packaged application may not include executable files but may reference the host runtime. The operating system may register the packaged application based in part on its dependency on the host package. When the packaged application is activated, the packaged application may invoke the host runtime and the executable but do so with an application identity of the packaged application. The application identity may be different from a host runtime identity of the host runtime.

Abstract: A bus filter driver and security agent components configured to retrieve and analyze firmware images are described herein. The bus filter driver may attach to a bus device associated with a memory component and retrieve a firmware image of firmware stored on the memory component. The bus filter driver may also retrieve hardware metadata. A kernel-mode component of the security agent may then retrieve the firmware image and hardware metadata from the bus filter driver and provide the firmware image and hardware metadata to a user-mode component of the security agent for security analysis. The security agent components may then provide results of the analysis and/or the firmware image and hardware metadata to a remote security service to determine a security status for the firmware.

Abstract: In one implementation, a method for providing security on controllers includes detecting computer-readable code running on a controller, the computer-readable code including code portions that each include instructions to be performed by the controller; identifying a current code portion of the computer-readable code; accessing an in-memory graph that models an operational flow of the computer-readable code, wherein the in-memory graph includes a plurality of nodes, each of the nodes corresponding to one of the code portions and each of the nodes having a risk value for the associated code portion that is a measure of security risk for the associated code portion; identifying the risk value for the current code portion; selecting, from a plurality of available flow control integrity (IMV) schemes, an IMV scheme based on the identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme.

Abstract: As described herein, a system, method, and computer program are provided for securing container images. In use, a request to access a container image is identified. In response to the request, a digest of the container image is retrieved. The digest is validated according to an execution and business context. A response to the request is provided, based on a result of the validating.

Abstract: A system and method of anti-malware analysis including iterative techniques that combine static and dynamic analysis of untrusted programs or files. These techniques are used to identify malicious files by iteratively collecting new data for static analysis through dynamic run-time analysis.

Abstract: A network device may load, via a boot ROM application, a provider bootloader application from a memory of the network device and may calculate a first hash value based on decrypting a provider bootloader signature with a provider public key. The network device may calculate a second hash value based on the provider bootloader application and may utilize, when the first hash value and the second hash value are equivalent, the provider bootloader application to load an original equipment manufacturer (OEM) bootloader application from the memory. The network device may calculate a third hash value based on decrypting an OEM bootloader signature with one of a plurality of OEM public keys. The network device may calculate a fourth hash value based on the OEM bootloader application. The network device may complete, when the third hash value and the fourth hash value are equivalent, a boot process for the network device.

Abstract: A system and method for anomaly interpretation and mitigation. A method includes extracting at least one input feature vector from observation data related to an observation; applying an isolation forest to the at least one input feature vector, wherein the isolation forest includes a plurality of estimators, wherein each estimator is a decision tree, wherein the output of each estimator is a split-path of a plurality of split-paths, each split-path having a path-length and including name and a corresponding value for a respective output feature of a plurality of output features; generating a mapping object based on the application of the isolation forest to the at least one feature vector, wherein the mapping object includes the plurality of split-paths; clipping the mapping object based on the path-length of each split-path; and determining at least one mitigation action based on the clipped mapping object.

Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.

Abstract: The present disclosure discloses a method, a related apparatus and storage medium for distributed transaction processing. The method includes: obtaining, by a distributed transaction processing device, a distributed transaction processing request; writing, by the distributed transaction processing device, a commit log corresponding to the distributed transaction processing request to a second object database set in the target database cluster, the commit log comprising a commit indication result; obtaining, by the distributed transaction processing device after the distributed transaction processing device resumes distributed transaction processing, the commit log from the second object database set; and performing, by the distributed transaction processing device when the commit indication result in the commit log instructs to commit the processing operation on the account data in the N accounts, the processing operation on the account data in the N accounts.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information. A user additionally is able to have user data and/or third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal.

Abstract: The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.

Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including receiving, from a first portion of the GUI representing a tool box, a first selection of a first object from a set of objects represented in the GUI, wherein each of the set of objects performs a respective function. The method also includes inserting, into a horizontal section of a second portion of the GUI representing the virtual PLC application, the first object, wherein the horizontal section includes a second object that executes simultaneously as the first object in the horizontal section. The method also includes compiling code implementing the first object and the second object to generate the virtual PLC application, and adding a shortcut of the virtual PLC application to a virtual tray of an operating system.

Abstract: A system has a storage medium encoded with program instructions, and a processor coupled to access the program instructions. The instructions configure the processor for: receiving a first request at a POS terminal to surrender a previously purchased first asset in exchange for at least a portion of a second asset that was used to purchase the first asset, receiving the private key from the first asset; accessing a set of rules stored in a distributed electronic ledger, the set of rules specifying conditions associated with the first request; transmitting an authorization to return the at least a portion of the second asset in exchange for surrender of the first asset, in the case where the conditions are satisfied; and invalidating the first request in the case where one or more of the conditions are not satisfied.

Abstract: An apparatus, method, and system for updating a file index in a search engine in a data backup system to reflect file changes introduced in a new backup is disclosed. The operations comprise: generating a first external file, the first external file comprising file hashes for files already indexed in a file index in a search engine of a data backup storage system that are not associated with a deleted status; generating a second external file, the second external file comprising file hashes for files in a new backup; determining one or more file changes introduced in the new backup based on a comparison between the first external file and the second external file; and updating the file index in the search engine to reflect the one or more file changes introduced in the new backup.

Abstract: A vehicle control device that verifies integrity of a program within a higher-importance region containing a start-up program; and that verifies integrity of a program within a lower-importance region in a state in which the program within the higher-importance region has been started up by the start-up program.

Abstract: A system for a cryptographic agile bootloader for upgradable secure computing environment, the cryptographic agile bootloader comprising a computing device associated with a first bootloader is presented. The computing device includes a secure root of trust, the secure root of trust configured to produce a first secret and a second secret and a processor. The processor is configured to load a second bootloader, wherein the second bootloader is configured to generate a secret-specific public datum as a function of the second secret, wherein the secret-specific public datum further comprises a bootloader measurement, load a first bootloader, wherein the first bootloader is configured to sign the secret-specific public datum as a function of the first secret, and replace the first bootloader with the second bootloader.

Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.

Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.

Abstract: The present invention relates to a device (1) such as a connected object comprising a first electronic circuit (2) comprising: a first processing unit (6) for executing a program, a first memory (8) for memorizing data during the execution of the program, a debug port (10) dedicated to checking the execution of the program from outside the first circuit, a second electronic circuit (4) connected to the debug port (10), comprising: a second memory (14) memorizing reference data related to the program, a second processing unit (12) for implementing the following steps automatically and autonomously via the debug port (10): checking the integrity of the data memorized by the first memory (8) and/or the compliance of the program's execution by the first processing unit (6) with a reference execution, assisted by the reference data.

Abstract: A method of validating software including maintaining, in a trusted computing system, a copy of at least portions of data of the software, the software comprising data in an untrusted computing system. The method includes, with the trusted computing system, specifying selected data from data included in the copy as hash data, generating an executable file for generating a hash based on the specified hash data, executing the executable file to generate a check hash using the specified selected data from the copy as the hash data, and determining whether the software is valid based, at least in part, on a comparison of the check hash to an access hash generated by execution of the executable file by the untrusted computing system using the specified selected data from the untrusted computing system as the hash data.

Abstract: A variety of applications can include apparatus and/or methods of controlling a secure boot mode for a memory system. In an embodiment, a system includes a memory component and a processing device, where the processing device is configured to control a boot process for the system to operate the memory component and perform a cryptographic verification with a host to conduct an authentication of the host. The processing device can interact with the host, in response to the authentication, to receive a setting to control the boot process in a secure boot mode. The processing can interact with another processing device of the system to store the setting and to receive a secure boot signal from the other processing device, where the secure boot signal is a signal to assert or de-assert the secure boot mode depending on a value of the setting. Additional apparatus, systems, and methods are disclosed.

