Abstract: An apparatus, method, program product, and system for accessing an encrypted file system are disclosed. A passphrase module receives a passphrase that is one of a plurality of valid passphrases. A key module applies a predefined pattern to the passphrase to determine an encryption key encoded in the passphrase. The encryption key is used to encrypt and decrypt a password for a key store of an encrypted file system. The key store stores encryption keys for the encrypted file system. A key store module unlocks the key store of the encrypted file system using the password for the key store. The password for the key store is decrypted using the determined encryption key.

Abstract: An apparatus, method, program product, and system are disclosed for evicting pages from memory using a neural network. A passphrase module receives a passphrase that is one of a plurality of valid passphrases. A key module applies a predefined pattern to the passphrase to determine an encryption key encoded in the passphrase. The encryption key is used to encrypt and decrypt a password for a key store of an encrypted file system. The key store stores encryption keys for the encrypted file system. A key store module unlocks the key store of the encrypted file system using the password for the key store. The password for the key store is decrypted using the determined encryption key.

Abstract: A heat exchanger of the type having a tube assembly made up of a number of tubes through which a first medium flows and around and between which a second medium flows to accept heat from, or transfer heat to, the first medium. The first media is constrained by a baffle to follow a path through the heat exchanger. According to the disclosure, the baffle is flexible and acts as a flapper valve permitting the baffle to allow bypass flow of the first media to bypass the tube assembly of the heat exchanger. The baffle self-adjusts based on a pressure balance of the first medium, with the result that heat exchangers according to the invention are more versatile than conventional heat exchangers where the baffles are fixed to the tubes.

Abstract: According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user.

Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.

Abstract: According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user.

Abstract: According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user.

Abstract: The number of times that a non-volatile memory (NVM) can be programmed and erased is substantially increased by utilizing a localized heating element that anneals the oxide that is damaged by tunneling charge carriers when the NVM is programmed and erased. The program and erase voltages are also reduced when heat from the heating element is applied prior to programming and erasing.

Abstract: When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.

Abstract: Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.

Abstract: Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.

Abstract: A system, method, and program product is provided that allows new privileges to be dynamically added to an operating system. Entities are assigned roles and these roles are associated with various authorizations. Authorizations are associated with privileges, including the new privilege. A request is received to dynamically add the new privilege to the operating system. The operating system then dynamically adds the new privilege to the system. A software service is installed that requires the new privilege. A request to execute the installed software service is received from an entity that is running on the operating system. The operating system allows the entity to execute the installed software service in response to determining that the entity has been granted the privilege. However, if the entity has not been granted the new privilege, then the operating system inhibits execution of the software service by the entity.

Abstract: The number of times that a non-volatile memory (NVM) can be programmed and erased is substantially increased by utilizing a localized heating element that anneals the oxide that is damaged by tunneling charge carriers when the NVM is programmed and erased. The program and erase voltages are also reduced when heat from the heating element is applied prior to programming and erasing.

Abstract: Provided are compositions for repelling fluids comprising a volatile liquid carrier, a powder-feel agent and less than 5 weight % of an ester selected from the group consisting of formula I, formula II, formula III, and combinations of two or more thereof: wherein R1, R2, R3, R5, R6, R8 and R9 are independently linear or branched, substituted or unsubstituted, saturated or unsaturated, C3-C22 alkyl or alkenyl groups, R4 is a linear or branched, substituted or unsubstituted, saturated or unsaturated, C3-C22 alkylene or alkenylene moiety, and R7 is a linear or branched, substituted or unsubstituted, saturated or unsaturated C3-C22 moiety, the composition being substantially anhydrous. Also provided are methods of improving dryness and/or comfort associated with the intimate area, as well as, kits comprising the composition and an absorbent article.

Abstract: A method is provided for enhancing charge storage in an E2PROM cell structure that includes a read transistor having spaced apart source an drain diffusion regions formed in a semiconductor substrate to define a substrate channel region therebetween, a conductive charge storage element formed over the substrate channel region and separated therefrom by gate dielectric material, a conductive control gate that is separated from the charge storage element by intervening dielectric material, and a conductive heating element disposed in proximity to the charge storage element. The method comprises performing a programming operation that causes charge to be placed on the charge storage element and, during the programming operation, heating the heating element to a temperature such that heat is provided to the charge storage element.

Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.

Abstract: When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.

Abstract: Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.