摘要:
A computer-implemented method (and structure) for creating a service client for a service and a role includes exercising an application programming interface (API) of the service to perform activities of the role, discovering data and behavioral models exposed by the service during this exercise, and configuring a selected set of graphical user interface (GUI) components to represent the discovered data and behavioral models for the activities of the role.
摘要:
In one non-limiting aspect thereof the exemplary embodiments of this invention provide a computer-implemented method to make a decision as to whether a particular claim submitted by a first economic agent for approval by a second economic agent may be a fraudulent claim. The method includes applying statistics to information representing a proxy of fraud to generate an estimate of a probability of fraud for the particular claim; updating the estimate of the probability of fraud using decision making under uncertainty that is based at least in part on at least one type of additional information; applying game theory to the updated estimate of the probability of fraud to model strategic behavior between the first and second economic agents; and generating a recommendation to audit or not audit the particular claim. The proxy of fraud may be imperfect proxy of fraud, such as is found in nascent industries.
摘要:
A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.
摘要:
A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.
摘要:
A system, method and computer program product for identifying security authorizations and privileged-code requirements; for validating analyses performed using static analyses; for automatically evaluating existing security policies; for detecting problems in code; in a run-time execution environment in which a software program is executing. The method comprises: implementing reflection objects for identifying program points in the executing program where authorization failures have occurred in response to the program's attempted access of resources requiring authorization; displaying instances of identified program points via a user interface, the identified instances being user selectable; for a selected program point, determining authorization and privileged-code requirements for the access restricted resources in real-time; and, enabling a user to select, via the user interface, whether a required authorization should be granted, wherein local system, fine-grained access of resources requiring authorizations is provided.
摘要:
Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.
摘要:
Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions.
摘要:
The present invention relates to methodologies for combining policy analysis and static analysis of code and thereafter determining whether the permissions granted by the policy to the code and to the subjects executing it are appropriate. In particular, this involves the verification that too many permissions have not been granted (wherein this would be a violation of the Principle of Least Privilege), and that the permissions being granted are sufficient to execute the code without run-time authorization failures, thus resulting in the failure of the program to execute.
摘要:
Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location.
摘要:
Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes.