Abstract: An automatic code analysis tool is disclosed. The automatic code analysis tool can automatically analyze an application code of a subject application and application-specific additional information of a resource used by the subject application. The automatic code analysis tool can implement a method to receive the application code for analysis. A determination is made as to how application-specific information from resources operably coupled to the application code is implemented via the application code. The determination is performed with an automatic analysis without running the application code.

Abstract: Privately determining whether a password satisfies a constraint without having to divulge the password itself to a third party that evaluates the constraint, and without the third party even being aware of the result of the evaluation. After the user selects a password, private communication (e.g., private information retrieval) is used to determine whether the selected password satisfies password constraints. For instance, the password might be encrypted (e.g., homomorphically), and then the encrypted password and a function definition (e.g., a homomorphic function definition) is then provided to the third party. The third party then performs the function and returns an already encrypted result. The third party generated the encrypted result directly, without having access to the result in the clear. Upon receiving the encrypted result, the user's computing system may then decrypt the result, to find out whether the password satisfies the constraints, and thus is sufficiently safe.

Abstract: The least-privilege permission needed for an identity, such as a user account, application, user group, or process, to access a resource of a tenant of a cloud service is determined from a predicted future resource usage. The predicted future resource usage is based on the resource usage history of an identity, the resource usage history of similar identities and the resource usage history of its peers. Similar identities are determined from node embeddings of a graph that represents the assigned permissions of an identity to a resource and the usage activity at a resource. The permissions needed to perform the predicted future resource usage is compared with the current permission assignments to determine the bare minimum permission that an identity needs for its ongoing and future workflow.

Abstract: An automatic code analysis tool is disclosed. The automatic code analysis tool can automatically analyze an application code of a subject application and application-specific additional information of a resource used by the subject application. The automatic code analysis tool can implement a method to receive the application code for analysis. A determination is made as to how application-specific information from resources operably coupled to the application code is implemented via the application code. The determination is performed with an automatic analysis without running the application code.

Abstract: The least-privilege permission needed for an identity, such as a user account, application, user group, or process, to access a resource of a tenant of a cloud service is determined from a predicted future resource usage. The predicted future resource usage is based on the resource usage history of an identity, the resource usage history of similar identities and the resource usage history of its peers. Similar identities are determined from node embeddings of a graph that represents the assigned permissions of an identity to a resource and the usage activity at a resource. The permissions needed to perform the predicted future resource usage is compared with the current permission assignments to determine the bare minimum permission that an identity needs for its ongoing and future workflow.

Abstract: Monitoring of operations of different types of devices to determine when the devices have varied from usual operation. The devices might be connected, directly or through a proxy, to a cloud service, and may be innumerable devices (such as Internet of Things devices) of a variety of different types. The operations of any number of such devices are measured. Based on the measurements, the devices are grouped based on the operational similarity. Then, standard operational characteristics are then defined for each group of devices. The operational characteristics for the devices are monitored so as to detect when a particular device has varied from this defined standard operation. When a variance is detected, an alert is provided to that effect.

Abstract: Privately determining whether a password satisfies a constraint without having to divulge the password itself to a third party that evaluates the constraint, and without the third party even being aware of the result of the evaluation. After the user selects a password, private communication (e.g., private information retrieval) is used to determine whether the selected password satisfies password constraints. For instance, the password might be encrypted (e.g., homomorphically), and then the encrypted password and a function definition (e.g., a homomorphic function definition) is then provided to the third party. The third party then performs the function and returns an already encrypted result. The third party generated the encrypted result directly, without having access to the result in the clear. Upon receiving the encrypted result, the user's computing system may then decrypt the result, to find out whether the password satisfies the constraints, and thus is sufficiently safe.