Abstract: A processing device receives a command to arm a memory device for self-destruction. In response to the command, a self-destruction countdown timer is commenced. An expiry of the self-destruction countdown timer and based on detecting the expiry of the self-destruction countdown timer, data stored by the memory device is destructed.

Abstract: Disclosed is a vehicular update system including a communication device configured to communicate between a server and a controller included in a vehicle, a memory, and a controller configured to, (i) when a public key set including a root public key for verifying a root signature is stored in the memory, acquire the root signature from the server and verify root metadata based on the acquired root signature and the root public key of the public key set pre-stored in the memory, and configured to, (ii) when the public key set is not stored in the memory, acquire, from the server, root metadata including a public key set and a root signature obtained by performing a digital signature on a hash value of the public key set using a root private key, verify the root metadata based on the root public key of the acquired root metadata and the root signature, and store the public key set.

Abstract: A system and method secures data including sensitive data parts for exporting and securely analyzes the secure exported data. In one embodiment, the secure data may be analyzed using at least two compute elements. In one embodiment, the system may use the AES process to secure the sensitive parts of the data.

Abstract: A virtual environment system for validating executable data using authorized hash outputs is provided. In particular, the system may generate a virtual environment using a virtual environment device, where the virtual environment is logically and/or physically separated from other devices and/or environments within the network. The system may then open a specified set of executable data within the virtual environment and perform a set of commands or processes with respect to the executable data. If the system determines that the executable data is unsafe to run, the system may generate a hash output of the executable data and store the hash output in a database of unauthorized executable data. In this way, the system may securely generate a repository of authorized and unauthorized hashes such that the system may ensure that unsafe executable data is blocked from being processed within a network environment.

Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.

Abstract: A method for configuring resources at an information handling system may include determining, during initialization, a wide area network (WAN) Internet Protocol (IP) address associated with the information handling system, and retrieving a list of trusted IP addresses from a storage location at the information handling system. The method may further include configuring a first resource at the information handling system to operate in a first state in response to determining that the WAN IP address is included at the list of trusted IP addresses, and configuring the first resource at the information handling system to operate in a second state in response to determining that the WAN IP address is not included at the list of trusted IP addresses.

Abstract: Methods and devices for determining whether a mobile device has been compromised. The mobile device has a managed portion of memory and an unmanaged portion of memory, a managed profile and an unmanaged profile, and the managed profile includes files stored in the managed portion of memory and the unmanaged profile includes files stored in the unmanaged portion of memory. The managed profile is governed by a device policy set by a remote administrator. File tree structure information for the managed profile of the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in the managed portion of memory. It is determined from the file tree structure information that the mobile device has been compromised and, based on that determination, an action is taken.

Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example computer-implemented method can include receiving data sharing information from a data provider for sharing a data set in a data exchange from a first cloud computing entity to a set of second cloud computing entities. In response to receiving the data sharing information, the method may also include creating an account with each of the set of second cloud computing entities. The method may also further include sharing the data set from the first cloud computing entity with the set of second cloud computing entities using at least the corresponding account of that second cloud computing entity.

Abstract: A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.

Abstract: An information handling system includes a basic input/output system having a virtual advanced configuration and power interface device. A processor may download a device driver for a particular virtual advanced configuration and power interface device, wherein the device driver includes a code for a security feature and a signed file that includes a list of identifiers of compromised information handling systems. The processor may determine whether the information handling system is compromised based on the list of identifiers of compromised information handling systems in the signed file, and execute the code for the security feature.

Abstract: A method of verifying an application, according to an embodiment, includes: storing application codes; loading a part of the application codes into a memory; and verifying the application by using the codes loaded into the memory.

