Abstract: A method and system for transforming a first computer program having program statements to a second computer program. A parsed first computer program is translated to the second computer program. The first computer program includes a first program statement that includes a first error. The translating includes: (i) identifying a second program statement in the parsed first computer program that includes a second error and has thrown a translation exception with respect to the second error, (ii) rolling back the translating to a predefined check point prior to the second program statement in the parsed first computer program such that the predefined check point is associated with a statement in the parsed first computer program that was successfully translated, and (iii) generating an executable equivalent translation for the second statement. After the translating, a mapping of one or more statements is generated.

Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.

Abstract: A method and system for transforming a first computer program having program statements to a second computer program. A parsed first computer program is translated to the second computer program. The first computer program includes a first program statement that includes a first error. The translating includes: (i) identifying a second program statement in the parsed first computer program that includes a second error and has thrown a translation exception with respect to the second error, (ii) rolling back the translating to a predefined check point prior to the second program statement in the parsed first computer program such that the predefined check point is associated with a statement in the parsed first computer program that was successfully translated, and (iii) generating an executable equivalent translation for the second statement. After the translating, a mapping of one or more statements is generated.

Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

Abstract: A method and associated system for automatically correcting an application based on runtime behavior of the application. An incident indicates a performance of the application in which a problem object produces an outcome that had not been expected by a user or by a ticketing tool. An incident flow for the problem object is automatically analyzed. Actual run of the application renders a forward data flow and at least one backward data flow is simulated from an expected outcome of the problem object. The forward data flow and the backward data flow(s) are compared to create a candidate fault list for the problem object. A technical specification to correct the candidate fault list and a solution to replace the application are subsequently devised.

Abstract: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark.

Abstract: Embodiments of the present invention relate to an approach for reusing information/knowledge. Specifically, embodiments of the present invention provide an approach for retrieving previously stored data to satisfy queries (e.g., jobs/tickets) for solutions to problems while maintaining privacy/security of the data as well as ensuring the quality of the results. In a typical embodiment, a query for a solution to a problem is received and details are extracted therefrom. Using the details, a search is performed on a set of data stored in at least one computer storage device. Based on the search, a set of results will be generated and classified into a set of categories. In any event, the quality of each of the set of results will be assessed based on the usefulness of the set of results.

Abstract: Embodiments of the present invention relate to an approach for reusing information/knowledge. Specifically, embodiments of the present invention provide an approach for retrieving previously stored data to satisfy queries (e.g., jobs/tickets) for solutions to problems while maintaining privacy/security of the data as well as ensuring the quality of the results. In a typical embodiment, a query for a solution to a problem is received and details are extracted therefrom. Using the details, a search is performed on a set of data stored in at least one computer storage device. Based on the search, a set of results will be generated and classified into a set of categories. In any event, the quality of each of the set of results will be assessed based on the usefulness of the set of results.

Abstract: An attack resistant continuous network service trustworthiness controller comprising: state estimation module(s), response selection module(s), actuation module(s), and client dispatcher communication module(s) for maintaining the availability and integrity of online server(s). The state estimation module(s) are configured to generate state estimate(s) for online server(s) using behavior data obtained using sensor module(s). The response selection module(s) are configured to determine corrective action(s) to maintain the availability and integrity of online server(s) when state estimate(s) indicate that the integrity of an online server(s) is compromised. The actuation module(s) are configured to activate actuator(s) based upon the corrective action(s). Client dispatcher communication module(s) are configured to communicate online server availability information to a client dispatcher.

Abstract: An attack resistant continuous network service trustworthiness controller comprising: state estimation module(s), response selection module(s), actuation module(s), and client dispatcher communication module(s) for maintaining the availability and integrity of online server(s). The state estimation module(s) are configured to generate state estimate(s) for online server(s) using behavior data obtained using sensor module(s). The response selection module(s) are configured to determine corrective action(s) to maintain the availability and integrity of online server(s) when state estimate(s) indicate that the integrity of an online server(s) is compromised. The actuation module(s) are configured to activate actuator(s) based upon the corrective action(s). Client dispatcher communication module(s) are configured to communicate online server availability information to a client dispatcher.

Abstract: A system and associated method for automatically correcting an application based on runtime behavior of the application. An incident indicates a performance of the application in which a problem object produces an outcome that had not been expected by a user or by a ticketing tool. An incident flow for the problem object is automatically analyzed. Actual run of the application renders a forward data flow and at least one backward data flow is simulated from an expected outcome of the problem object. The forward data flow and the backward data flow(s) are compared to create a candidate fault list for the problem object. A technical specification to correct the candidate fault list and a solution to replace the application are subsequently devised.

