Abstract: Protecting consumer data is a key responsibility of an organization. The method of protection need to compare the data with policy documents. Ontology and a threshold to select an optimal match plays a key role in such comparison. The conventional automatic threshold computation methods are complex and not based on semantic similarity. The present disclosure generates an Entity Relationship (ER) model from an input document and is converted into a first ontology. The first ontology and a second ontology obtained from a relational database are compared by an ontology matching algorithm. Further, the plurality of many to many correspondences are optimized to one to one correspondence by an optimization method. Further, a plurality of optimal one to one correspondence is generated based on a threshold. The threshold is computed based on symmetric and transitive property. Further, semantically similar entities are selected based on the optimal one to one correspondence.

Abstract: Several data breaches are occurring in organizations due to insecure handling security-sensitive data. Conventional methods utilize static analysis tools and fail to capture all security vulnerabilities. The present disclosure identifies a security vulnerability by analyzing a source code. Initially, a System Dependence Graph (SDG) associated with the source code is received. Forward slicing is performed on the SDG and a plurality of forward function nodes are obtained. A plurality of security parameters associated with the security-sensitive variable are obtained. A backward slicing is performed based on a plurality of security parameters to obtain a plurality of backward function nodes. Further, a plurality of common function nodes is obtained from the plurality of forward and the backward function nodes and utilized to generate a plurality of enumerated paths. The enumerated paths are evaluated to obtain a plurality of feasible paths and are further analyzed to identify security vulnerability.

Abstract: Protecting consumer data is a key responsibility of an organization. The method of protection need to compare the data with policy documents. Ontology and a threshold to select an optimal match plays a key role in such comparison. The conventional automatic threshold computation methods are complex and not based on semantic similarity. The present disclosure generates an Entity Relationship (ER) model from an input document and is converted into a first ontology. The first ontology and a second ontology obtained from a relational database are compared by an ontology matching algorithm. Further, the plurality of many to many correspondences are optimized to one to one correspondence by an optimization method. Further, a plurality of optimal one to one correspondence is generated based on a threshold. The threshold is computed based on symmetric and transitive property. Further, semantically similar entities are selected based on the optimal one to one correspondence.

Abstract: This disclosure relates generally to a method and system for extraction of SQL queries in an application. Various conventional approaches models SQL query extraction at a specific program point problem as an instance of string expression problem. Many string analysis based solutions are not scalable for large applications and those which are scalable do not account explicitly for the heap based flow. In an embodiment, the disclosed method and system utilizes a multi-criteria slicing based model which takes into account the data flowing through heap and contributing to SQL queries generation.

Abstract: System and method for contract management in a data marketplace are disclosed. In an embodiment, the system performs refactoring of a contract, during which the system extracts terms and conditions from the contract and generates a simplified view of the contract. The system further performs a requirement validation based on the contract, during which the system determines features of data entity matches requirements specified by a first party or not, based on domain specific ontologies. If the data entity features are not matching with the requirements, then the system fetches one or more relevant attributes from a list of ontologies, verifies whether the features of entity along with the selected feature(s) satisfy the requirements or not. The system accordingly generates an agreeable requirement document as output of the requirement validation.

Abstract: This disclosure relates generally to a method and system for extraction of SQL queries in an application. Various conventional approaches models SQL query extraction at a specific program point problem as an instance of string expression problem. Many string analysis based solutions are not scalable for large applications and those which are scalable do not account explicitly for the heap based flow. In an embodiment, the disclosed method and system utilizes a multi-criteria slicing based model which takes into account the data flowing through heap and contributing to SQL queries generation.

