Sharing context between web frames increases consistent application of security policies, without requiring changes to a document object model. A proxy receives a first request implicating a first web frame and its URL, potentially issues a sub-request and gets a sub-response, and creates a first response to the first request, including a context in frame creation or frame navigation code. Thus, context such as a domain identification is made available for sharing between the first web frame and a second web frame without altering a document object model of a web page of the first web frame, and without imposing a same-origin policy workaround. Sharing the context allows the proxy to ascertain a policy based on the context, so it can apply the policy in reactions to subsequent requests. Context sharing allows window frames to be associated together in the proxy, and informs browser rendering.

A method for executing a binary code of a secure function includes obtaining a pointer containing: a first range of bits containing the address of a line of code, and a second, different range of bits containing an identifier of the pointer, storing the line of code, this line of code containing a first integrity tag constructed or encrypted using the identifier of the pointer, loading the line of code from the address contained in the first range of bits of the pointer, verifying the integrity of the loaded line of code by constructing a second integrity tag using the identifier of the pointer contained in the second range of bits of the pointer used to load it.

This document discloses a method and system for just-in-time compression and optimization of raw unstructured in-line and in-transit data by identifying low entropy data blocks or duplicated information security information in raw computer security alerts within a series of time windows. In particular, the method and system automatically manages; processes; and optimizes in-line and in-transit data blocks or raw information security alerts received from a plurality of information surveillance sources and/or peripheral monitoring devices simultaneously. The data blocks or raw information security alerts that are found to be unique in the various time windows are transposed into meta-definition tables to be further processed while redundant data blocks or raw alerts contained within each particular time window are identified, marked and processed accordingly.

Techniques are described for runtime checking of function metadata prior to execution of a function in an environment. An application may include any appropriate number of components at one or more levels in a hierarchical arrangement, and each component may be packaged with metadata that describes the component. A function, or any component, may be packaged with metadata that includes term(s) governing the usage of the function. The term(s) may be checked, at runtime, during execution of the application to determine whether the function is to be executed. A function may also be hashed at runtime for verification of function version. Function(s) may be individually and independently executed as containerized nano functions within the environment.

Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code. Such characteristics may be analyzed to automatically determine indicators of compromise, which can be used as signatures of the malicious code for subsequent runtime detection of malicious code.

Described are techniques to enable computers to efficiently determine if they should run a program based on an immediate (i.e., real-time, etc.) analysis of the program. Such an approach leverages highly trained ensemble machine learning algorithms to create a real-time discernment on a combination of static and dynamic features collected from the program, the computer's current environment, and external factors. Related apparatus, systems, techniques and articles are also described.

In some examples, geographical track data obfuscation may include ascertaining geographical data points that include a first data point and subsequent data points. For each of the subsequent data points, a delta degree value may be determined as a difference between a subsequent data point and a corresponding previous data point. A first format preserving encryption (FPE) may be applied to encrypt longitude and latitude values of the first data point. A second FPE may be applied by applying a translation of a plurality of translations to encrypt each delta degree value. A total distance traveled, a total time, and/or a total elevation gain may be extracted from the encrypted first data point and the encrypted delta degree values.

A method for protecting user privacy on a mobile communication device, such as a smart phone or tablet computing device, is provided. The method includes performing a facial recognition of a user in order to authenticate the user for a normal operation of the device; displaying, on a screen of the device, first content that corresponds to the normal operation of the device by the authenticated user; detecting a presence of a face of a second person that is different from the authenticated user; and displaying, on the screen, second content that corresponds to a predetermined safety screen, such that the first content is hidden from being displayed. The method may be implemented such that the safety screen is displayed in response to detecting an aversion of the eyes of the authenticated user.

Methods and apparatuses are described for unstructured computer text is analyzed for masking of confidential information using artificial intelligence. A client device generates a message comprising unstructured computer text including confidential information. A server trains a word embedding model using the unstructured text. The server generates a multidimensional vector for each word in the unstructured text, generates a mapping table comprising a predetermined set of words corresponding to confidential information from the unstructured text, and determines one or more neighboring words in the trained word embedding model using the predetermined set of words. The server updates the mapping table to incorporate the one or more neighboring words and executes rules on the unstructured text that filter out one or more words, and applies the updated mapping table to match words in the updated mapping table with words in the filtered text and mask the matching words in the unstructured text.

Techniques for just-in-time transmission of digital document files (e.g., word processing files, spreadsheet files, presentation files, etc.) using transfer protocols such as an HTTP compliant protocol. In one embodiment, a method includes transforming a digital document file into a plurality of distinct digital image files, and generating a pagelist file having a plurality of tags and uniform resource indicators (URIs) indicating an order of presentation of the plurality of digital image files. The plurality of digital image files and the pagelist file can be made available for serving to a client device which can retrieve the digital image files using the pagelist file.