An approach is provided that, after receiving a request to execute a computer program, determines an active set of metadata that corresponds to the requested computer program and then loads basic blocks of the requested computer program into memory. One of the loaded basic blocks is a starting block of the requested computer program. The memory also stores basic blocks corresponding to some previously loaded computer programs. The approach also inactivates basic blocks that are currently stored in the memory, with the inactivated basic blocks being identified based on a comparison of the active set of metadata to the sets of metadata that corresponding to the basic blocks of previously loaded computer programs. After inactivating some basic blocks, the approach executes the starting block of the requested computer program.

A method for detecting a fault injection is described. The method includes providing a secondary code, the secondary code including a predetermined function with a known expected result when the secondary code is executed with a known tested input. A primary code is executed in the data processing system. The primary code may be a portion of code that requires protection from a fault injection attack, such as for example, security sensitive code. The secondary code is executed in parallel with the primary code execution in the data processing system to produce an output. The output is compared with the known expected result to detect the fault injection attack of the data processing system. In one embodiment, the secondary code is not related to the primary code.

An apparatus comprises a processing device configured to determine, utilizing a firmware-based agent running in firmware, a boot flag status during a boot process of the processing device. The processing device is also configured to execute, responsive to the boot flag status being a first value, a system update handler of the firmware-based agent configured for provisioning of a secured runtime operating system on the processing device, wherein the provisioning comprises digitally signing an image of the secured runtime operating system utilizing a hardware-based root of trust key. The processing device is further configured to execute, responsive to the boot flag status being a second value, a secured operating system boot handler of the firmware-based agent configured for validating and loading secured runtime operating system, wherein the validation comprises performing attestation of a signature of the image of the secured runtime operating system utilizing the hardware-based root of trust key.

Automated management of software code change and deployment in an information processing system is disclosed. In one example, a method comprises the following steps. The method obtains one or more parameters specifying a software deployment following at least one code change to a set of one or more software programs. The method distinguishes first portions of the set of one or more software programs that are affected by the at least one code change from second portions of the set of one or more software programs that are unaffected by the at least one code change. The method generates at least one deployment script for causing deployment of the first portions of the set of one or more software programs without causing deployment of the second portions of the set of one or more software programs.

A device may load a process under test into virtual memory associated with the device. The virtual memory may include a plurality of memory pages. The device may insert a malware inspection element and a memory tracking element into the process under test and may provide a notification of an event associated with the process under test to a memory tracking element. The device may identify, using the memory tracking element, one or more memory pages of the plurality of memory pages. The one or more memory pages may be assigned to, and used by, the process under test. The device may generate, based on identifying the one or more memory pages, a memory map, associated with the process under test, that may include information identifying the one or more memory pages as being assigned to, and used by, the process under test.

Rapid launch of secure executables in a virtualized environment includes using a persisted security cache in a virtualized component (VC), such as a virtual machine. The VC generates a cache integrity value (IV), such as a hash value, for the security cache and sends it to a remote validator, which returns an indication of security cache validity or invalidity. Upon receiving a request to execute applications, the VC analyzes whether the applications have been determined to be safe to execute and have not been altered. The VC retrieves application IVs from the security cache, rather than hashing each of the applications, thereby saving compute time, and sends the application IVs to a remote validator, which returns an indication of application validity or invalidity.

Methods, apparatus, and processor-readable storage media for automatically performing varied security scans on distributed files using machine learning techniques are provided herein. An example computer-implemented method includes obtaining at least one input file from one of multiple source channels; identifying a data security scan operation, from a set of multiple data security scan operations, for the at least one input file by processing historical data attributed to the at least one input file using machine learning techniques; executing the identified data security scan operation on the at least one input file; generating a hash of the at least one input file and information pertaining to results of the executed data security scan operation; caching the generated hash in at least one cache; and performing automated actions based on the caching of the generated hash in the at least one cache.

The present invention discloses a system and method for automated zero trust security validation and report generation, which performs penetration testing and other testing in a zero trust security environment. The disclosed system and method analyses behavior of software applications under multiple contexts such as firewalls, user identifications, and generate validation report. Beneficially, it encapsulates most kind of security scenarios and threats that software applications require, by taking into account various factors.

The present invention is a device, system, and method for improving network security using pictorial communication and in preferred embodiments optical character recognition for the communication of digital information so as to block malicious code embedded in digital data. More specifically, the present invention in preferred embodiments receives a digital data stream from an open network; identifies and extracts desired digital content from the digital data stream; deletes all remaining digital data; displays the extracted digital content as an pictorial image containing alphanumeric or other characters on one side of an analog air gap; captures the pictorial image on the opposite side of the air gap in a closed network; converts the pictorial image to a digital image file; uses optical character recognition algorithms to recognize and convert the pictorial image into a clean digital content file; and stores a copy of the clean digital content file in the closed network.

An information handling system may determine a personality flag value during a boot process and execute, responsive to detecting that the information handling system entered a secure environment and based on the personality flag value, a system update handler configured for discovering and connecting to a control plane. The system may also provision a secure ephemeral operating system, including receiving an image of the secure ephemeral operating system from the control plane responsive to a secure profile and validating the image prior to loading the secure ephemeral operating system to a random access memory.