Abstract: Trusted client security factor-based authorizations at a server. The techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

Abstract: A method may include extracting, from a document, first content of a first content type and second content of a second content type, deriving first features from the first content and second features from the second content, and generating a first prediction by applying a first supervised model to the first features and a second prediction by applying a second supervised model to the second features. The first supervised model may correspond to the first content type, and the second supervised model may correspond to the second content type. The method may further include combining the first prediction and the second prediction to predict that the document comprises malicious code.

Abstract: Techniques are provided for selectively or completely redacting the text of database commands submitted to a database system. The database server receives the clear text version of the commands, parses the commands, and generates an execution plan, as normal. However, prior to providing the text of the commands to any location that is externally visible, the database server determines whether the command qualifies as “sensitive”. If the command qualifies as sensitive, then a redacted version of the command is generated. In the case of selective redaction, portions of the redacted version remain in clear text, while selected portions are replaced with encrypted text. In the case of total redaction, the entire command is replaced with encrypted text.

Abstract: Trusted client security factor-based authorizations at a server. The techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

Abstract: A method may include extracting, from a document, first content of a first content type and second content of a second content type, deriving first features from the first content and second features from the second content, and generating a first prediction by applying a first supervised model to the first features and a second prediction by applying a second supervised model to the second features. The first supervised model may correspond to the first content type, and the second supervised model may correspond to the second content type. The method may further include combining the first prediction and the second prediction to predict that the document comprises malicious code.

Abstract: Trusted client security factor-based authorizations. The techniques allow a server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

Abstract: Trusted client security factor-based authorizations at a server. The techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

Abstract: Techniques are provided for selectively or completely redacting the text of database commands submitted to a database system. The database server receives the clear text version of the commands, parses the commands, and generates an execution plan, as normal. However, prior to providing the text of the commands to any location that is externally visible, the database server determines whether the command qualifies as “sensitive”. If the command qualifies as sensitive, then a redacted version of the command is generated. In the case of selective redaction, portions of the redacted version remain in clear text, while selected portions are replaced with encrypted text. In the case of total redaction, the entire command is replaced with encrypted text.

Abstract: Trusted client security factor-based authorizations at a server. The computer-implemented techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server. A level of trust by the server in the client security factors is established by requiring that the client machine be pre-registered in a trusted machine registry before the server allows requests from the client machine to access a protected service or a protected resource. The registration of the client machine in the machine registry may be made by way of a probabilistically difficult to predict machine registration digest that encompasses a digest of a client program installed on the client machine and a machine identifier of the client machine.

Abstract: Trusted client security factor-based authorizations at a server. The techniques allow the server to authorize client requested operations to access a protected resource or service based on trusted client security factors that are obtained at client machines and provided to the server.

Abstract: Cross-domain security for data vault is described. At least one database is accessible from a plurality of network domains, each network domain having a domain security level. The at least one database includes at least one partitioned data table that includes at least two partitions. Each partition has a security level. Each partition is configured to store data records. Access control security is operable to provide, to a selected network domain, access to a selected data record in the at least one database based on a domain security level of the selected network domain and a security level of a selected partition storing the selected data record.

Abstract: Cross-domain security for data vault is described. At least one database is accessible from a plurality of network domains, each network domain having a domain security level. The at least one database includes at least one partitioned data table that includes at least two partitions. Each partition has a security level. Each partition is configured to store data records. Access control security is operable to provide, to a selected network domain, access to a selected data record in the at least one database based on a domain security level of the selected network domain and a security level of a selected partition storing the selected data record.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system communicatively connected to a plurality of network domains, each network domain having a level of security, the database system comprises at least one database accessible from all of the plurality of network domains, the database comprising data, each unit of data having a level of security and access control security operable to provide access to a unit of data in the database to a network domain based on the level of security of the network domain and based on the level of security of the unit of data.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of datasets, each dataset including a plurality of data, and a plurality of database objects, each object having a security label comprising a security classification of the object, at least one database session, the database session having a security label indicating a security classification of the database session, wherein, the database system is operable to allow or deny access to data to a database session based on a security label of a database object and on a security label of the database session.

Abstract: A secure database appliance leverages database security in a consistent framework providing consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of database objects, each database object having a level of security, a plurality of factors, each factor representing a characteristic of a user of the database system, at least one database session of the user in the database, the database session having a level of security, the user connected to the database with a network domain, each network domain having a level of security, wherein the database system is operable to grant or deny access to the data to a user based on the factors associated with the user, based on the level of security of the data, based on the level of security of the database session, and based on the level of security of the network domain.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises database objects having a level of security, factors representing a characteristic of a user of the database system, rules defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object, and a plurality of realms defining a privilege of the user relative to a schema, the database system is operable to grant or deny access to data to a user based on the factors, the rules satisfied by the factors and the attributes of the data, and the realm associated with the user.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of datasets, each dataset including a plurality of data, and a plurality of database objects, each object having a security label comprising a security classification of the object, at least one database session, the database session having a security label indicating a security classification of the database session, wherein, the database system is operable to allow or deny access to data to a database session based on a security label of a database object and on a security label of the database session.

Abstract: A secure database appliance leverages database security in a consistent framework providwa consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises a plurality of database objects, each database object having a level of security, a plurality of factors, each factor representing a characteristic of a user of the database system, at least one database session of the user in the database, the database session having a level of security, the user connected to the database with a network domain, each network domain having a level of security, wherein the database system is operable to grant or deny access to the data to a user based on the factors associated with the user, based on the level of security of the data, based on the level of security of the database session, and based on the level of security of the network domain.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system comprises database objects having a level of security, factors representing a characteristic of a user of the database system, rules defining a limitation on operation of the database system by the user based on at least some of the plurality of factors and based on attributes of data to be operated on, including the level of security of the database object, and a plurality of realms defining a privilege of the user relative to a schema, the database system is operable to grant or deny access to data to a user based on the factors, the rules satisfied by the factors and the attributes of the data, and the realm associated with the user.

Abstract: A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system communicatively connected to a plurality of network domains, each network domain having a level of security, the database system comprises at least one database accessible from all of the plurality of network domains, the database comprising data, each unit of data having a level of security and access control security operable to provide access to a unit of data in the database to a network domain based on the level of security of the network domain and based on the level of security of the unit of data.