Abstract: A method for predicting, for a motor vehicle traveling on a first road segment, a future coefficient of friction of the vehicle on a second road segment. The method includes steps of obtaining operating parameters of the vehicle and at least one characteristic of the first road segment, of computing an indicator on the basis of the obtained operating parameters of the vehicle, of determining a frictional category of the vehicle according to the value of the computed indicator and of the at least one obtained characteristic of the road segment, of selecting a friction profile of the vehicle on the basis of the determined frictional category, and of determining a coefficient of friction of the vehicle by applying the selected profile to at least one characteristic of the second road segment. A device for implementing the prediction method is also disclosed.

Abstract: A method for predicting, for a motor vehicle traveling on a first road segment, a future coefficient of friction of the vehicle on a second road segment. The method includes steps of obtaining operating parameters of the vehicle and at least one characteristic of the first road segment, of computing an indicator on the basis of the obtained operating parameters of the vehicle, of determining a frictional category of the vehicle according to the value of the computed indicator and of the at least one obtained characteristic of the road segment, of selecting a friction profile of the vehicle on the basis of the determined frictional category, and of determining a coefficient of friction of the vehicle by applying the selected profile to at least one characteristic of the second road segment. A device for implementing the prediction method is also disclosed.

Abstract: A system for generating confidence values for objects in a digital road map comprising a backend and an object recognition device including: a capture unit, an evaluation unit, a positioning unit, and a transceiver. The capture unit captures surroundings data of a vehicle. The positioning unit determines a position of the captured surroundings data and objects contained therein. The evaluation unit recognizes the objects and concealed objects based on the surroundings data and associates them with position information. The transceiver transmits information generated by the evaluation unit to the backend. The backend generates or updates the map. Each of the objects in the map has an associated confidence value. The backend adjusts the confidence values based on the received data. The backend does not reduce the confidence value of an object if there is a corresponding concealed object in the received data.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport is encrypted based on a public key certificate registered with a trusted signer. The signed passport includes a hash value that includes a heart-beat time-out interval and a firewall rule. A trigger signal within the heart-beat time-out interval is generated. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

Abstract: A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport is encrypted based on a public key certificate registered with a trusted signer. The signed passport includes a hash value that includes a heart-beat time-out interval and a firewall rule. A trigger signal within the heart-beat time-out interval is generated. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport, which includes a heart-beat time-out interval and a firewall rule, is received. A trigger signal is generated within the heart-beat time-out interval. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

Abstract: A method and system for performing an operation on protected sensitive data. A processor of a data processing system receives, from a computing system: (i) the protected sensitive data, (ii) an identification of an operation that accesses and utilizes the protected sensitive data during performance of the operation, and (iii) a request to perform the operation, wherein the computing system is external to the data processing system. The processor de-protects the received protected sensitive data, which generates unprotected sensitive data from the protected sensitive data. The processor performs the operation, which includes accessing and utilizing the unprotected sensitive data and generating a result. After the operation is performed, the processor re-protects the unprotected sensitive data, which restores the protected sensitive data. The processor sends the result to the computing system.

Abstract: A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport, which includes a heart-beat time-out interval and a firewall rule, is received. A trigger signal is generated within the heart-beat time-out interval. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

Abstract: A method, and associated system and computer program product, for modifying rules in a firewall infrastructure are described. A unit of deployment including application code and a signed passport is received at a requestor module on a server. The passport includes a heart-beat time-out interval, a firewall rule, and a first application hash value. A trigger signal within the heart-beat time-out interval is generated. The application code is hashed, resulting in a second application hash value. In response to authenticating the passport and determining the first and second application hash values as being equal, the signed passport and trigger signal are transmitted to a border control agent of the firewall; the firewall rule is continuously confirmed within a time interval shorter than the heart-beat time-out interval; and the firewall is modified according to the firewall rule.

Abstract: An apparatus, system, and method are provided for evaluating database accesses. The apparatus may comprise a computer program that causes a computer system to exchange profiling data between a client application module and a database module; execute a database access; determine a database access policy violation at a detection point module; and selectively request context information from a context point module related to the database access.

