A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.

A structured document is verified for changes that are made during and after deployment of an application. The structured document includes first fields that are designated as mutable, and second fields that are designated as immutable. An attempted change is detected to the structured document during or after deployment of the application. Upon detecting the attempted change, a digital signature is generated of the second fields of the structured document. A determination is made whether the generated digital signature of the second fields matches a reference digital signature of the second fields. Upon determining that the generated digital signature matches the reference digital signature, the change to the structured document is permitted. Upon determining that the generated digital signature does not match the reference digital signature, the change is blocked to the structured document.

Systems and methods to detect malicious software include an application software repository including a stored header file associated with a driver, an executable, or both, and are operable to (i) receive a memory dump file upon an operating system crash including a driver copy, an executable copy, or both, (ii) verify the memory dump file is new for analysis, (iii) compress the verified memory dump file to generate a memory snapshot of the verified memory dump file, (iv) scan the memory snapshot for a memory dump header file associated with the driver copy, the executable copy, or both, and (v) identify and extract malicious software when the memory dump header file from the memory snapshot fails to match at least one stored header file in the application software repository.

Embodiments relate to systems, devices, and computer-implemented methods for preventing determination of previous access of sensitive content by receiving, from a user, a request for content at a device in an information centric network, where a cached version of the content is locally stored at the device; initiating a time delay based on a determination that the user has not previously requested the content; and transmitting the cached version of the content to the user after the time delay.

In an example embodiment, a system determines a set of instructions from the available instructions for a computer application. The determined set of instructions provides specific functionality of the computer application. The system may determine the set of instructions by performing functional testing and negative testing on the specific functionality. The system may reorganize and randomize the set of instructions in memory and write the reorganized set of instructions to a smaller memory space. For each available instruction not in the set of instructions, the system changes the respective instruction to inoperative to prevent execution of the respective instruction. The system may change the respective instruction to inoperative by overwriting the instruction with a NOP instruction. The system then captures a memory address of the computer application being accessed at runtime. The system may declare a security attack if the captured memory address matches a memory address for an inoperative instruction.

Methods and systems are provided that are effective to generate an alarm for a vehicle. The methods include receiving, by a device, a first sensor value from a first sensor for the vehicle. The methods further include receiving, by the device, a second sensor value from a second sensor for the vehicle. The methods further include retrieving, by the device, an instruction from a memory disposed in the vehicle while the memory is in a write-protected mode. The methods further include evaluating, by the device, the first sensor value and the second sensor value based on the instruction. The methods further include determining, by the device, that the first sensor value is outside a range associated with the first sensor based on the evaluation. The methods further include transforming, by the device, the determination into an alarm.

A method for updating process objects of an automation project stored in an engineering system, wherein an automation device is designed and/or configured via the engineering system to control a technical process and wherein, furthermore, the technical process to be controlled can be operated and monitored via an operator system in which changes to process objects made during the run-time are not lost but secured and are automatically “updated” or “traced” in the engineering system.

An anti-malware device 50 includes: a risk information storage unit 51 in which risk information 510 is stored, in which there are associated a value indicating an attribution of an information processing device 60 for executing software 600, a value indicating an attribution of the software 600, and a value that indicates the degree of risk when the software 600 is executed; a subject attribution collection unit 53 for collecting the value indicating the attribution of the information processing device 60; an object attribution collection unit 54 for collecting the value indicating the attribution of the software 600; and a determination unit 55 for determining that the software 600 is malware when the value indicating the degree of risk obtained by comparing the risk information 510 and the values collected by the subject attribution collection unit 53 and object attribution collection unit 54 satisfies a criterion.

In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

Disclosed herein are a dynamic security module server device for transmitting a dynamic security module to a user terminal and receiving a security management event from the user terminal, and a method of operating the dynamic security module server device. The dynamic security module server device includes a communication unit configured to transmit and receive a security management event over a network, and a processor configured to control the communication unit. The processor is configured to create a security session with the security client of a user terminal, and to transmit a dynamic security module to the security client of the user terminal so that part or all of code performing security management in the security client of the user terminal in which the security session has been created has a predetermined valid period.