Abstract: Techniques are provided for a data security system that includes two mappings: a first mapping that maps a security policy to sensitive type and a second mapping that maps the sensitive type to one or more data sets. The sensitive type indicates a class of sensitive data. Example data sets include columns, tables, tablespaces, files, and directories in a file system. Because a security policy is not tightly coupled to a target data set, the security policy becomes data-agnostic, portable, and reusable. Also, a security policy may be objectless in that, at some point in time, the security policy is not associated with any data set. A security policy may also be multifunctional in that the security policy may include multiple security features or requirements. A security policy may also be exhaustive in that all necessary security requirements prescribed for a data set can be included in the security policy.

Abstract: Techniques are provided for a data security system that includes two mappings: a first mapping that maps a security policy to sensitive type and a second mapping that maps the sensitive type to one or more data sets. The sensitive type indicates a class of sensitive data. Example data sets include columns, tables, tablespaces, files, and directories in a file system. Because a security policy is not tightly coupled to a target data set, the security policy becomes data-agnostic, portable, and reusable. Also, a security policy may be objectless in that, at some point in time, the security policy is not associated with any data set. A security policy may also be multifunctional in that the security policy may include multiple security features or requirements. A security policy may also be exhaustive in that all necessary security requirements prescribed for a data set can be included in the security policy.

Abstract: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.

Abstract: A single stand alone controller system (100) for controlling combination of hot-runner system (102) and mold assembly (104), assembly (104) connectable to system (102), controller system (100) comprising: processor (110); interface modules (112) configured to operatively couple to system (102) and assembly (104), processor (110) connected with modules (112); and controller-usable medium (114) embodying instructions (116) executable by processor (110), processor (110) connected with said medium (114), instructions (116) including: executable instructions for directing said processor (110) to control said system (102) and said assembly (104).

Abstract: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.

Abstract: A single stand alone controller system (100) for controlling combination of hot-runner system (102) and mold assembly (104), assembly (104) connectable to system (102), controller system (100) comprising: processor (110); interface modules (112) configured to operatively couple to system (102) and assembly (104), processor (110) connected with modules (112); and controller-usable medium (114) embodying instructions (116) executable by processor (110), processor (110) connected with said medium (114), instructions (116) including: executable instructions for directing said processor (110) to control said system (102) and said assembly (104).

Abstract: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.

Abstract: A method for validating program execution. The method involves identifying a program from a second computer system, obtaining, by a first computer system, a first copy of a page for a file of the program from a second computer system, calculating a hash value for the first copy, storing the first copy in a local memory of the first computer system, storing the hash value for the first copy, and executing the program on the first computer system, where the first copy is removed from the local memory during execution of the program. The method further involves obtaining a second copy of the page from the second computer system, calculating a hash for the second copy, determining whether the hash value for the first copy is equal to the hash value for the second copy, and performing an appropriate action in response to the determination.

Abstract: A method for securely accessing an executable file object includes a step in which a request from the target process to access the executable file object is received by an operating system component, and the object is examined for validity before access is allowed. For objects that cannot be validated, the process is run with privileges bounded by the privilege cap, if the privilege cap permits execution of the object.

Abstract: Files essential to the boot sequence are validated as they are executed. As core boot files are loaded and executed by a computers a hash of the files is created and extended into configuration registers. Core operating system files are verified by the boot loader using a digital signature, and the public key used to verify the digital signature is recorded in a configuration register. Core operating system files verified by the boot loader include a list of hash values, which is used by the operating system to validate the other files as they are executed. User assurance that the system has booted correctly is achieved by comparing the state of configuration registers to previously stored values reflecting the expected state of the registers. Upon the state of the configuration registers matching what is expected, data previously selected by the user is retrieved and recognized by the user.