Abstract: A risk-aware access control system and related methods are provided. In accordance with one aspect of the present disclosure, there is a provided a method of risk-aware access control, comprising: detecting a request to perform an action with respect to two factors, the factors being of a factor type selecting people, devices, documents, and location, wherein the factors are of a different factor type; determining a coupling associated with the requested action based on the factors of the requested action; determining a risk level associated with the coupling; denying the requested action in response to a determination that the risk level does not match a security policy; and allowing the requested action in response to a determination that the risk level matches the security policy.

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A risk-aware access control system and related methods are provided. In accordance with one aspect of the present disclosure, there is a provided a method of risk-aware access control, comprising: detecting a request to perform an action with respect to two factors, the factors being of a factor type selecting people, devices, documents, and location, wherein the factors are of a different factor type; determining a coupling associated with the requested action based on the factors of the requested action; determining a risk level associated with the coupling; denying the requested action in response to a determination that the risk level does not match a security policy; and allowing the requested action in response to a determination that the risk level matches the security policy.

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A method at a computing device including mapping, within a corpus of documents having both natural language terms and computer language terms, each term as a natural language term or a computer language term, thereby creating mapped terms; and applying at least one Latent Dirichlet Allocation (LDA) model to the mapped terms to create topics that correlate the natural language terms and computer language terms.

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A risk-aware access control system and related methods are provided. In accordance with one aspect of the present disclosure, there is a provided a method of risk-aware access control, comprising: detecting a request to perform an action with respect to two factors, the factors being of a factor type selecting people, devices, documents, and location, wherein the factors are of a different factor type; determining a coupling associated with the requested action based on the factors of the requested action; determining a risk level associated with the coupling; denying the requested action in response to a determination that the risk level does not match a security policy; and allowing the requested action in response to a determination that the risk level matches the security policy.

Abstract: A document management system having context-based access control and related methods are provided. The document management system determines whether to perform user authentication based on derived context-information comprising one or a combination of derived user-context parameters and document-context parameters that provide additional context to document access requests.

Abstract: A method for classifying warning messages generated by software developer tools includes receiving a first data set. The first data set includes a first plurality of data entries, where each data entry is associated with a warning message generated based on a first set of software codes, includes indications for a plurality of features, and is associated with one of a plurality of class labels. A second data set is generated by sampling the first data set. Based on the second data set, at least one feature is selected from the plurality of features. A third data set is generated by filtering the second data set with the selected at least one feature. A machine learning classifier is determined based on the third data set. The machine learning classifier is used to classify a second warning message generated based on a second set of software codes to one of the plurality of class labels.

Abstract: A continuous authentication system and related methods are provided. The system detects requests to perform user actions. A security value is associated with each user action. The system determines a subsequent session security level in response to an adjustment to a session security level by a security value of a requested user action. The requested user action is permitted and the session security level is adjusted based on the security value of the requested user action in response to a determination by the system that the subsequent session security level is greater than or equal to a threshold session security level. A user authentication challenge is caused (e.g., prompted) in response to a determination by the system that the subsequent session security level is less than the threshold session security level.

Abstract: A document management system having context-based access control and related methods are provided. The document management system determines whether to perform user authentication based on derived context-information comprising one or a combination of derived user-context parameters and document-context parameters that provide additional context to document access requests.

Abstract: Systems, methods, and software can be used to automate software verifications. In some aspects, one or more application program interface (API) call pairs are generated based on a source code of a user module that invokes an API. Each of the one or more API call pairs comprises a first API call that invokes the API followed by a second API call that invokes the API. One or more fragments are generated based on the one or more API calls pairs. Each of the one or more fragments represents an execution sequence that includes at least one of the one or more API call pairs. The one or more fragments are verified.

Abstract: A method for analyzing a partial software program includes receiving a first software program. The first software program is designed to execute using a second software program. A first symbolic value indicates a characteristic of the second software program. The first software program is analyzed using a static program analysis, where the static program analysis generates a second symbolic value based on the first symbolic value. The second symbolic value indicates a characteristic of the first software program. The first software program is analyzed independent of an availability of the second software program. In response to determining that the second symbolic value is associated with a predetermined characteristic and that the first software program would perform an action associated with the second symbolic value if the first software program was executed using the second software program, a warning signal is generated.

Abstract: A method for classifying warning messages generated by software developer tools includes receiving a first data set. The first data set includes a first plurality of data entries, where each data entry is associated with a warning message generated based on a first set of software codes, includes indications for a plurality of features, and is associated with one of a plurality of class labels. A second data set is generated by sampling the first data set. Based on the second data set, at least one feature is selected from the plurality of features. A third data set is generated by filtering the second data set with the selected at least one feature. A machine learning classifier is determined based on the third data set. The machine learning classifier is used to classify a second warning message generated based on a second set of software codes to one of the plurality of class labels.

Abstract: A method for classifying warning messages generated by software developer tools includes receiving a first data set. The first data set includes a first plurality of data entries, where each data entry is associated with a warning message generated based on a first set of software codes, includes indications for a plurality of features, and is associated with one of a plurality of class labels. A second data set is generated by sampling the first data set. Based on the second data set, at least one feature is selected from the plurality of features. A third data set is generated by filtering the second data set with the selected at least one feature. A machine learning classifier is determined based on the third data set. The machine learning classifier is used to classify a second warning message generated based on a second set of software codes to one of the plurality of class labels.

Abstract: A method for analyzing a partial software program includes receiving a first software program. The first software program is designed to execute using a second software program. A first symbolic value indicates a characteristic of the second software program. The first software program is analyzed using a static program analysis, where the static program analysis generates a second symbolic value based on the first symbolic value. The second symbolic value indicates a characteristic of the first software program. The first software program is analyzed independent of an availability of the second software program. In response to determining that the second symbolic value is associated with a predetermined characteristic and that the first software program would perform an action associated with the second symbolic value if the first software program was executed using the second software program, a warning signal is generated.

Abstract: A method for classifying warning messages generated by software developer tools includes receiving a first data set. The first data set includes a first plurality of data entries, where each data entry is associated with a warning message generated based on a first set of software codes, includes indications for a plurality of features, and is associated with one of a plurality of class labels. A second data set is generated by sampling the first data set. Based on the second data set, at least one feature is selected from the plurality of features. A third data set is generated by filtering the second data set with the selected at least one feature. A machine learning classifier is determined based on the third data set. The machine learning classifier is used to classify a second warning message generated based on a second set of software codes to one of the plurality of class labels.

Abstract: Systems, methods, and software can be used to automate software verifications. In some aspects, one or more application program interface (API) call pairs are generated based on a source code of a user module that invokes an API. Each of the one or more API call pairs comprises a first API call that invokes the API followed by a second API call that invokes the API. One or more fragments are generated based on the one or more API calls pairs. Each of the one or more fragments represents an execution sequence that includes at least one of the one or more API call pairs. The one or more fragments are verified.