A method and system is disclosed that permits users of an online gaming platform to communicate via voice with other user in the online gaming platform.

A computer-implemented method at a data management system comprises: generating, with one or more processors, a containerized runtime in a memory in communication with the one or more processors; instantiating, with the one or more processors, an app in the runtime; receiving, with the one or more processors, a request from the app for data; retrieving, with the one or more processors, a copy of the requested data from a data source; and transmitting, with the one or more processors, the data to the containerized runtime for the app to operate on.

A method for performing a security chip protocol comprises receiving, by processing hardware of a security chip, a message from a first device as part of performing the security chip protocol. The processing hardware retrieves a secret value from secure storage hardware operatively coupled to the processing hardware. The processing hardware determines a path through a key tree based at least in part on the message. The processing hardware derives a validator at least in part from the secret value using a sequence of entropy redistribution operations associated with the path through the key tree. The processing hardware exchanges the validator between the security chip and the first device as part of the security chip protocol in order to authenticate at least one of the security chip or the first device.

Audio visual privacy controls can be provided. A privacy service can be configured to interface with multiple filter drivers that are loaded above components of an AV platform to enable the privacy service to selectively block a particular AV app's access to an AV device based on context. A privacy service may leverage a first filter driver to identify an AV app and may leverage a second filter driver to block the AV app's access. The privacy service may consider different types and combinations of context to determine when access to an AV device's stream should be blocked.

A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with its own separate encryption capability, or no encryption at all. Data integrity is ensured by hardware protection from code attempting to access data across memory segment boundaries. Protection is also provided against dictionary attacks by monitoring multiple access attempts to the same memory location.

A method can include identifying fixed instructions of the instructions and relocatable instructions of the instructions, the fixed instructions reference another instruction of the instructions and the relocatable instructions do not reference another instruction of the instructions, altering the location of the relocatable instructions relative to one another in the memory and add respective reference instructions to the fixed instructions and relocatable instructions that cause the instructions to be executed in a same order as they would be if the location was not altered, and executing the fixed instructions and the relocatable instructions from their altered locations in the medium.

A method, system and non-transitory computer-readable medium for classifying a received data package, using a framework comprising a classifier, a processing component for processing the data package using the classifier, and a database for storing relationship data indicating relationships between a sender and a recipient. The classifier is configured to obtain header data of the received data package, the header data comprising user identifiers corresponding to the sender and the recipient, and to obtain data representing a relationship between the sender and the recipient from the database. A relationship metric is determined based on the relationship, wherein the relationship is indicative of a communication history between the sender and the recipient. A handling action is then applied to the received data package based on the relationship metric, and the relationship data between the sender and the recipient in the database is updated based on the received data package.

Embodiments described herein enable the detection, analysis and signature determination of obfuscated malicious code. Such malicious code comprises a deobfuscation portion that deobfuscates the obfuscated portion during runtime to generate deobfuscated malicious code. The techniques described herein deterministically detect and suspend the deobfuscated malicious code when it attempts to access memory resources that have been morphed in accordance with embodiments described herein. This advantageously enables the deobfuscated malicious code to be suspended at its initial phase. By doing so, the malicious code is not given the opportunity to delete its traces in memory regions it accesses, thereby enabling the automated exploration of such memory regions to locate and extract runtime memory characteristics associated with the malicious code. Such characteristics may be analyzed to automatically determine indicators of compromise, which can be used as signatures of the malicious code for subsequent runtime detection of malicious code.

Using a computer system, an instruction is received to define or modify a permission constraint corresponding to one or more files. A permission-instruction data set representing the permission constraint is stored in a data store. Subsequent to storing the permission-instruction data, a user request to access a particular file is intercepted. The data store is queried to determine whether any pending permission-instruction data set corresponds to the particular file. In response to the query, it is determined that the permission-instruction data set corresponds to the particular file. A permission constraint of the particular file is added or modified based on the permission-instruction data set. Based on the modified or added permission constraint, it is determined whether and/or an extent to which the user request is authorized. A response to the user request based on the determination as to whether and/or an extent to which the user request is authorized.

Examples include a system and computer-implemented method to receive a notification from an application programming interface (API) of creation of a just in time (JIT) grant, the JIT grant defining a request for a user to be authorized to access a cluster according to a JIT policy; determine if access to the cluster by the user is authorized according to the JIT policy; grant access to the user to the cluster when access is authorized according to the JIT policy; and send a notification to the API that access by the user to the cluster is granted.