Abstract: A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.

Abstract: A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.

Abstract: Systems and methods for determining action items from knowledge base for execution of operation. The system receives instructions, present in a knowledge base, which are required to execute one or more operations. Thereafter, the system parses the instructions into one or more sentences and assigns a POS tag for each word in the one or more sentences. Further, the system assigns a predefined class for each of the POS tagged word. Based on the predefined class, the system determines the action items. The action item comprises one or more actions and one or more components on which the one or more actions are to be performed. The present disclosure enables automates systems to easily execute one or more operation based on the action items thereby reducing the delay in performance of the automated system due to complexity in interpreting the instructions.

Abstract: A parasitic-aware blockage structure is provided to replace a detailed blockage structure for use in connection with a capacitance extraction operation. The parasitic-aware blockage structure includes one or more parasitic-aware blockage polygons, each representing a plurality of polygons of the detailed blockage structure. The parasitic-aware blockage polygons can be formed by expanding and merging the polygons of the detailed blockage structure. Physical information is associated with each of the parasitic-aware blockage polygons, wherein the physical information defines physical characteristics of the polygons of the detailed blockage structure. Capacitance error information may also be associated with each of the parasitic-aware blockage polygons, specifying capacitive errors of the parasitic-aware blockage polygons with respect to the polygons of the detailed blockage structure.

Abstract: A parasitic-aware blockage structure is provided to replace a detailed blockage structure for use in connection with a capacitance extraction operation. The parasitic-aware blockage structure includes one or more parasitic-aware blockage polygons, each representing a plurality of polygons of the detailed blockage structure. The parasitic-aware blockage polygons can be formed by expanding and merging the polygons of the detailed blockage structure. Physical information is associated with each of the parasitic-aware blockage polygons, wherein the physical information defines physical characteristics of the polygons of the detailed blockage structure. Capacitance error information may also be associated with each of the parasitic-aware blockage polygons, specifying capacitive errors of the parasitic-aware blockage polygons with respect to the polygons of the detailed blockage structure.

Abstract: A system may read an input file having an input file size and including a first record and a second record. The first and second record may each have a record length. The system may parse the input file into a first split file and a second split file, with the first split file including the first record and the second split file including the second record. The system may distribute the first split file to a first node to generate a first output file and the second split file to a second node to generate a second output file. Any number of additional split files may be distributed to generate any number output files. The system may combine the output files to generate a converted data file.

Abstract: A system may receive a query configured to access a column in a data table. The data table may be in a flat file in a big data storage format. The system may detect the language type of the query and validate the query against the syntax of the language type. The system may also validate an access permission for data in the data table. The access permission may be stored in a permissions database. The system may generate a temporary table including the column with the temporary table configured to support the language type. The system may execute the query against the temporary table to generate a query result based on the temporary table as though it were the underlying data table. The system may enforce column-level or row-level access permissions by excluding columns or rows from the temporary table.

Abstract: A method for floating node reduction uses a capacitance matrix that specifies coupling capacitances between signal nodes and floating nodes of an interconnect structure. Random walks are performed from a first signal node to the other signal nodes, wherein each of the random walks traverses one or more of the floating nodes. Each of the random walks is directed based on probabilities derived from the coupling capacitances of the capacitance matrix. A count is maintained for each of the other signal nodes, wherein each count specifies a number of the random walks that end on the corresponding signal node. The indirect coupling capacitance from the first signal node to a second signal node is selected to correspond with the total indirect coupling capacitance of the first signal node, times the count associated with the second signal node, divided by the total number of random walks.

Abstract: A method for performing parasitic capacitance extraction of an integrated circuit (IC) design includes: defining a Gaussian surface around an origin net of the IC design; partitioning the Gaussian surface into a plurality of regions; performing an initial plurality of random walks from each region using a Monte Carlo field solver; and dynamically allocating an additional plurality of random walks among the plurality of regions, wherein the allocation is based on statistical errors associated with the initial plurality of random walks for each of the regions. Results from the random walks are averaged to estimate parasitic capacitance of the origin net. The method may include performing the random walks for each region in pairs, wherein a first random walk of the pair is selected in accordance with an anti-symmetric probability function, and a second random walk of the pair is antithetic to the first random walk of the pair.

Abstract: A method for performing parasitic capacitance extraction of an integrated circuit (IC) design includes: defining a Gaussian surface around an origin net of the IC design; partitioning the Gaussian surface into a plurality of regions; performing an initial plurality of random walks from each region using a Monte Carlo field solver; and dynamically allocating an additional plurality of random walks among the plurality of regions, wherein the allocation is based on statistical errors associated with the initial plurality of random walks for each of the regions. Results from the random walks are averaged to estimate parasitic capacitance of the origin net. The method may include performing the random walks for each region in pairs, wherein a first random walk of the pair is selected in accordance with an anti-symmetric probability function, and a second random walk of the pair is antithetic to the first random walk of the pair.