Abstract: Method and system for analyzing unstructured data for compliance enforcement is disclosed. The system provides a comprehensive compliance enforcement platform, which enables purpose based data processing in an enterprise to support automatic discovery of purposes and linking between data fields and purposes. The system creates a single view of data associated with the data subject for enforcing the data subject's right for data protection and privacy. The system supports database like transactions for unstructured data over web and ensures Atomicity, Consistency, Isolation and Durability (ACID) properties of these transactions. Thus, the system creates a uniform data layer or a web view for data residing in the unstructured and semi-structured data, spread across the enterprise. The transactions on the unstructured data include READ operation, UPDATE operation, and DELETE operation using hypertext transfer protocol (http) over the unstructured data.

Abstract: System and method for contract management in a data marketplace are disclosed. In an embodiment, the system performs refactoring of a contract, during which the system extracts terms and conditions from the contract and generates a simplified view of the contract. The system further performs a requirement validation based on the contract, during which the system determines features of data entity matches requirements specified by a first party or not, based on domain specific ontologies. If the data entity features are not matching with the requirements, then the system fetches one or more relevant attributes from a list of ontologies, verifies whether the features of entity along with the selected feature(s) satisfy the requirements or not. The system accordingly generates an agreeable requirement document as output of the requirement validation.

Abstract: Identifying root cause of code smells is crucial in enabling proper and efficient software maintenance. Desired are computationally less intensive and easy to implement solutions. Embodiments herein provide a method and system for code analysis to identify causes of code smells. The method provides considerable automation during software maintenance by analyzing detected code smells of two subsequent versions of an application by categorizing the code smells, filtering significant code smells from the detected code smells, mapping the significant code smells between two versions, generating a customized PDG for the mapped functions and performing the isomorphic subgraph mapping for computing a function difference. The computed function difference provides added part of the code or removed part or region of the code of the application, which is cause of the significant added code smells, which can then be provided for manual analysis to identify the root causes for efficient software maintenance.

Abstract: Identifying root cause of code smells is crucial in enabling proper and efficient software maintenance. Desired are computationally less intensive and easy to implement solutions. Embodiments herein provide a method and system for code analysis to identify causes of code smells. The method provides considerable automation during software maintenance by analyzing detected code smells of two subsequent versions of an application by categorizing the code smells, filtering significant code smells from the detected code smells, mapping the significant code smells between two versions, generating a customized PDG for the mapped functions and performing the isomorphic subgraph mapping for computing a function difference. The computed function difference provides added part of the code or removed part or region of the code of the application, which is cause of the significant added code smells, which can then be provided for manual analysis to identify the root causes for efficient software maintenance.

Abstract: A system and method are provided for enforcing user policies on database. In one aspect a user policy and/or enterprise policy is predefined and mapped to the column of the database. Further, the query is run through a query parsing module, the result is sent to a query analyzing module to analyze the sensitivity of each query. A query rewriting module rewrites the query and the rewritten query is sent to the database. A sensitive tree is generated using database metadata, which is used during query analysis and query re-writing. In cases the original query does not contain any set operators the rewritten query is executed on the database and results are displayed as per the user policy. The cases where the original query comprises set operators a function called merger is implemented in the database or at the proxy server and data is displayed as per the user policy.

Abstract: Method and system for analyzing unstructured data for compliance enforcement is disclosed. The system provides a comprehensive compliance enforcement platform, which enables purpose based data processing in an enterprise to support automatic discovery of purposes and linking between data fields and purposes. The system creates a single view of data associated with the data subject for enforcing the data subject's right for data protection and privacy. The system supports database like transactions for unstructured data over web and ensures Atomicity, Consistency, Isolation and Durability (ACID) properties of these transactions. Thus, the system creates a uniform data layer or a web view for data residing in the unstructured and semi-structured data, spread across the enterprise. The transactions on the unstructured data include READ operation, UPDATE operation, and DELETE operation using hypertext transfer protocol (http) over the unstructured data.

