公开(公告)号：JP2011013810A

公开(公告)日：2011-01-20

申请号：JP2009155705

申请日：2009-06-30

Applicant: Internatl Business Mach Corp ,  インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation

Inventor： TATEISHI TAKAAKI ,  TABUCHI SUNAO ,  PISTOIA MARCO ,  HAVIV YINNON

IPC: G06F11/36 ,  G06F21/22

CPC classification number: G06F21/577 ,  G06F8/43 ,  G06F11/3604 ,  G06F21/563

Abstract: PROBLEM TO BE SOLVED: To determine the validity of a character string generated by a program written in a programming language without executing the program.SOLUTION: The method for determining the validity of a character string generated by a program includes: abstracting a constraint between variables extracted from a source code for a programming language, wherein the variables include a string declaration and the definition of each variable is unique, describing the constraint in M2L, giving a specification to determine whether the character string is safe or unsafe in M2L, and evaluating the validity of the character string on an M2L solver on the basis of the constraint on the variables and the specification to determine whether the string is safe or unsafe.

Abstract translation: 要解决的问题：确定由编程语言编写的程序生成的字符串的有效性，而不执行程序。解决方案：用于确定程序生成的字符串的有效性的方法包括：在变量之间抽象约束 从编程语言的源代码提取，其中变量包括字符串声明，并且每个变量的定义是唯一的，描述了M2L中的约束，给出了在M2L中确定字符串是安全还是不安全的规范，以及评估 在M2L求解器上的字符串的有效性基于对变量的约束和规范来确定字符串是否安全或不安全。

公开(公告)号：WO2014052410A3

公开(公告)日：2014-06-05

申请号：PCT/US2013061615

申请日：2013-09-25

Applicant: IBM

Inventor： PISTOIA MARCO ,  TRIPP OMER

IPC: G06F21/00 ,  H04L9/00

CPC classification number: G06F21/577

Abstract: Methods and systems for training a static security analysis classifier include running (102) an initial security analysis on a training codebase to generate a set of vulnerabilities associated with the training codebase; analyzing (104) the program with a feature set that limits a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set; comparing (106) the limited set of vulnerabilities to a known vulnerability distribution to generate an accuracy score; and iterating the steps of analyzing (104) and comparing (106) using different feature sets to find a feature set having a highest accuracy score.

Abstract translation: 用于训练静态安全分析分类器的方法和系统包括对培训代码库运行（102）初始安全分析以生成与训练代码库相关联的一组漏洞; 使用限制多个检测到的漏洞来生成与特征集相关联的有限的一组漏洞来分析（104）该程序; 将有限的一组漏洞与已知的漏洞分布进行比较（106）以产生准确度分数; 并迭代分析（104）和比较（106）使用不同特征集的步骤，以找到具有最高精度得分的特征集。

公开(公告)号：WO2014078341A2

公开(公告)日：2014-05-22

申请号：PCT/US2013069779

申请日：2013-11-13

Applicant: IBM

Inventor： LIGMAN JOSEPH W ,  PISTOIA MARCO ,  PONZO JOHN ,  THOMAS GEGI

IPC: G06F17/22

CPC classification number: G06F17/2247 ,  G06F3/00 ,  G06F17/00

Abstract: An embodiment includes causing elements to be recognized that correspond to one or more browser-supported programming languages in an application. The recognized elements are those elements that can be converted to native user interface elements in the operating system and rendered on a display of a computing device. The elements in the one or more browser-supported programming languages are converted to native user interface elements. The native user interface elements are caused to be rendered on the display of the computing device. Methods, apparatus, software, and computer program products are disclosed.

Abstract translation: 一个实施例包括引起与应用程序中的一个或多个浏览器支持的编程语言相对应的元素。 识别的元素是可以在操作系统中转换为本地用户界面元素并在计算设备的显示器上呈现的那些元素。 一个或多个浏览器支持的编程语言中的元素被转换为本机用户界面元素。 使本机用户界面元素呈现在计算设备的显示器上。 公开了方法，装置，软件和计算机程序产品。

公开(公告)号：WO2008086093A3

公开(公告)日：2008-09-04

申请号：PCT/US2008050111

申请日：2008-01-03

Applicant: IBM ,  KOVED LAWRENCE ,  PISTOIA MARCO

Inventor： KOVED LAWRENCE ,  PISTOIA MARCO

IPC: G06F17/00

CPC classification number: G06F21/6218 ,  G06F21/33

Abstract: A method for enforcing privacy policies associated with data. The method includes accessing a database to identify labeled data in the database, the labeled data associated with a privacy policy (110). An access node accessing the label data is determined (112). For the access node accessing the labeled data, it is determined whether the access node applies an authorization test as indicated by the privacy policy (114). An authorization test is associated with the access node if the access node does not apply necessary authorization indicated by the privacy policy (118).