Abstract: A design layout is obtained that includes floating fill shapes and signal shapes. Capacitance of the signal shapes is calculated. A simple model is used to calculate a first subset of fill shapes which contribute capacitance to the signal shapes. A capacitance model selected to meet an acceptable error level using minimum computational requirements is then selected from a set of capacitance models. The selected capacitance model is then used to extract the capacitance contribution from the first subset of fill shapes. A second subset of fill shapes is then created based on the extracted capacitance values, and if the estimated capacitance contribution is significant, the capacitance of the second subset extracted using the selected capacitance model. Additional iterations are performed for additional signal shapes.

Abstract: Systems and methods that establish a secured compartment that manages sensitive user transactions/information on a user's machine. The secured compartment qualifies user interaction with the machine, and separates such qualified interaction from other user activity on the machine. A user is switched to such secured compartment upon occurrence of a predetermined event, such as in form of: an explicit request (e.g., a secure attention sequence); an implicit request (e.g., inference of user activities); and presence of a peripheral device that is bound to the secured compartment (e.g., a USB)—wherein such actions typically cannot be generated by an application running outside the secured compartment.

Abstract: A security system is provided for use with computer systems. In various embodiments, the security system can analyze the state of security of one or more computer systems to determine whether the computer systems comply with expressed security policies and to remediate the computer systems so that they conform with the expressed security policies. In various embodiments, the security system can receive compliance documents, determine whether one or more computer systems comply with portions of security policies specified in the compliance documents, and take actions specified in the compliance documents to cause the computer systems to comply with the specified security policies. The security system may provide a common, unified programming interface that applications or tools can employ to verify or enforce security policies.

Abstract: Systems and methods that automatically generate remediation processes such as acts performed as part of a benchmark model, to improve and update compliance of a machine with security policies compliance. A remediation component can automatically determine processes that are required to change and increase compliance of a machine with a security policy, and hence improve security level thereof.

Abstract: Software restriction policy rules can be automatically generated by parsing through a specified metadata source and generating the rules in accordance with indicated preferences. Metadata sources can include storage locations, such as folders, in which case rules for each executable file in the folder can be generated. Metadata sources can also include trusted publisher stores, installation logs, difference files, and other like data sources. Indicated preferences can select from among rules based on the publisher, for files that are signed, or rules based on hashes or path information for unsigned files. In generating rules to prevent the execution of specified files, if an optimized set of rules is desired, a check can be made to determine if an exception to an existing rule can be generated instead of a new rule. The automated parsing of the indicated metadata source can provide for both completeness and correctness.

Abstract: Data security is implemented through a query based policy constraining a primary table. Nested tables inherit the security policy by implementing the policy queries of the primary table. Operations on nested tables such as join actions execute the security policy queries once due to inheritance from the primary table therefore optimizing query modeling. A security policy may respond to a context or a role by executing queries responsive to the context.

Abstract: A security health reporting system provides an application program interface (API) for use by independent software vendors (ISVs) to extend the security health reporting capabilities of the security health reporting system. An ISV security solution can register with the security health reporting system, create a schema that describes a new security class, and use the API to publish an instance of the schema for the new security class with the security health reporting system. When an instance of a schema for a new security class is published, the security health reporting system creates the new security class, and recognizes the definition for the security class within the security health reporting system. Registered ISV security solutions can then use the published schema to report their health statuses for the new security class.

Abstract: A security health reporting system provides an application program interface (API) for use by independent software vendors (ISVs) to extend the security health reporting capabilities of the security health reporting system. An ISV security solution can register with the security health reporting system, create a schema that describes a new security class, and use the API to publish an instance of the schema for the new security class with the security health reporting system. When an instance of a schema for a new security class is published, the security health reporting system creates the new security class, and recognizes the definition for the security class within the security health reporting system. Registered ISV security solutions can then use the published schema to report their health statuses for the new security class.

Abstract: A security health reporting system provides an application program interface (API) for use by independent software vendors (ISVs) to extend the security health reporting capabilities of the security health reporting system. An ISV security solution can register with the security health reporting system, create a schema that describes a new security class, and use the API to publish an instance of the schema for the new security class with the security health reporting system. When an instance of a schema for a new security class is published, the security health reporting system creates the new security class, and recognizes the definition for the security class within the security health reporting system. Registered ISV security solutions can then use the published schema to report their health statuses for the new security class.

Abstract: Software restriction policy rules can be automatically generated by parsing through a specified metadata source and generating the rules in accordance with indicated preferences. Metadata sources can include storage locations, such as folders, in which case rules for each executable file in the folder can be generated. Metadata sources can also include trusted publisher stores, installation logs, difference files, and other like data sources. Indicated preferences can select from among rules based on the publisher, for files that are signed, or rules based on hashes or path information for unsigned files. In generating rules to prevent the execution of specified files, if an optimized set of rules is desired, a check can be made to determine if an exception to an existing rule can be generated instead of a new rule. The automated parsing of the indicated metadata source can provide for both completeness and correctness.