Abstract: A computer-implemented method protects stack memory from a malicious function. One or more processors identify a first function and a second function in a computer program, where the first function is an authorized function and the second function is a malicious function. The processor(s) determine that the second function is able to execute a call that provides the second function with access to a stack memory that is used by the first function. The processor(s) move data from the stack memory to a protected kernel register, which is accessible only to the first function, before the call is executed.

Abstract: A processor-implemented method and/or computer program product selectively blocks a self-driving vehicle's access to a roadway. A vehicle interrogation hardware device receives an autonomous capability signal from an approaching self-driving vehicle. One or more processors compare the predefined roadway conditions to current roadway conditions of the access-controlled roadway. In response to the predefined roadway conditions matching the current roadway conditions of the access-controlled roadway within a predetermined range, the processor(s) determine whether the level of autonomous capability of the approaching self-driving vehicle is adequate to safely maneuver the approaching self-driving vehicle through the current roadway conditions of the access-controlled roadway.

Abstract: Generating an attack graph is provided. A set of sensitive data corresponding to a regulated service is identified. A set of components corresponding to the regulated service that are authorized to perform activities associated with sensitive data is scanned for. Vulnerability and risk metrics corresponding to each component in the set of components of the regulated service is identified. The attack graph that includes nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between related components in the set of components is generated based on the vulnerability and risk metrics corresponding to each component in the set of components.

Abstract: A computer-implemented method generates a random number in a cloud-based random number server. The cloud-based random number server identifies multiple entropy sources. The cloud-based random number server identifies multiple disjointed entropy sources from the multiple entropy sources, which are logically and functionally independent of one another. The cloud-based random number server randomly selects multiple disparate entropy sources from the multiple disjointed entropy sources, and then receives multiple entropic values from the multiple disparate entropy sources, where each of the multiple disparate entropy sources supplies an entropic value that describes a type of entropic event not found in other entropy sources from the multiple disparate entropy sources. The cloud-based random number server mixes the multiple entropic values to create a combined entropic value, which is input into a random number generator to generate a random number for use by a client computer.

Abstract: A method for utilizing data analytics to identify unauthorized consumption of content comprises obtaining social network activity data from one or more social networks. The obtained social network activity data is analyzed to identify one or more users involved with content associated with a content provider. A determination is made as to whether or not the one or more users are authorized to access the content based at least in part on the analysis.

Abstract: A secure chain of data blocks is maintained at a given computing node, wherein the given computing node is part of a set of computing nodes in a distributed network of computing nodes, and wherein each of the set of computing nodes maintains the secure chain of data blocks. The secure chain of data blocks maintained at each computing node comprises one or more data blocks that respectively represent one or more transactions associated with an unmanned aerial vehicle (UAV). At least one data block is added to the secure chain of data blocks maintained at the given computing node in response to determining that transaction data associated with the at least one data block is valid.

Abstract: A method reduces a risk exposure to an item being transported by a self-driving vehicle (SDV). One or more processors determine a risk-level R for contents of a smart vault that is being transported by the SDV, where R describes a real-time risk of the contents being stolen from the smart vault while being transported by the SDV. In response to determining that R is greater than a predefined risk value, one or more processors electronically communicate an executable instruction to a SDV on-board computer to take a risk-lowering action that will reduce the level of R.

Abstract: A self-driving vehicle (SDV) ameliorates a vehicular mishap incurred by a second vehicle. At least one sensor on a first SDV detects a second vehicle that has been involved in a vehicular mishap. One or more processors determine a confidence level L, which is a confidence level of a mishap assessment accuracy of determining that the second vehicle has been involved in the vehicular mishap. In response to the confidence level L exceeding a predetermined value, the SDV executes an amelioration action to ameliorate a condition of the second vehicle that has been involved in the vehicular mishap.

Abstract: A computer-implemented method, system, and/or computer program product controls a driving mode of a self-driving vehicle (SDV). One or more processors compare a control processor competence level of an on-board SDV control processor in controlling the SDV to a human driver competence level of a human driver in controlling the SDV while the SDV encounters a current roadway condition which is a result of current weather conditions of the roadway on which the SDV is currently traveling. One or more processors then selectively assign control of the SDV to the SDV control processor or to the human driver while the SDV encounters the current roadway condition based on which of the control processor competence level and the human driver competence level is relatively higher to one another.