Abstract translation: 一种执行与数据相关联的隐私策略的方法。 该方法包括访问数据库以识别数据库中的标记数据，与隐私策略（110）相关联的标记数据。 确定访问标签数据的接入节点（112）。 对于接入节点访问标记的数据，确定接入节点是否应用由隐私策略（114）指示的授权测试。 如果访问节点不应用隐私策略指示的必要授权（118），则授权测试与接入节点相关联。

公开(公告)号：WO2014078466A3

公开(公告)日：2014-08-07

申请号：PCT/US2013069970

申请日：2013-11-14

Applicant: IBM

Inventor： BALUDA MAURO ,  CASTRO PAUL C ,  PISTOIA MARCO ,  PONZO JOHN J

IPC: G06F11/00

CPC classification number: G06F21/552 ,  G06F21/52 ,  G06F21/53 ,  G06F21/565 ,  G06F21/566 ,  G06F21/567 ,  G06F21/568 ,  G06F2221/2111 ,  G06F2221/2115 ,  H04L63/14 ,  H04L63/1408 ,  H04W12/08

Abstract: An example includes intercepting one or more activities performed by an application on a computing device. The intercepting uses an instrumentation layer separating the application from an operating system on the computing device. The one or more activities are compared with one or more anomaly detection policies in a policy configuration file to detect or not detect presence of one or more anomalies. In response to the comparison detecting presence of one or more anomalies, indication(s) of the one or more anomalies are stored. Another example includes receiving indication(s) of anomaly(ies) experienced by an application on computing device(s) and analyzing the indication(s) of the anomaly(ies) to determine whether corrective action(s) should be issued. Responsive to a determination corrective action(s) should be issued based on the analyzing, the corrective action(s) are issued to the computing device(s). Methods, program products, and apparatus are disclosed.

Abstract translation: 一个示例包括拦截由计算设备上的应用执行的一个或多个活动。 拦截使用将应用程序与计算设备上的操作系统分开的仪器层。 将一个或多个活动与策略配置文件中的一个或多个异常检测策略进行比较以检测或不检测一个或多个异常的存在。 响应于检测到一个或多个异常的存在的比较，存储一个或多个异常的指示。 另一个例子包括接收应用在计算设备上经历的异常指示并分析异常指示以确定是否应发布纠正措施。 响应于确定，应基于分析发出纠正措施，向（一个或多个）计算设备发出纠正措施。 公开了方法，程序产品和设备。

公开(公告)号：WO2012048336A2

公开(公告)日：2012-04-12

申请号：PCT/US2011055718

申请日：2011-10-11

Applicant: IBM ,  CENTONZE PAOLINA ,  MALKIN PETER K ,  PISTOIA MARCO

Inventor： CENTONZE PAOLINA ,  MALKIN PETER K ,  PISTOIA MARCO

IPC: G06F9/44 ,  G06F9/45

CPC classification number: G06F8/443 ,  G06F8/24

Abstract: A method includes, using a static analysis performed on code, analyzing the code to determine a set of unchanged objects and modifying the code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method also includes outputting the modified code. Apparatus and program products are also disclosed. Another method includes accessing code from a client, and in response to any of the code being source code, compiling the source code into object code until all the code from the client comprises object code. The method further includes, using a static analysis performed on the object code, analyzing the object code to determine a set of unchanged objects and modifying the object code to exercise a singleton-pattern technique for one or more members of the set of unchanged objects. The method additionally includes returning the modified object code to the client.

Abstract translation: 一种方法包括：使用对代码执行的静态分析，分析代码以确定一组不变的对象，并修改代码以对该组不变对象的一个​​或多个成员执行单例模式技术。 该方法还包括输出修改的代码。 还公开了装置和程序产品。 另一种方法包括从客户端访问代码，并且响应任何代码是源代码，将源代码编译成目标代码，直到来自客户端的所有代码包括目标代码。 该方法还包括：使用对目标代码执行的静态分析，分析目标代码以确定一组未改变的对象并修改目标代码以对该组不变对象的一个​​或多个成员执行单例模式技术。 该方法还包括将修改的对象代码返回给客户机。

公开(公告)号：WO2008085809A3

公开(公告)日：2009-12-23

申请号：PCT/US2008000008

申请日：2008-01-02

Applicant: IBM ,  KOVED LAWRENCE ,  PISTOIA MARCO

Inventor： KOVED LAWRENCE ,  PISTOIA MARCO

IPC: G06F21/00

CPC classification number: G06F21/6218 ,  G06F21/33

Abstract: A method for enforcing privacy policies associated with data. The method includes accessing a database to identify labeled data in the database, the labeled data associated with a privacy policy. An access node accessing the label data is determined. For the access node accessing the labeled data, it is determined whether the access node applies an authorization test as indicated by the privacy policy. An authorization test is associated with the access node if the access node does not apply necessary authorization indicated by the privacy policy.

