Abstract: A forensic device allows a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. The forensic device acquires the computer evidence from the target computing device and filters the computer evidence using an application-specific system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances executing throughout an enterprise. The forensic device presents a user interface through which the remote user views the filtered computer evidence acquired from the target computing device. In this manner, forensic device allows the user to filter the collected computer evidence to data that is likely to have forensic relevance.

Abstract: A peer-to-peer (P2P) networking system is disclosed that provides a large, persistent object repository with the ability to easily scale to significant size. Data security is provided using a distributed object data access mechanism to grant access to data objects to authorized users. Data objects stored within the object repository are provided a plurality of security options including plain text data, objects, encrypted data objects, and secure, secret sharing data objects. A data object query processing component permits users to locate requested information within the P2P networking system.

Abstract: This disclosure describes techniques of dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a set of one or more servers may host context objects that contain the statements that make up the pedigree of the resource. In order to obtain the pedigree of the resource, a context assembly device may send queries to the servers for context objects that are likely to contain statements in the pedigree of the resource. After receiving context objects from the servers in response to the queries, the context assembly device may query the statements in the received context objects in order to identify, among the statements in the context objects, the statements that constitute the pedigree of the resource. The dynamically assembled pedigree may then be used in a variety of ways.

Abstract: A system is described for dynamically generating an application-specific, system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances. In particular, the system includes a plurality of client computing devices for capturing empirical information relating to the exercise of privileges by the plurality of software application instances executing on top of a plurality of instances of a platforms residing within the plurality of client devices. The plurality of client devices each uploads the empirical information to an EPP server, which is also included within the system. The empirical privilege profiler system dynamically generates the profile based the empirical information. In this way, the system may facilitate adherence to the Principle of Least Privilege by revealing system-level privilege use by an application, monitoring of system-level privilege use, and detection of system intrusions.

Abstract: A forensic device allows a user to remotely interrogate a target computing device in order to collect and analyze computer evidence that may be stored on the target computing device. The forensic device acquires the computer evidence from the target computing device and filters the computer evidence using an application-specific system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances executing throughout an enterprise. The forensic device presents a user interface through which the remote user views the filtered computer evidence acquired from the target computing device. In this manner, forensic device allows the user to filter the collected computer evidence to data that is likely to have forensic relevance.

Abstract: This disclosure describes techniques of dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a set of one or more servers may host context objects that contain the statements that make up the pedigree of the resource. In order to obtain the pedigree of the resource, a context assembly device may send queries to the servers for context objects that are likely to contain statements in the pedigree of the resource. After receiving context objects from the servers in response to the queries, the context assembly device may query the statements in the received context objects in order to identify, among the statements in the context objects, the statements that constitute the pedigree of the resource. The dynamically assembled pedigree may then be used in a variety of ways.

Abstract: A system is described for dynamically generating an application-specific, system-level privilege profile that describes the aggregate exercise of system-level privileges by a plurality of software application instances. In particular, the system includes a plurality of client computing devices for capturing empirical information relating to the exercise of privileges by the plurality of software application instances executing on top of a plurality of instances of a platforms residing within the plurality of client devices. The plurality of client devices each uploads the empirical information to an EPP server, which is also included within the system. The empirical privilege profiler system dynamically generates the profile based the empirical information. In this way, the system may facilitate adherence to the Principle of Least Privilege by revealing system-level privilege use by an application, monitoring of system-level privilege use, and detection of system intrusions.

Abstract: In general, the invention is directed to techniques for preventing or otherwise reducing the effects of network attacks, such as Denial of Service (DoS) attacks, on applications that use messaging services. In particular, the invention may be effective for publish/subscribe messaging services and queuing messaging services. The techniques utilize destination aliasing, a form of channel partitioning, in which each messaging service client associated with a messaging service is assigned a unique alias for each topic that the messaging service client requests service. The aliases may be used for monitoring traffic originating from particular clients, defending applications from network attacks, and preventing resumption of an attack by an attacking client.

Abstract: A peer-to-peer (P2P) networking system is disclosed that provides a large, persistent object repository with the ability to easily scale to significant size. Data security is provided using a distributed object data access mechanism to grant access to data objects to authorized users. Data objects stored within the object repository are provided a plurality of security options including plain text data, objects, encrypted data objects, and secure, secret sharing data objects. A data object query processing component permits users to locate requested information within the P2P networking system.

Abstract: In general, the invention is directed to techniques for preventing or otherwise reducing the effects of network attacks, such as Denial of Service (DoS) attacks, on applications that use messaging services. In particular, the invention may be effective for publish/subscribe messaging services and queuing messaging services. The techniques utilize destination aliasing, a form of channel partitioning, in which each messaging service client associated with a messaging service is assigned a unique alias for each topic that the messaging service client requests service. The aliases may be used for monitoring traffic originating from particular clients, defending applications from network attacks, and preventing resumption of an attack by an attacking client.