Disclosed is a scalable, graph-based approach to detecting anomalous accesses to resources in a computer network. Access events are represented as edges between resource nodes and accessing nodes (e.g., corresponding to users) in a bipartite graph, from which vector representations of the nodes that reflect the connections can be computed by graph embedding. For an access event of interest, an anomaly score may be computed based on dissimilarities, in terms of their embedding distances, between the associated accessing node and other accessing nodes that have accessed the same resource, and/or between the associated resource node and other resource nodes that have been accessed by the same accessing node.

An integrated circuit device including processing circuitry, communications circuitry configured to provide a communication link with a communication apparatus external to the integrated circuit device, and a memory accessible by the processing circuitry and by the communications circuitry, the memory comprising a memory region to which the processing circuitry has write access and to which the communications circuitry has read access, in which the processing circuitry is configured to write information to the memory region indicative of one or more use conditions of the integrated circuit device, and in which the communications circuitry is configured to access the memory region and to provide the information indicative of the one or more use conditions of the integrated circuit device via the communication link.

In some implementations, a device may monitor incoming messages to at least one message account of a user. The device may determine, based on monitoring the incoming messages, that one or more messages, of the incoming messages, are associated with resetting authentication information for one or more accounts of the user. The device may determine, based on determining that the one or more messages are associated with resetting authentication information, whether the one or more messages are indicative of abnormal authentication information resetting activity. The device may perform one or more actions based on determining that the one or more messages are indicative of abnormal authentication information resetting activity.

In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

A method for authorizing I/O (input/output) commands in a storage cluster is provided. The method includes generating a token responsive to an authority initiating an I/O command, wherein the token is specific to assignment of the authority and a storage node of the storage cluster. The method includes verifying the I/O command using the token, wherein the token includes a signature confirming validity of the token and wherein the token is revocable.

An apparatus includes a processor, configured to designate a memory region in a memory, and to issue (i) memory-access commands for accessing the memory and (ii) a conditional-fence command associated with the designated memory region. Memory-Access Control Circuitry (MACC) is configured, in response to identifying the conditional-fence command, to allow execution of the memory-access commands that access addresses within the designated memory region, and to defer the execution of the memory-access commands that access addresses outside the designated memory region, until completion of all the memory-access commands that were issued before the conditional-fence command.

A computer storage device having a host interface, a controller, non-volatile storage media, and firmware. The firmware instructs the controller to: limit a crypto key to be used in data access requests made in a first namespace allocated on the non-volatile storage media of the computer storage device; store data in the first namespace in an encrypted form that is to be decrypted using the crypto key; free a portion of the non-volatile storage media from the first namespace, the portion storing the data; and make the portion of the non-volatile storage media available in a second namespace without erasing the data stored in the portion of the non-volatile storage media.

In one embodiment, a system may include a memory unit, a first processing unit configured to write data into a memory region of the memory unit, a second processing unit configured to read data from the memory region, a first control unit configured to control the first processing unit's access to the memory unit and, and a second control unit configured to control the second processing unit's access to the memory unit. The first control unit may be configured to obtain, from the second control unit, a first memory address associated with a data reading process of the second processing unit, receive a write request from the first processing unit, the read request having an associated second memory address, and write data into the memory region based on the write request in response to a determination that the second memory address falls outside of the guarded reading region.

A processor includes a register to store an encoded pointer to a variable in stack memory. The encoded pointer includes an encrypted portion and a fixed plaintext portion of a memory address corresponding to the variable. The processor further includes circuitry to, in response to a memory access request for associated with the variable, decrypt the encrypted portion of the encoded pointer to obtain first upper address bits of the memory address and a memory allocation size for a variable, decode the encoded pointer to obtain the memory address, verify the memory address is valid based, at least in part on the memory allocation size, and in response to determining that the memory address is valid, allow the memory access request.

According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.