Abstract: Systems and method of identifying malware in backups are provided. Backups are subjected to analysis for malware signatures based on malware signature files that are received after the backup is produced. This approach allows the distinction between clean and infected restore points. The testing of backups for malware infection may be performed by a backup provider or an third party.

Abstract: A computer system, method, and device perform targeted acquisition of data. The system includes an examiner device having a processor and a memory, an agent in the form of an executable program for finding and transferring targeted data, and a target endpoint system. The examiner device is configured to deploy the agent to the target endpoint system. The agent is configured to establish a connection with the examiner device. The examiner device is configured to send a request for targeted data to the agent. The agent is configured to locate the targeted data on the target endpoint system. The agent is configured to transfer the targeted data to the examiner device.

Abstract: A memory stores a program to be executed by a microprocessor. The program includes a first program part and a second program part. An authenticator is configured to authenticate the program and includes a module that is external to the microprocessor and configured to authenticate said first program part when the microprocessor is inactive. The authenticator further activates the microprocessor to execute the first program part and authenticate said second program part using instructions of the first program part if the module has authenticated the first program part. The microprocessor then executes the second program part if the microprocessor has authenticated said second program part.

Abstract: There is provided a method of patching a binary having vulnerability which is performed by a computing device. The method comprises loading a first binary to be patched, into a memory, generating a second binary by patching to call a stack frame initialization function from a vulnerable function of the first binary, executing the stack frame initialization function by calling the vulnerable function when the second binary is executed and initializing a stack frame area of the vulnerable function so as to automatically initialize a variable declared in the vulnerable function.

Abstract: In one embodiment, a method for developing a virtual programmable logic controller (PLC) application using a graphical user interface (GUI) is disclosed. The method including receiving, from a first portion of the GUI representing a tool box, a first selection of a first object from a set of objects represented in the GUI, wherein each of the set of objects performs a respective function. The method also includes inserting, into a horizontal section of a second portion of the GUI representing the virtual PLC application, the first object, wherein the horizontal section includes a second object that executes simultaneously as the first object in the horizontal section. The method also includes compiling code implementing the first object and the second object to generate the virtual PLC application, and adding a shortcut of the virtual PLC application to a virtual tray of an operating system.

Abstract: The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to defend against dynamic-link library (DLL) side-loading attacks. An example apparatus includes a fingerprint generator to determine a first DLL fingerprint of a first DLL stored at a first OS path referenced by an operating system (OS) event generated by a computing device, and, in response to determining that a second DLL having the same name as the first DLL is stored at a second OS path superseding the first OS path, determine a second DLL fingerprint of the second DLL, a fingerprint comparator to determine whether at least one of the first or the second DLL fingerprint satisfies a deviation threshold based on a comparison of the first and the second DLL fingerprint to a reference DLL fingerprint, and a security action enforcer to execute a security action to protect a computing device from an attack.

Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.

Abstract: A technique includes determining relations among a plurality of entities that are associated with a computer system; and selectively grouping behavior anomalies that are exhibited by the plurality of entities into collections based at least in part on the determined relations among the entities. The technique includes selectively reporting the collections to a security operations center.

Abstract: The disclosed computer-implemented method for safely executing unreliable malware may include (i) intercepting a call to an application programming interface (API) in a computing operating system, the API being utilized by malware for disseminating malicious code, (ii) determining an incompatibility between the API call and the computing operating system that prevents successful execution of the API call, (iii) creating a proxy container for receiving the API call, (iv) modifying, utilizing the proxy container, the API call to be compatible with the computing operating system, (v) sending the modified API call from the proxy container to the computing operating system for retrieving the API utilized by the malware, and (vi) performing a security action during a threat analysis of the malware by executing the API to disseminate the malicious code in a sandboxed environment. Various other methods, systems, and computer-readable media are also disclosed.