Systems and techniques are described for preventing data leaks from a network. A set of sensitive files or sensitive data that includes sensitive information can be received, and a first set of labels can be determined based on the set of sensitive files or sensitive data. An apparatus can then receive data that is to be checked for sensitive information, and determine a second set of labels based on the data. Next, the apparatus can match the second set of labels with the first set of labels. The apparatus can then determine whether or not the data includes sensitive information based on a result of said matching, and perform a data leak prevention action if it is determined that the data includes sensitive information.

A system and method for mitigating micro-architectural replay attacks in a processing system by delaying speculative execution on the processing system of a set of processor instructions upon detection that the set of processor instructions are part of a micro-architectural replay attack by detecting repeating speculative execution of the set of processor instructions interleaved with misspeculation and squashing of the set of processor instructions.

A ransomware mitigation system and corresponding methods are provided. The ransomware mitigation system monitors the rate of modification of files on computing devices to determine whether the monitored rate of modifications exceeds a predetermined threshold. If the threshold is exceeded, then the ransomware mitigation system actuates a forced shutdown of the computing device and/or a forced disconnection of the network connection to the computing device. The ransomware mitigation system includes a software monitoring portion as well as a hardware switching unit. The software monitoring portion is in synchronous bidirectional communication with the hardware switching unit on a separate network. If the software monitoring portion is shutdown then the hardware unit actuates the shutdown and/or disconnection of the computing device(s). The hardware unit includes a hardware lock that requires physical presence of a person to allow for maintenance.

Disclosed herein is a method of performing a password challenge in an embedded system. The method includes receiving a password, scrambling the sub-words of the password pursuant to scramble control codes, retrieving a verification word, scrambling the sub-words of the verification word pursuant to the scramble control codes, and comparing the scrambled sub-words of the password to the scrambled sub-words of the verification word. Access to a secure resource is granted if the scrambled sub-words of the password match the scrambled sub-words of the verification word. The scramble control codes cause random reordering of the sub-words of the password and sub-words of the verification word in a same fashion, and insertion of random delays between the comparison of different sub-words of the password to corresponding sub-words of the verification word.

A mechanism for probabilistically determining the contents of an encrypted file is provided, such that a transfer of the encrypted file can be restricted according to rules associated with an unencrypted version of the file. Embodiments generate a file size table of a subset of files, where each entry of the file size table includes a size information regarding the unencrypted file. Embodiments compare the size of the encrypted file against the file sizes and compressed file size ranges to determine whether the encrypted file has a match. If the size of the encrypted file has a single match in the table, then there is a high probability that the file associated with the matching entry is the unencrypted version of the encrypted file. Rules associated with restricting access of the file related to the matching entry can be used to control transfer of the encrypted file.

The innovation disclosed and claimed herein, in one or more aspects thereof, illustrates systems and methods for providing a technical control to a technically pervasive problem of inadvertent capture of items in a computing environment, returning control of what happens to such items in technical environments that have become widespread and intrusive. The innovation provides a system for users to control the types of items that pervasive computing environment elements may process without their express control with technical countermeasures in a relatively unobtrusive manner.

A proxy system is installed on a computing device that is in the network path between the device and the Internet. The proxy system, residing on the computing device, decrypts and inspects all traffic going in and out of the computing device.

A method, system and non-transitory computer-readable medium for classifying a received data package using a framework. The framework comprises at least one classifier; a processing component for processing the received data package using the at least one classifier, and a database for storing at least a data model and a data set of mappings. The at least one classifier is configured to obtain data of the received data package and apply the data set of mappings to the obtained data to generate normalised data. The data model is then applied to the normalised data to generate at least one permutation of the normalised data, and the data package is classified based on the at least one permutation of the normalised data.

A method, system and non-transitory computer-readable medium for classifying a data package received by a recipient, using a framework. The framework comprises at least one classifier, and a processing component for processing the received data package using the at least one classifier. The classifier is configured to obtain header data of the received data package, where the header data comprises at least a transmission chain from a sender of the data package to the recipient of the data package. A validity characteristic of the header data is determined, wherein determining the validity characteristic comprises analysing the transmission chain. The recipient of the data package is notified of the validity characteristic of the header data.

A computer system includes an ensemble moving target defense architecture that protects the computer system against attack using one or more composable protection layers that change each churn cycle, thereby requiring an attacker to acquire information needed for an attack (e.g., code and pointers) and successfully deploy the attack, before the layers have changed state. Each layer may deploy a respective attack information asset protection providing multiple respective attack protections each churn cycle, wherein the respective attack information asset protections may differ.