The present disclosure provides privacy preservation of analytic workflows based on splitting the workflow into sub-workflows each with different privacy-preserving characteristics. Libraries are generated that provide for formatting and/or encrypting data for use in the sub-workflows and also for compiling a machine learning algorithm for the sub-workflows. Subsequently, the sub-workflows can be executed using the compiled algorithm and formatted data.

A system includes a memory-mapped register (MMR) associated with a claim logic circuit, a claim field for the MMR, a first firewall for a first address region, and a second firewall for a second address region. The MMR is associated with an address in the first address region and an address in the second address region. The first firewall is configured to pass a first write request for an address in the first address region to the claim logic circuit associated with the MMR. The claim logic circuit associated with the MMR is configured to grant or deny the first write request based on the claim field for the MMR. Further, the second firewall is configured to receive a second write request for an address in the second address region and grant or deny the second write request based on a permission level associated with the second write request.

A system includes a memory-mapped register (MMR) associated with a claim logic circuit, a claim field for the MMR, a first firewall for a first address region, and a second firewall for a second address region. The MMR is associated with an address in the first address region and an address in the second address region. The first firewall is configured to pass a first write request for an address in the first address region to the claim logic circuit associated with the MMR. The claim logic circuit associated with the MMR is configured to grant or deny the first write request based on the claim field for the MMR. Further, the second firewall is configured to receive a second write request for an address in the second address region and grant or deny the second write request based on a permission level associated with the second write request.

Various examples are provided related to identification of protected information elements associated with unique entities in data files present in data file collections associated with enterprise IT networks. The unique entities can be associated with one or more entity identifications in one or more data files. Computer-generated identification of entity identifications and protected information elements can be conducted, in part, by at least some human review. Information generated accordingly to the disclosed methodology can be used to generate plans for a time and number of human reviewers needed to review data files. Information generated from the processes herein can be configured as user notifications, reports, dashboards, machine learning for subsequent data file analyses, and notifications of unique entities having protected information elements present in one or more data files.

An apparatus to facilitate provenance audit trails for microservices architectures is disclosed. The apparatus includes one or more processors to: obtain, by a microservice of a service hosted in a datacenter, provisioned credentials for the microservice based on an attestation protocol; generate, for a task performed by the microservice, provenance metadata for the task, the provenance metadata including identification of the microservice, operating state of at least one of a hardware resource or a software resource used to execute the microservice and the task, and operating state of a sidecar of the microservice during the task; encrypt the provenance metadata with the provisioned credentials for the microservice; and record the encrypted provenance metadata in a local blockchain of provenance metadata maintained for the hardware resource executing the task and the microservice.

An analysis function imparting device (10) includes a virtual machine analyzing unit (121) that analyzes a virtual machine of a script engine, a command set architecture analyzing unit (122) that analyzes a command set architecture that is a command system of the virtual machine, and an analysis function imparting unit (123) that performs hooking for imparting multipath execution functions to the script engine, on the basis of architecture information acquired by the analysis performed by the virtual machine analyzing unit (121) and the command set architecture analyzing unit (122).

A computer-implemented method which identifies the possibility of manipulation of the software of a first component of a plurality of components of an on-board network of a vehicle in a central device for mitigating software manipulation. A central device for mitigating manipulation is designed to mitigate software manipulation in each of the plurality of components in the on-board network. The method includes initiation of a countermeasure for mitigating manipulation of the first component by the central device for detecting and mitigating manipulation.

A computer-implemented method which identifies the possibility of manipulation of the software of a first component of a plurality of components of an on-board network of a vehicle in a central device for mitigating software manipulation. A central device for mitigating manipulation is designed to mitigate software manipulation in each of the plurality of components in the on-board network. The method includes initiation of a countermeasure for mitigating manipulation of the first component by the central device for detecting and mitigating manipulation.

An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.

A method for detecting a fault injection is described. The method includes providing a secondary code, the secondary code including a predetermined function with a known expected result when the secondary code is executed with a known tested input. A primary code is executed in the data processing system. The primary code may be a portion of code that requires protection from a fault injection attack, such as for example, security sensitive code. The secondary code is executed in parallel with the primary code execution in the data processing system to produce an output. The output is compared with the known expected result to detect the fault injection attack of the data processing system. In one embodiment, the secondary code is not related to the primary code.