Apparatus, systems, methods for measuring a side-channel is disclosed. The methods involve obtaining a first measurement of a magnetic field in a first range from the side-channel of the at least one electronic device; generating a version of the side-channel; obtaining a second measurement of the magnetic field in a second range from the version of the side-channel; and generating a composite measurement of the magnetic field from the side-channel of the at least one electronic device based on the first measurement and the second measurement. The first range includes a minimum threshold and at least a portion of the second range is less than the minimum threshold of the first range.

Apparatus, systems, methods for measuring a side-channel is disclosed. The methods involve obtaining a first measurement of a magnetic field in a first range from the side-channel of the at least one electronic device; generating a version of the side-channel; obtaining a second measurement of the magnetic field in a second range from the version of the side-channel; and generating a composite measurement of the magnetic field from the side-channel of the at least one electronic device based on the first measurement and the second measurement. The first range includes a minimum threshold and at least a portion of the second range is less than the minimum threshold of the first range.

Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

A security program installed or in communication with a computer is provided. The security program is configured to intercept disk (I/O) operations that read/write from/to disk. This allows the security program to confirm and control access to data based on security rules. Further, the security program can categorize data based on security rules and then format and store data on disk in a format that prevents access by application(s) of the computer. The security program is further configured to re-format data to be accessible by the application in a format accessible by the application(s) when a request to access the data complies with security rules.

A security program installed or in communication with a computer is provided. The security program is configured to intercept disk (I/O) operations that read/write from/to disk. This allows the security program to confirm and control access to data based on security rules. Further, the security program can categorize data based on security rules and then format and store data on disk in a format that prevents access by application(s) of the computer. The security program is further configured to re-format data to be accessible by the application in a format accessible by the application(s) when a request to access the data complies with security rules.

Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.

Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.