Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a privileged storage of a computing system, wherein at least a portion of the privileged storage stores a microcode of the computing system, determining, based on the monitoring, that a first location of the privileged storage includes an instruction, determining that the first location is designated as an unused location of the privileged storage, and performing a predefined operation to remove the instruction from the first location of the privileged storage.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.

Abstract: Techniques for computer security are provided. A request to access a first file referenced as a variable in a source code of an application is received. A file name of the first file is then retrieved from a runtime stack, and the file name is stored in a system-wide accessible cross-reference file.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a privileged storage of a computing system, wherein at least a portion of the privileged storage stores a microcode of the computing system, determining, based on the monitoring, that a first location of the privileged storage includes an instruction, determining that the first location is designated as an unused location of the privileged storage, and performing a predefined operation to remove the instruction from the first location of the privileged storage.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, wherein the data file is referenced by a variable name in a source code of the application, receiving data describing the request, wherein the data describing the request is obtained from a runtime stack of the application and includes a name of the application and a name of the data file, wherein the name of the data file is used as a value for the variable name, and storing an indication that the application accessed the data file in a cross-reference data store for the system.

Abstract: Systems, methods, and computer program products to perform an operation comprising receiving, from an application executing on a system, a request to access a data file, receiving data describing the request, wherein the data describing the request includes data from a runtime stack of the application, wherein the data from the runtime stack includes a program statement number, identifying, in a protected memory block, a first rule for accessing the data file, wherein the first rule specifies a program statement number permitted to access the data file, and upon determining that the program statement number from the runtime stack does not match the program statement number specified in the first rule, restricting access to the data file by the application.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, determining, based on environment information in the runtime stack, whether a first set of privileges available to the application are greater than a second set of privileges available to a the user of the application, storing the permission and identity information and an indication of whether the first set of privileges is greater than the second set of privileges in a data file, and adjusting the privileges for the user based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from a first application to obtain a set of call information based on runtime stack information related to calls of the first application requesting access to the file, storing the set of call information in a data file, receiving a request for access to the file from a second application, obtaining call information from a runtime stack from the second application, comparing the call information with the set of call information, determining the request for access is an abnormal request based on the comparing, and taking an action based on the determination.

Abstract: Systems, methods, and computer program products to perform an operation comprising monitoring a set of file access requests to a file from an application to obtain permission and identity information related to the monitored requests, wherein the monitoring includes obtaining a runtime stack from the application, storing the permission and identity information in a data file, determining for the application and a file of the set of files, privileges available to the application for the available authority based on the stored data file, determining a set of privileges needed by the application to access the file based on the stored data file, selecting privileges for a user of the application based on set of privileges needed by the application and the authority available to the application, and assigning the privileges for the user based on the selected privileges.

Abstract: Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state.

Abstract: Vital data components of a computer system are protected by a mechanism for detecting unauthorized alteration, preferably in the form of digital signatures to detect unauthorized alteration. A vital data validation mechanism is provided to verify that vital data modules have not been tampered with. The vital data validation mechanism verifies the current state of each vital data module, preferably by decrypting the digital signature. The validation mechanism also checks an alteration log to verify that no alterations have been made to the corresponding memory locations. The second verification is intended to detect whether a vital data module has been altered temporarily, and then restored to its initial state.

Abstract: Methods, systems, and products are disclosed for preventing false positive detections in an intrusion detection system that include: establishing one or more activity profiles for an intrusion detection system, each activity profile specifying system activity for detection by the intrusion detection system; receiving, in the intrusion detection system, an exception notification for a specific activity profile, the exception notification specifying that the specific activity profile represents authorized system activity; determining, by the intrusion detection system, whether current system activity matches the specific activity profile; and administering, by the intrusion detection system, the current system activity if current system activity matches the specific activity profile.