Abstract: Systems and methods for masking content of different types are described. The system may implement the method comprising receiving a request to mask input content that includes sensitive and non-sensitive data. The method also comprises parsing the input content to create a content specific structure (CSS) to organize the input content in a structured format. The CSS includes a plurality of CSS nodes. The method analyses each CSS node against a pre-defined privacy policy and identifies sensitivity of the each CSS node. The method also creates a generalized masking structure (GMS) by creating a GMS node corresponding to each CSS node. Each GMS node contains sensitivity information related to corresponding CSS node. Data represented by GMS is masked based upon the sensitivity information stored in it.

Abstract: A system and a method for managing privacy of data are provided. The method includes causing generation of a trigger notification notifying an access to one or more fields of a user-profile in a first application. The trigger notification generated is by a second application integrated with the first application. The first application includes a plurality of fields comprising sensitive data associated with the user-profile. The method further includes enforcing one or more access preferences corresponding to the one or more fields by the second application on the generation of the trigger notification. The one or more access preferences are based at least on one of a plurality of preconfigured rules and contextual information associated with the trigger notification. Enforcing the one or more access preferences facilitates in managing data privacy.

Abstract: A system and method are provided for enforcing user policies on database. In one aspect a user policy and/or enterprise policy is predefined and mapped to the column of the database. Further, the query is run through a query parsing module, the result is sent to a query analyzing module to analyze the sensitivity of each query. A query rewriting module rewrites the query and the rewritten query is sent to the database. A sensitive tree is generated using database metadata, which is used during query analysis and query re-writing. In cases the original query does not contain any set operators the rewritten query is executed on the database and results are displayed as per the user policy. The cases where the original query comprises set operators a function called merger is implemented in the database or at the proxy server and data is displayed as per the user policy.

Abstract: System and method for enablement of data masking for web documents are disclosed. In an example, a rendering specification associated with reference web documents and previewed reference web documents are received. Further, a first web document processed based on the rendering specification is received. Furthermore, a status of the rendering specification is determined upon processing the first web document. In addition, the first web document and the previewed reference web documents are analyzed to determine a set of candidates for a sensitive label and/or data associated with a sensitive label in the first web document when the status of the rendering specification is a sensitive label not found and/or data associated with a sensitive label not found. The rendering specification is then updated upon determination. Masking of the data associated with sensitive labels in the first web document is then enabled using the updated rendering specification.

Abstract: System and method for enablement of data masking for web documents are disclosed. In an example, a rendering specification associated with reference web documents and previewed reference web documents are received. Further, a first web document processed based on the rendering specification is received. Furthermore, a status of the rendering specification is determined upon processing the first web document. In addition, the first web document and the previewed reference web documents are analyzed to determine a set of candidates for a sensitive label and/or data associated with a sensitive label in the first web document when the status of the rendering specification is a sensitive label not found and/or data associated with a sensitive label not found. The rendering specification is then updated upon determination. Masking of the data associated with sensitive labels in the first web document is then enabled using the updated rendering specification.

Abstract: Systems and methods for masking content of different types are described. The system may implement the method comprising receiving a request to mask input content that includes sensitive and non-sensitive data. The method also comprises parsing the input content to create a content specific structure (CSS) to organize the input content in a structured format. The CSS includes a plurality of CSS nodes. The method analyses each CSS node against a pre-defined privacy policy and identifies sensitivity of the each CSS node. The method also creates a generalized masking structure (GMS) by creating a GMS node corresponding to each CSS node. Each GMS node contains sensitivity information related to corresponding CSS node. Data represented by GMS is masked based upon the sensitivity information stored in it.

Abstract: A system and a method for managing privacy of data are provided. The method includes causing generation of a trigger notification notifying an access to one or more fields of a user-profile in a first application. The trigger notification generated is by a second application integrated with the first application. The first application includes a plurality of fields comprising sensitive data associated with the user-profile. The method further includes enforcing one or more access preferences corresponding to the one or more fields by the second application on the generation of the trigger notification. The one or more access preferences are based at least on one of a plurality of preconfigured rules and contextual information associated with the trigger notification. Enforcing the one or more access preferences facilitates in managing data privacy.