| Patent application number | Description | Published |
|---|
| 20080201688 | SYSTEM AND METHOD FOR THE AUTOMATIC VERIFICATION OF PRIVILEGE-ASSERTING AND SUBJECT-EXECUTED CODE - The present relates to a method for verifying privileged and subject-executed code within a program, the method further comprising the steps of constructing a static model of a program, identifying checkPermission nodes that are comprised within the invocation graph, and performing a fixed-point iteration, wherein each determined permission set is propagated backwards across the nodes of the static model until a privilege-asserting code node is reached. The method further comprises the steps of associating each node of the invocation graph with a set of Permission allocation sites, analyzing each identified privilege-asserting code node and subject-executing code node to determine the Permission allocation site set that is associated with each privilege-asserting code node and subject-executing code node, and determining the cardinality of a Permission allocation-site set that is associated with each privilege-asserting code node and subject-executing code node. | 08-21-2008 |
| 20080201693 | SYSTEM AND METHOD FOR THE AUTOMATIC IDENTIFICATION OF SUBJECT-EXECUTED CODE AND SUBJECT-GRANTED ACCESS RIGHTS - The present invention relates to a method for identifying subject-executed code and subject-granted access rights within a program, the method further comprising the steps of: constructing a static model of a program, and determining a set of access rights that are associated with each subject object that is comprised within the program. The method further comprises the steps of annotating the invocation graph with the set of access right data to generate a subject-rights analysis, wherein each node comprised within the invocation graph is mapped to a set of access rights that represent subject-granted access rights under which a method that corresponds to a respective node will be executed, and utilizing the subject-rights analysis to perform a subject-rights analysis of the program. | 08-21-2008 |
| 20080201760 | SYSTEM AND METHOD FOR THE AUTOMATIC EVALUATION OF EXISTING SECURITY POLICIES AND AUTOMATIC CREATION OF NEW SECURITY POLICIES - The present invention relates to methodologies for combining policy analysis and static analysis of code and thereafter determining whether the permissions granted by the policy to the code and to the subjects executing it are appropriate. In particular, this involves the verification that too many permissions have not been granted (wherein this would be a violation of the Principle of Least Privilege), and that the permissions being granted are sufficient to execute the code without run-time authorization failures, thus resulting in the failure of the program to execute. | 08-21-2008 |
| 20100131316 | CARBON MANAGEMENT FOR SOURCING AND LOGISTICS - Embodiments of the invention provide a method, system and computer program product for carbon management for sourcing and logistics. In one embodiment, the method comprises using a computer for quantifying both a cost and a carbon impact of one or more logistics policies relating to a manufacturing process; and minimizing the cost and carbon impact using a defined equation including a first component representing a transportation cost, and a second component representing a carbon cost. In an embodiment of the invention, the quantifying includes using an analytics engine to quantify the cost and carbon impact. The analytics engine may include a shipment analysis module to calculate an optimal transportation policy, a sourcing analysis module for testing alternate sourcing options, a scenario analysis module to find an optimal order frequency, and a sensitivity analysis module to test the impact of various changes. | 05-27-2010 |
| 20110126282 | System, Method and Apparatus for Simultaneous Definition and Enforcement of Access-control and Integrity Policies - Access-control and information-flow integrity policies are enforced in a computing system by detecting security-sensitive sinks in software code for an application running on the computing system and retrieving an access-control policy from a database accessible to the computing system. The access-control policy maps a set of access permissions within the computing system to each one of a plurality of principals. For each detected security-sensitive sink, all principals that influence that security-sensitive sink are detected and an overall access permission is assigned to each security-sensitive sink by taking the intersection of the access permission sets for all influencing principals of that security-sensitive sink. If this permission set is inadequate, an integrity violation is reported. In addition, permission labels are assigned to each value of variables used in the security-sensitive sinks. Each permission label is a set of permissions. | 05-26-2011 |
| 20110145785 | Automatic Optimization of String Allocations in a Computer Program - Access is obtained to an input object-oriented computer program. In the input object-oriented computer program, semantically equivalent objects are identified, which exist in different memory locations. If at least one of: a number of occurrences for the semantically equivalent objects exceeds a first threshold value, the threshold value being at least two; and a number of equality tests on the semantically equivalent objects exceeds a second threshold value, then a further step includes identifying an application program interface to reduce the semantically equivalent objects to a single object in a single memory location. | 06-16-2011 |