Abstract: A method, and associated system and computer program product, for modifying rules in a firewall infrastructure are described. A unit of deployment including application code and a signed passport is received at a requestor module on a server. The passport includes a heart-beat time-out interval, a firewall rule, and a first application hash value. A trigger signal within the heart-beat time-out interval is generated. The application code is hashed, resulting in a second application hash value. In response to authenticating the passport and determining the first and second application hash values as being equal, the signed passport and trigger signal are transmitted to a border control agent of the firewall; the firewall rule is continuously confirmed within a time interval shorter than the heart-beat time-out interval; and the firewall is modified according to the firewall rule.

Abstract: A method and associated computing system. A first computing environment receives data that includes first sensitive data. The first computing environment includes a hypervisor, a virtual machine running on the hypervisor, and a compliance gateway coupled to the virtual machine and the hypervisor. The compliance gateway intercepts the request. The compliance gateway inspects the intercepted request, does not find sensitive data in the request from inspecting the intercepted request, and forwards the request directly to the virtual machine in response to not finding sensitive data in the request. The virtual machine receives the request from the compliance gateway and in response. The virtual machine initiates performance of an operation indicated in the request. The hypervisor determines that the performance of the request requires the first sensitive data that is sensitive, and in response the hypervisor prevents the virtual machine from completing performance of the operation, by intercepting the operation.

Abstract: A method, and associated system and computer program product, for dynamically modifying rules in a firewall infrastructure. A unit of deployment is received at a requestor module at a server. The unit of deployment includes the application code and a signed passport. The passport includes a firewall rule and a first application hash value. The received passport is authenticated, the received application code is hashed resulting in a second application hash value, and it is validated that the received first application hash value and the generated application hash value are equal. In response to the validation, the passport is received by a border control agent of the firewall from the server, a firewall is modified in the firewall infrastructure according to the received firewall rule, and communicating with the application is enabled through the modified firewall.

Abstract: A method, system and program product for providing virtual configuration management for applications running in a virtual environment. A method is described that includes: receiving a request for application configuration information from a virtual machine for an application; retrieving a versioned configuration image for the application, wherein the versioned configuration image comprises formatted configuration information captured from a previously configured application; creating a configuration runtime instance from the versioned configuration image; and attaching the configuration runtime image to the virtual machine for the application.

Abstract: A method and associated computing system. A first computing environment receives data that includes first sensitive data. The first computing environment includes a hypervisor, a virtual machine running on the hypervisor, and a compliance gateway coupled to the virtual machine and the hypervisor. The compliance gateway intercepts the request. The compliance gateway inspects the intercepted request, does not find sensitive data in the request from inspecting the intercepted request, and forwards the request directly to the virtual machine in response to not finding sensitive data in the request. The virtual machine receives the request from the compliance gateway and in response. The virtual machine initiates performance of an operation indicated in the request. The hypervisor determines that the performance of the request requires the first sensitive data that is sensitive, and in response the hypervisor prevents the virtual machine from completing performance of the operation, by intercepting the operation.

Abstract: A method and associated computing system. Data received by a computing environment includes a mixture of non-sensitive data and sensitive data along with related metadata indicative of a sensitivity of the sensitive data. The computing system includes the computing environment. An operation is performed on the sensitive data in the computing environment by: (a) determining that the data used for the operation are sensitive data, (b) intercepting the operation on the sensitive data, and (c) registering newly created sensitive data, as a result of the operation, with metadata indicating one or more addresses of the sensitive data. An external access to the sensitive data in the computing environment is intercepted. A compliance firewall rule is applied to the sensitive data intended to leave the computing environment. The compliance firewall rule defines an action to be applied to the sensitive data such that the sensitive data are protected against unauthorized access.

Abstract: A method, and associated system and computer program product, for dynamically modifying rules in a firewall infrastructure. A unit of deployment is received at a requestor module at a server. The unit of deployment includes the application code and a signed passport. The passport includes a firewall rule and a first application hash value. The received passport is authenticated, the received application code is hashed resulting in a second application hash value, and it is validated that the received first application hash value and the generated application hash value are equal. In response to the validation, the passport is received by a border control agent of the firewall from the server, a firewall is modified in the firewall infrastructure according to the received firewall rule, and communicating with the application is enabled through the modified firewall.

Abstract: A method, system and program product for providing virtual configuration management for applications running in a virtual environment. A method is described that includes: receiving a request for application configuration information from a virtual machine for an application; retrieving a versioned configuration image for the application, wherein the versioned configuration image comprises formatted configuration information captured from a previously configured application; creating a configuration runtime instance from the versioned configuration image; and attaching the configuration runtime image to the virtual machine for the application.