Abstract: A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

Abstract: A computer-implemented method sanitizes memory in a cloud environment. One or more processors in a computer receive a hypercall resulting from a call from an application running in a computer. The hypercall is to a hypervisor that manages a virtual memory. The hypercall directs the hypervisor to sanitize data in the virtual memory, where sanitizing the data applies a data remanence policy that prevents remanence data in the virtual memory from being accessed by an unauthorized user. In response to receiving the hypercall, one or more processors sanitize the data in the virtual memory that is allocated for use by the application.

Abstract: A method manages a possession of a passenger of a self-driving vehicle (SDV). One or more processors identify a passenger type of the passenger and a possession type of the possession. One or more processors adjust a possession monitoring system in the SDV based on the passenger type and the possession type, such that adjusting the possession monitoring system modifies an SDV vigilance level V of the possession monitoring system in the SDV to create an adjusted possession monitoring system. One or more processors receive an evaluation of the possession from the adjusted possession monitoring system, and then determine a problem with the possession based on the evaluation of the possession from the adjusted possession monitoring system. One or more processors then adjust an operation of the SDV based on the determined problem with the possession of the passenger of the SDV.

Abstract: A horn honking control method, system, and computer program product, include an advanced vehicle horn honking control according to a context of the vehicle where a differential horn honking action is performed based on the context.

Abstract: A vehicle control method, system, and computer program product, includes determining a cognitive state of a driver of a vehicle, detecting an upcoming traffic signal at an intersection and a status of the upcoming traffic signal, identifying intersection data relating to the intersection with the upcoming traffic signal, and performing a vehicle control action on the vehicle at the intersection based on the cognitive state of the driver, the status of the upcoming traffic signal, and the intersection data.

Abstract: A computer-implemented method, system, and/or computer program product controls a driving mode of a self-driving vehicle (SDV). One or more processors compare a control processor competence level of the on-board SDV control processor that autonomously controls the SDV to a human driver competence level of a human driver in controlling the SDV while the SDV experiences the current operational anomaly. One or more processors then selectively assign control of the SDV to the on-board SDV control processor or to the human driver while the SDV experiences the current operational anomaly based on which of the control processor competence level and the human driver competence level is relatively higher to the other.

Abstract: A computer-implemented method includes monitoring a current location of a mobile robot in a physical space, which includes a first area separated from a second area by a selectively permeable virtual membrane, and a software requirement corresponding to the mobile robot with regard to the second area. The method further includes identifying a software state of the mobile robot that matches the software requirement, determining whether the software state of the mobile robot meets the software requirement, and allowing the mobile robot to move from the first area to the second area through the selectively permeable virtual membrane in response to determining whether the software state of the mobile robot meets the software requirement.

Abstract: A method sanitizes a virtualized composite service. One or more processors provide a sanitization policy for each image within the virtualized composite service. The processor(s) analyze sanitization policies for multiple images in the virtualized composite service in order to detect inconsistencies among the sanitization policies. The processor(s), in response to finding inconsistencies between the sanitization policies, resolve the inconsistencies to produce a consistent sanitization policy, and then use the consistent sanitization policy to sanitize the virtualized composite service to create a sanitized virtualized composite service. The processor(s) receive a request for the virtualized composite service from a requester, and then respond to the request for the virtualized composite service by returning the sanitized virtualized composite service to the requester.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in software components of an application based on a static code analysis identifying start and end operations on sensitive data in the software components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the software components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the software components of the application. A dynamic code analysis is performed on the application during execution of the application to prevent executing source code of the application from recording in the audit logs the sensitive data processed by the application.

Abstract: A processor-implemented method alters a computer resource based on its new geolocation. One or more processors receive a message that a computer resource has moved from a first geolocation to a new geolocation. The processor(s) receive an identifier of the new geolocation for the computer resource. In response to receiving the identifier of the new geolocation for the computer resource, the processor(s) request and receive encrypted data from the new geolocation. The processor(s) apply decryption information to the encrypted data from the new geolocation, where the decryption information is specifically for decrypting encrypted data from the new geolocation. In response to the decryption information failing to decrypt the encrypted data from the new geolocation, the processor(s) determine that the identifier of the new geolocation is false and apply a geolocation based resource policy to alter the computer resource at the new geolocation.

Abstract: A method establishes a session between a network resource and a user device used by a user having a particular sociometric identity. One or more processors identify an interaction between a user and one or more provider entities. The processor(s) identify profiles for the one or more provider entities, and compute a sociometric identity of the user based on the profiles of the one or more provider entities with which the user has had an interaction. One or more processors transmit the sociometric identity to a network resource in order to establish a session between the network resource and a user device used by the user having the sociometric identity.