Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.

Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.

Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing application attack monitoring. Actions can include: obtaining a security graph model associated with an attack vulnerability of a distributed application, the security graph model comprising a plurality of rule parts; screening log data obtained by a plurality of connectors to selectively obtain relevant log data corresponding to one or more of the rule parts, each connector being in communication with a respective components of the distributed application; evaluating the relevant log data based on the security graph model to provide an evaluation score; and in response to determining that the evaluation score is greater than a predetermined threshold, providing output indicating an attack on the distributed application.

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing application attack monitoring. Actions can include: obtaining a security graph model associated with an attack vulnerability of a distributed application, the security graph model comprising a plurality of rule parts; screening log data obtained by a plurality of connectors to selectively obtain relevant log data corresponding to one or more of the rule parts, each connector being in communication with a respective components of the distributed application; evaluating the relevant log data based on the security graph model to provide an evaluation score; and in response to determining that the evaluation score is greater than a predetermined threshold, providing output indicating an attack on the distributed application.

Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing forensic investigations of client assets associated with a client based on a forensic service agreement between the client and a cloud service provider, including establishing the forensic service agreement between the client and the cloud service provider for servicing the forensic investigations of the client assets associated with the client, acquiring forensic data related to each client asset associated with the client, and generating one or more client inventory records for each client asset based on the forensic data related to each client asset, and generating one or more client evidence records for each client asset based on each client inventory record generated for each client asset.

Abstract: The present disclosure is directed to comparing a first structured data document to a second structured data document, including receiving the first and second structured data documents as first and second encrypted documents, respectively, comparing nodes of the first encrypted document to nodes of the second encrypted document, a content and a location of each of the nodes remaining confidential during the comparing, generating matched pairs of nodes based on the comparing, and storing the matched pairs in computer memory, each matched pair comprising a node of the first encrypted document and a corresponding node of the second encrypted document, determining one or more edit operations based on the matched pairs, and generating an edit script comprising the one or more edit operations, the edit script being executable to transform the first encrypted document to provide a transformed encrypted document that is isomorphic to the second encrypted document.

Abstract: Document collaboration may be implemented by executing an access interest specification phase. The access interest specification phase may include receiving access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon, determining a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials, and providing a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group. The document collaboration may further be implemented by executing a collaboration phase.

Abstract: A workflow document processing machine supports agile modeling and agile execution of a workflow that comprises tasks, one or more of which may be dynamically added, changed, or identified during execution of the workflow. The workflow document processing machine accesses a pre-process workflow document, a tactical goal data structure, and business process data resultant from execution of a task pertinent to the workflow. The workflow document processing machine modifies a document portion based on the task data structure and on the business process data. Based on the pre-process workflow document and on the modified document portion, the workflow document processing machine generates a post-process workflow document, which may be accessed as a pre-process workflow document by another machine.

Abstract: The present disclosure is directed to comparing a first structured data document to a second structured data document, including receiving the first and second structured data documents as first and second encrypted documents, respectively, comparing nodes of the first encrypted document to nodes of the second encrypted document, a content and a location of each of the nodes remaining confidential during the comparing, generating matched pairs of nodes based on the comparing, and storing the matched pairs in computer memory, each matched pair comprising a node of the first encrypted document and a corresponding node of the second encrypted document, determining one or more edit operations based on the matched pairs, and generating an edit script comprising the one or more edit operations, the edit script being executable to transform the first encrypted document to provide a transformed encrypted document that is isomorphic to the second encrypted document.

Abstract: Document collaboration may be implemented by executing an access interest specification phase. The access interest specification phase may include receiving access requests from collaboration participants for access to a document instance, the access requests specified using a document schema of the document instance and referencing at least one schema portion for access to a corresponding document instance portion based thereon, determining a common access interest group of the collaboration participants, based on the access requests, access credentials of the collaboration participants, and on an access control policy specified in terms of the access credentials, and providing a control data block to the participants of the common access interest group including information for generating a common secret key that is common to the participants of the common access interest group. The document collaboration may further be implemented by executing a collaboration phase.

Abstract: In one embodiment the present invention includes a method for preventing attacks on auction sales of an online auction service provided by an auction server (A) within a network system, the method comprising an auction opening operation, a bid offering operation and an auction closing operation, wherein, in the auction closing operation, the auction server receives a notification from a trusted time server (T) providing a trusted time service at the closing time for submissions of a bid, sends the trusted time server (T) a message containing a hashed value calculated from all bid offers of at least one buyer which are successfully received, receives back from the trusted time server (T) a timestamp to declare that the period for online auction is closed, sends the timestamped message to the at least one buyer which verifies that a bid offer is included in the timestamped message.