A secure, modular multi-tenant machine learning platform is configured to: receive untrusted code supplied by a first tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies a set of one or more security requirements; responsive to determining that the untrusted code satisfies the security requirement(s): deploy the untrusted code to a runtime execution environment; deploy a machine learning model associated with the first tenant to the runtime execution environment, the untrusted code being configured to perform one or more functions using the machine learning model; receive a set of untrusted code supplied by a second tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies the security requirement(s); and responsive to determining that the untrusted code does not satisfy the security requirement(s): refraining from deploying the untrusted code to a runtime execution environment.

A method is provided for installing a security-relevant portion of an application made available by an application provider in a security element of a terminal. The terminal requests the application from the application provider and receives the application. Subsequently, the received security-relevant portion of the application is transmitted to a trustworthy instance administrating the security element. The trustworthy instance subsequently installs the security-relevant portion of the application in the security element.

Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record. The apparatus includes a processor, at least one non-secure data entity, and secure data entities including: a communication monitor adapted to detect communication among secure and non-secure data entities; a permitted instruction record; a first prohibitor adapted to prohibit execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in the permitted instruction record; a prohibited instruction record; and a second prohibitor adapted to prohibit execution of non-secure executable instructions if the non-secure executable instructions are recorded in the prohibited instruction record.

Systems and methods for secure transaction authorization are provided. An emulator is instantiated on a host device and configured to emulate an integrated circuit having a different instruction set than an integrated circuit of the host device, and a guest operating system executing on the emulated integrated circuit is configured to communicate with a host operating system of the host device through an emulated network interface of the emulator. Under control of one or more guest operating system processes executing on the emulated integrated circuit, a request is received over a first secure communication channel from an application executing on the host operating system to authorize a transaction. An authorization result is received from a remote system over a second secure communication channel, and a response is sent to the application over the first secure communication channel indicating the authorization result.

A computer-based method includes monitoring user activities at an endpoint device on a computer network, determining if one of the user activities at the endpoint device presents a potential threat to network security, creating an alert of the potential threat, and providing, with the alert, a redacted version of a screenshot from the endpoint device. One or more open windows that appeared on the screen of the endpoint device are obscured or removed in the redacted version of the screenshot of the endpoint device.

A method for redirecting I/O (Input/Output) sequences. A computer platform is initialized. If the computer platform is enabled for command packet rerouting, the platform firmware may be used to install a runtime enable block I/O interface and a standard UNDI (Universal Network Device Interface) interface for routing I/O requests to a network controller or an out-of-band processor may be used to route I/O requests to a network interface controller. The routing of the I/O requests to the network controller or network interface controller enables the computer platform to boot from a remote block I/O storage device.

The present invention provides methods, systems and computer program products for facilitating loading, configuration and interaction of modular applications and/or modular components of an application on wireless devices such as M2M terminals. Modular elements may be connected to each other based on a system of permissions which determines which elements are permitted to access given services offered by other elements. Once connected, modular elements may communicate directly via a standardized interface.

The techniques disclosed herein enable systems to train machine learning models using benign augmentation to enabled resistance various data poisoning attacks. This is achieved by first training a machine learning model using an initial dataset that is trustworthy and originates from a known source. The initial dataset is then modified to include known attack triggers such as syntactic paraphrasing to generate an augmented dataset. The augmented dataset is then used to train a robust machine learning model based using the initially trained machine learning model. The resultant robust machine learning model is then enabled to detect and resist attacks captured by the augmented dataset. The robust machine learning model can be retrained using an untrusted dataset that includes various compromised inputs in conjunction with the augmented dataset. Retraining results in an updated robust machine learning model that can learn and resist various data poisoning attacks on the fly.

Methods, systems, and computer storage media for providing data security posture management using an application discovery engine in a security management system. Application discovery supports identifying and mapping various applications within a computing environment. In particular, application discovery can be provided as part of security management operations to assess security posture of applications, identify vulnerabilities, and ensure compliance with regulations. In operation, application discovery data associated with a plurality computing resources of a computing environment is accessed. An annotated application discovery graph comprising a plurality of entities that represent the plurality of computing resources is generated. The annotated application discovery graph is deployed to support generating security postures for computing environments. A request is received for a security posture of the computing environment. A security posture visualization that includes an application discovery graph annotation is generated. The security posture visualization is communicated to cause display of the security posture visualization.

A secure, modular multi-tenant machine learning platform is configured to: receive untrusted code supplied by a first tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies a set of one or more security requirements; responsive to determining that the untrusted code satisfies the security requirement(s): deploy the untrusted code to a runtime execution environment; deploy a machine learning model associated with the first tenant to the runtime execution environment, the untrusted code being configured to perform one or more functions using the machine learning model; receive a set of untrusted code supplied by a second tenant; perform a security scan of the untrusted code to determine whether the untrusted code satisfies the security requirement(s); and responsive to determining that the untrusted code does not satisfy the security requirement(s): refraining from deploying the untrusted code to a runtime execution environment.