Abstract translation: 一种执行与数据相关的隐私政策的方法。 该方法包括访问数据库以识别数据库中的标签数据，与隐私策略相关联的标记数据。 确定访问标签数据的接入节点。 对于访问标记数据的接入节点，确定接入节点是否应用由隐私策略指示的授权测试。 如果接入节点没有应用隐私策略所指示的必要授权，则授权测试与接入节点相关联。

公开(公告)号：WO2015023930A3

公开(公告)日：2015-04-23

申请号：PCT/US2014051236

申请日：2014-08-15

Applicant: IBM

Inventor： LIGMAN JOSEPH W ,  PISTOIA MARCO ,  PONZO JOHN ,  THOMAS GEGI

IPC: G06F11/34

CPC classification number: G06F3/04842 ,  G06F3/0484 ,  G06F3/0488 ,  G06F11/3664 ,  G06F11/3672

Abstract: A method includes analyzing, on a first computing device, data from second computing device(s) of user interaction with a user interface of an application previously executed on the second computing device(s). The data corresponds to events caused by the user interaction with the user interface of the application. The first computing device generates representation(s) of the analyzed data and outputs the representation(s) of the user interaction. Another method includes capturing and logging, by a computing device, events caused by user interaction with a user interface of an application when the application is executed on the computing device. In response to a trigger, data comprising the captured and logged events is sent toward another computing device. Another method includes instrumenting a measurement library into an application to create an instrumented version of the application, and sending the instrumented application to computing device(s). Methods, apparatus, : software, and computer program products are disclosed.

Abstract translation: 一种方法包括在第一计算设备上分析来自第二计算设备的与先前在第二计算设备上执行的应用的用户界面的用户交互的数据。 数据对应于由用户与应用程序的用户界面交互而引起的事件。 第一计算设备生成分析数据的表示并输出用户交互的表示。 另一种方法包括当计算设备上执行应用程序时，通过计算设备捕获和记录由与应用程序的用户界面的用户交互引起的事件。 响应于触发，将包括捕获的和记录的事件的数据发送到另一个计算设备。 另一种方法包括将测量库装备到应用程序中以创建应用程序的仪表版本，并将仪表化应用程序发送到计算装置。 披露了方法，设备，软件和计算机程序产品。

公开(公告)号：WO2014078154A3

公开(公告)日：2014-07-03

申请号：PCT/US2013068832

申请日：2013-11-07

Applicant: IBM

Inventor： CASTRO PAUL ,  LIGMAN JOSEPH ,  LUBENSKY DAVID ,  PISTOIA MARCO ,  PONZO JOHN ,  TOPKARA UMUT

IPC: G06F21/31

CPC classification number: H04L63/08 ,  H04L67/02

Abstract: User authentication (300) is provided. At least one of a social network and a business network of each user in a plurality of users is accessed (402). User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network (404). Challenge questions requiring a user response are generated based on monitoring the user history data of the users (406). The user response to a generated challenge question is evaluated (410). A set of events is triggered based on evaluating the user response (412).

Abstract translation: 用户认证（300）被提供。 访问多个用户中的每个用户的社交网络和商业网络中的至少一个（402）。 在社交网络和商业网络中的至少一个中监视多个用户中的每个用户的用户历史数据（404）。 基于监测用户的用户历史数据生成需要用户响应的挑战问题（406）。 评估用户对生成的挑战问题的响应（410）。 基于评估用户响应来触发一组事件（412）。

公开(公告)号：WO2014078154A2

公开(公告)日：2014-05-22

申请号：PCT/US2013068832

申请日：2013-11-07

Applicant: IBM

Inventor： CASTRO PAUL ,  LIGMAN JOSEPH ,  LUBENSKY DAVID ,  PISTOIA MARCO ,  PONZO JOHN ,  TOPKARA UMUT

IPC: G06F21/00

CPC classification number: H04L63/08 ,  H04L67/02

Abstract: User authentication (300) is provided. At least one of a social network and a business network of each user in a plurality of users is accessed (402). User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network (404). Challenge questions requiring a user response are generated based on monitoring the user history data of the users (406). The user response to a generated challenge question is evaluated (410). A set of events is triggered based on evaluating the user response (412).

Abstract translation: 提供用户认证（300）。 访问多个用户中的每个用户的社交网络和商业网络中的至少一个（402）。 所述多个用户中的每个用户的用户历史数据在社交网络和商业网络中的至少一个中被监视（404）。 基于监视用户的用户历史数据（406）生成需要用户响应的挑战问题。 评估用户对生成的挑战问题的响应（410）。 基于评估用户响应触发一组事件（412）。