Abstract: A computer-implemented method includes receiving a data stream and dividing the data stream into one or more data artefacts for one or more time intervals. The computer-implemented method further includes generating one or more contexts. Each of the one or more contexts are for at least one of the one or more time intervals. The computer-implemented method further includes storing each of the one or more data artefacts in shared storage. The shared storage is accessible for each of the one or more contexts. The computer-implemented method further includes, for each context of the one or more contexts: determining a dependency for the context; monitoring the context for a completion of said dependency; and responsive to the completion, releasing the dependency. The computer-implemented further includes removing those of the one or more data artefacts that do not belong to the dependency for any of the one or more contexts.

Abstract: A computer-implemented method includes receiving a data stream and dividing the data stream into one or more data artefacts for one or more time intervals. The computer-implemented method further includes generating one or more contexts. Each of the one or more contexts are for at least one of the one or more time intervals. The computer-implemented method further includes storing each of the one or more data artefacts in shared storage. The shared storage is accessible for each of the one or more contexts. The computer-implemented method further includes, for each context of the one or more contexts: determining a dependency for the context; monitoring the context for a completion of said dependency; and responsive to the completion, releasing the dependency. The computer-implemented further includes removing those of the one or more data artefacts that do not belong to the dependency for any of the one or more contexts.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: A computer-implemented method includes receiving a data stream and dividing the data stream into one or more data artefacts for one or more time intervals. The computer-implemented method further includes generating one or more contexts. Each of the one or more contexts are for at least one of the one or more time intervals. The computer-implemented method further includes storing each of the one or more data artefacts in shared storage. The shared storage is accessible for each of the one or more contexts. The computer-implemented method further includes, for each context of the one or more contexts: determining a dependency for the context; monitoring the context for a completion of said dependency; and responsive to the completion, releasing the dependency. The computer-implemented further includes removing those of the one or more data artefacts that do not belong to the dependency for any of the one or more contexts.

Abstract: A computer-implemented method includes receiving a data stream and dividing the data stream into one or more data artefacts for one or more time intervals. The computer-implemented method further includes generating one or more contexts. Each of the one or more contexts are for at least one of the one or more time intervals. The computer-implemented method further includes storing each of the one or more data artefacts in shared storage. The shared storage is accessible for each of the one or more contexts. The computer-implemented method further includes, for each context of the one or more contexts: determining a dependency for the context; monitoring the context for a completion of said dependency; and responsive to the completion, releasing the dependency. The computer-implemented further includes removing those of the one or more data artefacts that do not belong to the dependency for any of the one or more contexts.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: Adapting an existing portfolio optimizer to support one or more valuated dependencies without modifying the existing portfolio optimizer, may include translating one or more original elements and associated dependencies in a portfolio to be optimized based on said one or more valuated dependencies; invoking the existing portfolio optimizer with the translated one or more original elements and associated dependencies; and translating optimization results, if said optimization results contain translated one or more original elements, into a solution characterized in terms of said one or more original elements.

Abstract: According to embodiments of the present invention, a computing device provides a security rules subset of a server-side protection element to a pre-validation component deployed at a client side. The computing device validates the user input based on the security rules. The computing device determines, in response to detecting a user input violation and that a violated security rule has/or has not been provided to the pre-validation component, the user as a first or second class of users. The computing device performs different security protection actions to the first and second class of users. The computing device asynchronously performs a dynamic update to the security rule subset provided to the pre-validation component. The security rule subset is screened from the security rules of the server-side protection means. A policy for screening the security rule subset is selected.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: A computer-implemented method and system for reconstructing a response message to an improper accessing request in a web application environment. The method includes: obtaining the URL of a web application to be accessed by the improper accessing request and the error parameter information of the improper accessing request; obtaining a response template based on the obtained URL of the web application to be accessed; and merging the obtained error parameter information of the improper accessing request with the obtained response template to generate a reconstructed response message for the improper accessing request. The system includes: a message obtaining device; a response message template obtaining device; and a response message merging device.

Abstract: Provided is a secure apparatus for protecting the integrity of a software system and a method thereof. The apparatus comprises: a template repository for storing templates required for generating an agent module; a template generator for randomly selecting one template from said template repository and generating a new agent module according to the selected template; and a transceiver for sending said new agent module to an external apparatus communicating with said secure apparatus to update a current agent module which is running in said external apparatus, wherein said current agent module is used to verify the integrity of said software system running in said external apparatus. The secure apparatus can protect software in an insecure environment with a high software protection level to prevent the software from being tampered or bypassed.

Abstract: A method and apparatus for solving UI style conflicts in web application composition. The method includes the steps of: detecting, in the runtime environment of a web browser, a page element referring to duplicate UI style definitions in a web composite page; determining the UI style definition referred to by the page element in an imported widget or a local page from which it originates; and relating the page element and the determined corresponding UI style definition in the web composite page, so as to solve the UI style conflict.

Abstract: An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier.

Abstract: A plurality of templates for web application server firewall rules are generated. A vulnerability report for the web application is obtained. At least one web application server firewall rule is generated, using the vulnerability report and at least one of the plurality of templates. The at least one web application server firewall rule is tested. The at least one web application server firewall rule is deployed to run on the web application server firewall.

Abstract: Adapting an existing portfolio optimizer to support one or more valuated dependencies without modifying the existing portfolio optimizer, may include translating one or more original elements and associated dependencies in a portfolio to be optimized based on said one or more valuated dependencies; invoking the existing portfolio optimizer with the translated one or more original elements and associated dependencies; and translating optimization results, if said optimization results contain translated one or more original elements, into a solution characterized in terms of said one or more original elements.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: A computer-implemented method, apparatus, and article of manufacture for security validation of a user input in a computer network application. The method includes: providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component; validating the user input based on at least one of the security rules; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as a second class of users; and performing different security protection actions to the first and second class of users.

Abstract: The invention provides a method and system for creating model data. The method comprises: obtaining initial model data that is based on thickness model; adjusting thickness of the part of vertices of the initial model data in response to user inputting thickness values of part of vertices; adjusting position of the part of vertices of the initial model data in response to user inputting position values of part of vertices; and obtaining model data that is based on thickness model according to the initial model data and the adjusted part of vertices. By employing the method or system of the invention, it will facilitate user to edit model data and it will also save storage space.