Abstract: Embodiments of the present invention relate to an approach for reusing information/knowledge. Specifically, embodiments of the present invention provide an approach for retrieving previously stored data to satisfy queries (e.g., jobs/tickets) for solutions to problems while maintaining privacy/security of the data as well as ensuring the quality of the results. In a typical embodiment, a query for a solution to a problem is received and details are extracted therefrom. Using the details, a search is performed on a set of data stored in at least one computer storage device. Based on the search, a set of results will be generated and classified into a set of categories. In any event, the quality of each of the set of results will be assessed based on the usefulness of the set of results.

Abstract: An interoperable firmware memory containing a Basic Input Output System (BIOS) and a trusted platform module (TPSM). The BIOS includes CPU System Management Mode (SMM) firmware configured as read-only at boot. The SMM firmware configured to control switching subsequent to boot between at least: a first memory and second isolated memory; and a first and second isolated non-volatile storage device. The first memory including a first operating system and the second memory including a second operating system. The first non-volatile storage device configured to be used by the first operating system and the second non-volatile storage device configured to be used by the second operating system. The trusted platform module (TPSM) configured to check the integrity of the CPU system Management Mode (SMM) during the boot process.

Abstract: A hardware-assisted integrity monitor may include one or more target machines and/or monitor machines. A target machine may include one or more processors, which may include one or more system management modes (SMM). A SMM may include one or more register checking modules, which may be configured to determine one or more current CPU register states. A SMM may include one or more acquiring modules, which may be configured to determine one or more current memory states. A SMM may include one or more network modules, which may be configured to direct one or more communications, for example of one or more current CPU register states and/or current memory states, to a monitor machine. A monitor machine may include one or more network modules and/or analysis modules. An analysis module may be configured to determine memory state differences and/or determine CPU register states differences.

Abstract: An interactive detector that includes a challenger and authorizer. The challenger may send a challenge to a source application in response to an intercepted request intended for a destination application from the source application. The challenge may be configured to invoke an expected challenge response from component(s) of the source application. The authorizer may allow the request to proceed to the destination application if a received challenge response generated by the source application satisfies the expected challenge response.

Abstract: An embodiment for providing a secure virtual browsing environment includes creating a virtual browsing environment with a virtualized operating system sharing an operating system kernel of a supporting operating system and executing the browser application within the virtual browsing environment. Another embodiment includes receiving a website selection within a browser application, determining if the website selection corresponds to a secure bookmark, and creating a second virtual browsing environment and executing the browser application within the second virtual browsing environment to access the website selection when the website selection corresponds to a website specified as a secure bookmark.

Abstract: A system and associated method for automatically correcting an application based on runtime behavior of the application. An incident indicates a performance of the application in which a problem object produces an outcome that had not been expected by a user or by a ticketing tool. An incident flow for the problem object is automatically analyzed. Actual run of the application renders a forward data flow and at least one backward data flow is simulated from an expected outcome of the problem object. The forward data flow and the backward data flow(s) are compared to create a candidate fault list for the problem object. A technical specification to correct the candidate fault list and a solution to replace the application are subsequently devised.

Abstract: An on-demand disposable virtual work system that includes: a virtual machine monitor to host virtual machines, a virtual machine pool manager, a host operating system, a host program permissions list, and a request handler module. The virtual machine pool manager manages virtual machine resources. The host operating system interfaces with a user and virtual machines created with an image of a reference operating system. The host program permissions list may be a black list and/or a white list used to indicate allowable programs. The request handler module allows execution of the program if the program is allowable. If the program is not allowable, the host request handler module: denies program execution and urges a virtual machine specified by the virtual machine pool manager to execute the program. The virtual machine is terminated when the program closes.

Abstract: An attack resistant continuous network service trustworthiness controller comprising: state estimation module(s), response selection module(s), actuation module(s), and client dispatcher communication module(s) for maintaining the availability and integrity of online server(s). The state estimation module(s) are configured to generate state estimate(s) for online server(s) using behavior data obtained using sensor module(s). The response selection module(s) are configured to determine corrective action(s) to maintain the availability and integrity of online server(s) when state estimate(s) indicate that the integrity of an online server(s) is compromised. The actuation module(s) are configured to activate actuator(s) based upon the corrective action(s). Client dispatcher communication module(s) are configured to communicate online server availability information to a client dispatcher.