Abstract: A computer-implemented method for access path optimization is provided according to embodiments of the present disclosure. In the method, a plurality of real values of an access path factor may be collected during a specified time period. One of the real values may be generated when a query is executed on a first access path. Then, at least one second access path may be generated for the query based on the plurality of real values of the access path factor. Moreover, an optimal access path for the query may be identified from the first access path and the at least one second access path.

Abstract: Systems and methods for pre-allocating and utilizing storage space in a relational database are provided. In embodiments a method includes: obtaining transaction data including data regarding record insertions in a relational database, wherein each record of the record insertions is associated with a key value; identifying a type of each of the record insertions as either a random insertion type or a key range insertion type based on the database transaction data, wherein the random insertion type comprises records associated with respective key values inserted in a random order, and the key range insert type comprises records associated with a range of key values inserted within a certain time period; predicting a new range of key values associated with future record insertions based on the type of each of the record insertions; and pre-allocating page space in one or more pages of the relational database for the future record insertions.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: Embodiments of the present disclosure relate to a method, system, and computer program product for generating one or more in-memory data structures for data access. According to the method, target data associated with a database is identified. Further, the method determines at least one data structure for the target data based on at least one access pattern of the target data in a plurality of historical queries against the database, wherein the target data is accessed in execution of the plurality of historical queries. The method further implements the at least one data structure in a memory to store the target data. The at least one data structure is used for further access to the target data in execution of a further query against the database.

Abstract: A method, an apparatus, a system, and a computer program product for handling security threats in a network data processing system. A computer system determines a connection type for a connection in response to detecting the connection between a target resource in the network data processing system and a requestor. The computer system redirects the connection to a virtual resource in place of the target resource when the connection type is a threat connection, wherein the requestor originating the connection to the target resource is unable to perceive a redirection of the connection to the virtual resource. The computer system records information in the connection redirected to the virtual resource to form recorded information. The computer system adjusts a security policy for handling connections in the network data processing system using the recorded information, wherein the security threats in the network data processing system are decreased using the security policy.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: A method, an apparatus, a system, and a computer program product for handling security threats in a network data processing system. A computer system determines a connection type for a connection in response to detecting the connection between a target resource in the network data processing system and a requestor. The computer system redirects the connection to a virtual resource in place of the target resource when the connection type is a threat connection, wherein the requestor originating the connection to the target resource is unable to perceive a redirection of the connection to the virtual resource. The computer system records information in the connection redirected to the virtual resource to form recorded information. The computer system adjusts a security policy for handling connections in the network data processing system using the recorded information, wherein the security threats in the network data processing system are decreased using the security policy.

Abstract: Determining a data security risk level of a virtual database is provided. An object catalog corresponding to a real database is imported into the virtual database. Objects in the object catalog are organized by levels. It is determined whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions. In response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action, a test failure result is returned. A data security risk level for the virtual database is determined based on the result.

Abstract: Determining a data security risk level of a virtual database is provided. An object catalog corresponding to a real database is imported into the virtual database. Objects in the object catalog are organized by levels. It is determined whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions. In response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action, a test failure result is returned. A data security risk level for the virtual database is determined based on the result.

Abstract: Determining a data security risk level of a virtual database is provided. An object catalog corresponding to a real database is imported into the virtual database. Objects in the object catalog are organized by levels. It is determined whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions. In response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action, a test failure result is returned. A data security risk level for the virtual database is determined based on the result.

Abstract: Determining a data security risk level of a virtual database is provided. An object catalog corresponding to a real database is imported into the virtual database. Objects in the object catalog are organized by levels. It is determined whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions. In response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action, a test failure result is returned. A data security risk level for the virtual database is determined based on the result.

Abstract: The present invention discloses a method for protecting specific information, comprising: receiving an image containing specific information; identifying boundaries of the image; matching the image with a predetermined image template based on the boundaries so as to determine a specific information region of the image; and performing predetermined processing on the specific information region of the image to be presented in response to determining the specific information region of the image, so as to protect the specific information. The method of the invention for protecting specific information can efficiently protect relevant specific information without identifying detailed semantic content in an image.

Abstract: The present invention discloses a mechanism for determining criticality of a SQL statement. A plurality of elements in the SQL statement is extracted. A score of the SQL statement is calculated based on a correlation relation among respective elements in the plurality of elements and base scores of the respective elements. The criticality of the SQL statement is determined based on the score of the SQL statement. In this way, a database administrator only needs to define a small number of rules according his own needs. In the meantime, the mechanism automatically analyzes a received simple or complex SQL statement according to the small number of rules defined by the user to determine its criticality, without missing any critical SQL statement, and thereby protect security of data in the database.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: The present invention discloses a method for protecting specific information, comprising: receiving an image containing specific information; identifying boundaries of the image; matching the image with a predetermined image template based on the boundaries so as to determine a specific information region of the image; and performing predetermined processing on the specific information region of the image to be presented in response to determining the specific information region of the image, so as to protect the specific information. The method of the invention for protecting specific information can efficiently protect relevant specific information without identifying detailed semantic content in an image.

Abstract: The present invention discloses a mechanism for determining criticality of a SQL statement. A plurality of elements in the SQL statement is extracted. A score of the SQL statement is calculated based on a correlation relation among respective elements in the plurality of elements and base scores of the respective elements. The criticality of the SQL statement is determined based on the score of the SQL statement. In this way, a database administrator only needs to define a small number of rules according his own needs. In the meantime, the mechanism automatically analyzes a received simple or complex SQL statement according to the small number of rules defined by the user to determine its criticality, without missing any critical SQL statement, and thereby protect security of data in the database.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.

Abstract: Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule.