Abstract: A method is provided for reducing memory consumption by a rule engine. The method includes receiving attack trees, each having nodes and edges. Each node represents a security event and is associated with a detection rule for detecting an occurrence thereof. Each edge connects a respective node pair. The method includes assigning a watchpoint to each leaf node. The method includes moving the watchpoint assigned to any leaf node to a next upstream node, responsive to detecting an occurrence of the security event represented by the leaf node. The method includes erasing the watchpoint assigned to all downstream nodes relative to the next upstream node, responsive to the next upstream node being connected to a next downstream node using an edge having an “OR” join type. Only the rules for nodes currently having the watchpoint assigned are loaded into a memory device during runtime, while excluding rules for remaining nodes.

Abstract: A computer-implemented method, a computer program product, and a computer system for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

Abstract: A method is provided for reducing memory consumption by a rule engine. The method includes receiving attack trees, each having nodes and edges. Each node represents a security event and is associated with a detection rule for detecting an occurrence thereof. Each edge connects a respective node pair. The method includes assigning a watchpoint to each leaf node. The method includes moving the watchpoint assigned to any leaf node to a next upstream node, responsive to detecting an occurrence of the security event represented by the leaf node. The method includes erasing the watchpoint assigned to all downstream nodes relative to the next upstream node, responsive to the next upstream node being connected to a next downstream node using an edge having an “OR” join type. Only the rules for nodes currently having the watchpoint assigned are loaded into a memory device during runtime, while excluding rules for remaining nodes.

Abstract: A computer-implemented method, a computer program product, and a computer system for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

Abstract: A method and system are provided for estimating a skill level of a user regarding a software program executed by the user on a computer processing system. The software program has workbenches that each include commands corresponding thereto. The method includes creating at least one special command set for user skill level estimation by including the commands that exist in various ones of the workbenches and that are executed at least a predetermined percentage of times by the user and excluding the commands which are common to at least two of the workbenches. The method further includes creating partial command sequences from the commands in the at least one special command set. The method also includes determining frequent command execution patterns by applying pattern mining to the partial command sequences. The method additionally includes estimating the skill level of the user based on frequencies of the frequent command execution patterns.

Abstract: A computer-implemented method for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

Abstract: A method and system are provided for estimating a skill level of a user regarding a software program executed by the user on a computer processing system. The software program has workbenches that each include commands corresponding thereto. The method includes creating at least one special command set for user skill level estimation by including the commands that exist in various ones of the workbenches and that are executed at least a predetermined percentage of times by the user and excluding the commands which are common to at least two of the workbenches. The method further includes creating partial command sequences from the commands in the at least one special command set. The method also includes determining frequent command execution patterns by applying pattern mining to the partial command sequences. The method additionally includes estimating the skill level of the user based on frequencies of the frequent command execution patterns.

Abstract: A method for model based verification of security policies for web service composition. The method includes corresponding to a verification generated by an information flow analysis. The method further includes obtaining an abstracted security qualifier. The method proceeds by presenting the abstracted security qualifier to an application model. The abstracted security qualifier being presented to the application model as a security requirement. Subsequently, the method proceeds by farther including removing the data security requirement on data utilized in the service from the compliance rule. The method proceeds by processing flow in the application model, such processing being based upon the data security requirement. The method further includes verifying the consistency in response to the processing flow.

Abstract: A software development apparatus for developing application software based on an object model that requires security in a web service application is provided. The software development apparatus includes a display unit that displays, in a class diagram of the application software, security annotation for adding security requirements for a service, input means for inputting the security annotation, transforming means for transforming the class diagram into a configuration model based on a markup language, and configuration-file creating means for creating a configuration file based on a markup language by serializing the configuration model based on a markup language. The security annotation includes the security requirements and a token class of a security token that is a certificate for declaring identity of a client to a server.

Abstract: A method, system and article of manufacture are disclosed for configuring software application components. The method comprises the steps of developing a set of policy application rules, assembling unconfigured software components into one or more software applications, and applying said application rules to the unconfigured software components to configure said software components. In the preferred embodiment, the applying step includes the steps of passing the unconfigured software components to a policy rule engine, and using said policy rule engine to apply said application rules to the unconfigured software components to produce the configured components. In addition, the method may be done to resolve ambiguities in the software components. In particular, the application rules may be designed to resolve ambiguities in the application of these rules to the unconfigured software components. Also, each application rule preferably includes a condition, an application template, and a policy.

Abstract: A pattern-based policy method for service component architecture (SCA) defines a policy pattern for SCA. The policy pattern includes a plurality of roles and one or more constraints between said plurality of roles. Each of said plurality of roles defines a plurality of intents or policy sets or combination thereof. One or more roles assigned to said one or more SCA components are identified and one or more intents or policy sets or combination thereof associated with said one or more roles are automatically applied to said one or more SCA components. Said one or more intents or policy sets or combination thereof applied to said one or more SCA components are validated based on said one or more constraints.

Abstract: A software development apparatus for developing application software based on an object model that requires security in a web service application is provided. The software development apparatus includes a display unit that displays, in a class diagram of the application software, security annotation for adding security requirements for a service, input means for inputting the security annotation, transforming means for transforming the class diagram into a configuration model based on a markup language, and configuration-file creating means for creating a configuration file based on a markup language by serializing the configuration model based on a markup language. The security annotation includes the security requirements and a token class of a security token that is a certificate for declaring identity of a client to a server.

Abstract: The present invention creates a SOAP message without using DOM by generating a body part by sequentially performing such a process of a message as encryption or signing for each piece of the message, generating a header part by using information acquired during the process, and by combining the body part and the header part. The present invention also breaks a SOAP message without using DOM by acquiring header information with parsing a received SOAP message and sequentially performing decode or verification of a signature of a body part according to the header information.

Abstract: A method, system and article of manufacture are disclosed for configuring software application components. The method comprises the steps of developing a set of policy application rules, assembling unconfigured software components into one or more software applications, and applying said application rules to the unconfigured software components to configure said software components. In the preferred embodiment, the applying step includes the steps of passing the unconfigured software components to a policy rule engine, and using said policy rule engine to apply said application rules to the unconfigured software components to produce the configured components. In addition, the method may be done to resolve ambiguities in the software components. In particular, the application rules may be designed to resolve ambiguities in the application of these rules to the unconfigured software components. Also, each application rule preferably includes a condition, an application template, and a policy.

Abstract: A pattern-based policy method for service component architecture (SCA) defines a policy pattern for SCA. The policy pattern includes a plurality of roles and one or more constraints between said plurality of roles. Each of said plurality of roles defines a plurality of intents or policy sets or combination thereof. One or more roles assigned to said one or more SCA components are identified and one or more intents or policy sets or combination thereof associated with said one or more roles are automatically applied to said one or more SCA components. Said one or more intents or policy sets or combination thereof applied to said one or more SCA components are validated based on said one or more constraints.

Abstract: Systems, methods, and computer products for information sharing using personalized index caching. Exemplary embodiments include a method including receiving a search query history from a node X in a node A, extracting characteristics of an index of the node A, searching the extracted characteristics, which include a file ID that is included in the index of the node A, adding metadata information to the index of the node A, in response to a determination that the node A includes at least one additional local metaindex, searching the at least one additional metaindex with the search query history from the node X in the node A, and merging search results with the metaindex of the node A, wherein the one additional metaindex merged to the metaindex of the node A includes an acquisition path, and sending the metaindex of the node A to the node X.

Abstract: Systems, methods, and computer products for information sharing using personalized index caching. Exemplary embodiments include a method including receiving a search query history from a node X in a node A, extracting characteristics of an index of the node A, searching the extracted characteristics, which include a file ID that is included in the index of the node A, adding metadata information to the index of the node A, in response to a determination that the node A includes at least one additional local metaindex, searching the at least one additional metaindex with the search query history from the node X in the node A, and merging search results with the metaindex of the node A, wherein the one additional metaindex merged to the metaindex of the node A includes an acquisition path, and sending the metaindex of the node A to the node X.

Abstract: Methods, apparatus, and products are disclosed for security policy validation for web services that include: transforming a security policy for a web service into a policy predicate logic representation; providing a profile predicate logic representation that represents one or more rules of a security policy profile; determining whether the security policy satisfies the security policy profile in dependence upon the policy predicate logic representation and the profile predicate logic representation; and notifying a user that the security policy is valid if the security policy satisfies the security policy profile

Abstract: Methods, apparatus, and products are disclosed for security policy validation for web services that include: transforming a security policy for a web service into a policy predicate logic representation; providing a profile predicate logic representation that represents one or more rules of a security policy profile; and determining whether the security policy satisfies the security policy profile in dependence upon the policy predicate logic representation and the profile predicate logic representation.

Abstract: The present disclosure provides an information processing apparatus and the like, which allow a service developer, who develops a service requiring confidentiality in a service-oriented architecture, to easily create authentication settings for the service model. The present disclosure provides an information processing apparatus for developing a service requiring confidentiality in a service-oriented architecture. The information processing apparatus includes: an input unit for inputting an annotation for a service; a storage unit for storing an Authentication Infrastructure Model of a machine node on which the service is executed; and an Authentication Policy generation unit for generating an Authentication Policy by using the annotation and the Authentication Infrastructure Model.