Abstract: A method, a computer program product, and a system for initializing components to monitor for unauthorized encryptions of filesystem objects stored on a computing system. The method includes configuring an encryption monitor register to establish monitoring preferences of filesystem objects and allocating a predetermined size of persistent memory as a backup memory area for storing pre-encrypted versions of the filesystem objects. The method also includes inserting a starting address of the backup memory area in data bits of the encryption monitor register, and setting encryption monitor bits of page table entries in a hardware page table that correspond to at least one filesystem object, thereby establishing encryption monitoring of the filesystem object.

Abstract: Techniques of automated interoperation tracking in computing systems are disclosed herein. One example technique includes tokenizing a first event log from a first software component and a second event log from the second software component by calculating frequencies of appearance corresponding to strings in the first and second event logs and selecting, as tokens, a first subset of the strings in the first event log and a second subset of the strings in the second event log individually having calculated frequencies of appearance above a preset frequency threshold. The example technique can also include generating an overall event log for a task executed by both the first and second software components by matching one of the strings in the first subset to another of the strings in the second subset.

Abstract: A method, a computer program product, and a system for initializing components to monitor for unauthorized encryptions of filesystem objects stored on a computing system. The method includes configuring an encryption monitor register to establish monitoring preferences of filesystem objects and allocating a predetermined size of persistent memory as a backup memory area for storing pre-encrypted versions of the filesystem objects. The method also includes inserting a starting address of the backup memory area in data bits of the encryption monitor register, and setting encryption monitor bits of page table entries in a hardware page table that correspond to at least one filesystem object, thereby establishing encryption monitoring of the filesystem object.

Abstract: A method, a computer program product, and a system for mitigating unauthorized encryptions of filesystem objects stored on a computing system. The method includes allocating a backup memory area for storing pre-encrypted filesystem objects, setting data bits in an encryption register that allow for monitoring a filesystem object marked for ransomware protection. The method also includes calculating an encryption rate of an encryption occurring on the filesystem object and determining that the encryption rate of the filesystem object exceeds an encryption-rate threshold. The encryption-rate threshold can be set by an administrator when marking the filesystem object for ransomware protection. The method further includes generating an alert to an administrator that the encryption rate of the filesystem object exceeds the encryption rate threshold and storing a backup of the filesystem object for a predetermined amount of time in the backup memory area.

Abstract: Techniques of automated interoperation tracking in computing systems are disclosed herein. One example technique includes tokenizing a first event log from a first software component and a second event log from the second software component by calculating frequencies of appearance corresponding to strings in the first and second event logs and selecting, as tokens, a first subset of the strings in the first event log and a second subset of the strings in the second event log individually having calculated frequencies of appearance above a preset frequency threshold. The example technique can also include generating an overall event log for a task executed by both the first and second software components by matching one of the strings in the first subset to another of the strings in the second subset.

Abstract: Provided is a method for certifying a communicative connection. The method includes, in response to receiving a first request from a first virtualized communication endpoint (VCE), allocating and assigning a first communication portal to the first VCE, generating an encryption key associated with the first communication portal, and returning the encryption key and an identification of the first communication portal to the first VCE. The method further includes, in response to receiving a second request from a second VCE to establish a communicative connection with the first communication portal, the second request being accompanied by an encrypted certificate, comparing, using the encryption key, the information included in the certificate with certificate input information. The method further includes, in response to determining that the information included in the certificate matches the certificate input information, establishing the communicative connection between the first VCE and the second VCE.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.

Abstract: A computer implemented method, computer program product, and system for managing objects. Responsive to receiving a find-rule method, and a path-rule table, wherein the path-rule table contains a set of paths, wherein each path references an object, wherein a file system locates the object using the path, and wherein the object has at least one attribute not known to the file system, a path-rule table identifier is created. The path-rule table is associated with the path-rule table identifier to form an associated path-rule table. The find-rule method is associated with the path-rule table identifier to form an associated find-rule method. The path-rule table identifier, the associated path-rule table, and the associated find-rule method are stored. The path-rule table identifier is returned.

Abstract: A computer implemented method, computer program product, and system for managing objects. Responsive to receiving a find-rule method, and a path-rule table, wherein the path-rule table contains a set of paths, wherein each path references an object, wherein a file system locates the object using the path, and wherein the object has at least one attribute not known to the file system, a path-rule table identifier is created. The path-rule table is associated with the path-rule table identifier to form an associated path-rule table. The find-rule method is associated with the path-rule table identifier to form an associated find-rule method. The path-rule table identifier, the associated path-rule table, and the associated find-rule method are stored. The path-rule table identifier is returned.

Abstract: A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.