Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A method, computer program product, and a system where a processor(s) obtains a request, from a first client, to stream selected content, uploaded by a second client, on a streaming media platform. The processor(s) identifies a similarity between metadata associated with the selected content and metadata associated with relevant additional content uploaded to the streaming media platform, by a third client. The metadata associated with the selected content and the metadata associated with the relevant additional content describe elements in the selected content and the relevant additional content identified, based on the processor(s) performing a content analysis of the selected content and the relevant additional content. The processor(s) selects the relevant additional content to provide to the first client, with the selected content, based on the similarity. The processor(s) displays the relevant additional content with the selected content on a viewer on the first client.

Abstract: Systems, methods, and computer-readable media are described for selecting, at build time, a respective compiler and/or a respective set of compiler options for each section of code to be compiled such that the compiler/compiler options selected for each code section are optimized for that code section with respect to one or more metrics. Abstract syntax tree (AST) analysis and semantic analysis may be performed at build time for each section of code to identify the compiler/compiler options that produce compiled object code for that code section that maximizes or minimizes a desired metric. The metric according to which compiler/compiler option optimization is performed may be any suitable metric including, without limitation, performance, binary size, security, reliability, scalability, and so forth.

Abstract: A static analysis tool configured to determine a significance of static analysis results. The static analysis tool can perform operations that include performing a static analysis of a computer program and generating the static analysis results in response to the performing the static analysis of the computer program. The operations can further include analyzing a description of a result item from the static analysis results, and based on the analyzing the description of the result item, assigning to the result item information from an ontology scheme. The operations can further include determining a significance value for the result item in response to the assigning the information from the ontology scheme and automatically performing an action associated with the result item based on one or more of the information assigned from the ontology scheme or the significance value.

Abstract: A static analysis tool configured to determine a significance of static analysis results. The static analysis tool includes computer program code to perform a static analysis of a computer program and generate the static analysis results in response to the performance of the static analysis of the computer program. The program code can further analyze a description of a result item from the static analysis results, and based on the analysis of the description of the result item, assign to the result item information from an ontology scheme. The program code can further include code determine a significance value for the result item in response to the assignment of the information from the ontology scheme and automatically perform an action associated with the result item based on one or more of the information assigned from the ontology scheme or the significance value.

Abstract: Providing an accurate and on-demand status of audit compliance is disclosed. A security policy, agreed upon by a service provider and a service user, is provisioned in a compliance log. A service provider requests to add a first update to the compliance log, the first update indicating that a compliance action has been taken. The first update is added to the compliance log, and a first computational digest of the compliance log is added after adding the first update. An auditor of the compliance action requests to add a second update to the compliance log. The second update is added to the compliance log, and a second computational digest of the compliance log is added after adding the second update. Thereby, the user is provided a more current view of audit compliance that that can be trusted based on the tamper-proof compliance log.

Abstract: A method, computer program product, and a system where a processor(s) obtains a request, from a first client, to stream selected content, uploaded by a second client, on a streaming media platform. The processor(s) identifies a similarity between metadata associated with the selected content and metadata associated with relevant additional content uploaded to the streaming media platform, by a third client. The metadata associated with the selected content and the metadata associated with the relevant additional content describe elements in the selected content and the relevant additional content identified, based on the processor(s) performing a content analysis of the selected content and the relevant additional content. The processor(s) selects the relevant additional content to provide to the first client, with the selected content, based on the similarity. The processor(s) displays the relevant additional content with the selected content on a viewer on the first client.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A static analysis tool configured to determine a significance of static analysis results. The static analysis tool can perform operations that include performing a static analysis of a computer program and generating the static analysis results in response to the performing the static analysis of the computer program. The operations can further include analyzing a description of a result item from the static analysis results, and based on the analyzing the description of the result item, assigning to the result item information from an ontology scheme. The operations can further include determining a significance value for the result item in response to the assigning the information from the ontology scheme and automatically performing an action associated with the result item based on one or more of the information assigned from the ontology scheme or the significance value.

Abstract: A source code search comprises a two-pass search. The first pass comprises a topological measure of similarity. The second pass comprises a semantic measure of similarity. The query source code is a user-selected portion of source code. The results may be ranked and output to an I/O device.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Systems, methods, and computer-readable media are described for selecting, at build time, a respective compiler and/or a respective set of compiler options for each section of code to be compiled such that the compiler/compiler options selected for each code section are optimized for that code section with respect to one or more metrics. Abstract syntax tree (AST) analysis and semantic analysis may be performed at build time for each section of code to identify the compiler/compiler options that produce compiled object code for that code section that maximizes or minimizes a desired metric. The metric according to which compiler/compiler option optimization is performed may be any suitable metric including, without limitation, performance, binary size, security, reliability, scalability, and so forth.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Detection of a key logger includes determining a count of keystrokes that occur during each of a plurality of time windows. Write activity that occurs during each of the plurality of time windows can be measured. The number of key strokes occurring in window is compared with the write activity occurring during the window. In response to determining that the count of keystrokes in a time window is linearly related to the measurement of write activity in the time window for a threshold number of time windows of the plurality of windows, a notification of a potential presence of a key logger is provided.

Abstract: Technical solutions are described for extending shrouding capability of a virtual server hosting system. An example method includes receiving a request to deploy a shrouded virtual server using a predetermined set of hardware components, and using a shrouded mode. The method also includes adding a guest server to the hosting system, the guest server including the predetermined set of hardware components. The method also includes deploying a preconfigured hypervisor on the guest server, where the preconfigured hypervisor is deployed in an immutable mode that disables changes to security settings of the preconfigured hypervisor. The method also includes deploying, by the preconfigured hypervisor, a preconfigured boot image as an instance of the virtual server on the preconfigured hypervisor. The method also includes sending an identifier of the virtual server for receipt by the client device.