Abstract: An apparatus, a computer-implemented method, and a system for controlling maintenance of canary files. An apparatus includes a canary file module that determine access frequency of files and migrates one or more of the files responsive to the access frequency. At least a portion of said module includes one or more of hardware circuits, programmable hardware devices and executable code, the executable code stored on one or more computer readable storage media.

Abstract: A computer-implemented method, according to one embodiment, includes: determining, for each pair of HCI systems where each pair includes a first HCI system coupled to another HCI system, a federation relationship setting that corresponds to each pair. The federation relationship settings are used to control a flow of data, as well as to control a flow of workload scheduling, between the first HCI system and the other HCI systems in the respective pairs. Moreover, determining a federation relationship setting that corresponds to a pair includes: determining whether a risk score which corresponds to the pair is outside a predetermined range. In response to determining that the risk score is outside the predetermined range, a restrictive federation relationship setting is assigned to the pair, and in response to determining that the risk score is not outside the predetermined range, a permissive federation relationship setting is assigned to the pair.

Abstract: A computer-implemented method, according to one approach, includes: monitoring actions of a user having access to a cluster, and in response to determining that the user has performed a risk event, incrementing a risk score assigned to the user. A determination is also made as to whether the incremented risk score is outside a predetermined range, and in response to determining that the incremented risk score is outside the predetermined range, a snapshot quota assigned to the user is dynamically reduced.

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.

Abstract: A computer-implemented method according to one aspect includes identifying environmental information for a hyper-converged infrastructure (HCI) system; and adjusting one or more resources allocated to one or more applications within the HCI system, based on the environmental information.

Abstract: A computer-implemented method, according to one approach, includes: monitoring actions of a user having access to a cluster, and in response to determining that the user has performed a risk event, incrementing a risk score assigned to the user. A determination is also made as to whether the incremented risk score is outside a predetermined range, and in response to determining that the incremented risk score is outside the predetermined range, a snapshot quota assigned to the user is dynamically reduced.

Abstract: A computer-implemented method, according to one embodiment, includes: determining, for each pair of HCI systems where each pair includes a first HCI system coupled to another HCI system, a federation relationship setting that corresponds to each pair. The federation relationship settings are used to control a flow of data, as well as to control a flow of workload scheduling, between the first HCI system and the other HCI systems in the respective pairs. Moreover, determining a federation relationship setting that corresponds to a pair includes: determining whether a risk score which corresponds to the pair is outside a predetermined range. In response to determining that the risk score is outside the predetermined range, a restrictive federation relationship setting is assigned to the pair, and in response to determining that the risk score is not outside the predetermined range, a permissive federation relationship setting is assigned to the pair.

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.

Abstract: A framework system is present that provides an end-to-end solution for user on-boarding, storing, securing, configuring, authenticating of the target person (grantee user), and transmittal of digitized documents assets. The framework system is preferably a multi-tenant cloud based system, although other systems may be used. The system processes multiple inputs to cognitively determine implementation (cognitive decision making) of digitized assets to a grantee user or target user without human intervention.

Abstract: An example operation may include one or more of receiving, by a blockchain node or peer of a blockchain network, attribute data for a user profile, creating blockchain transactions to store attribute hashes and metadata to a shared ledger, receiving a user profile query from an identity consumer, creating blockchain transactions to retrieve attribute hashes and metadata corresponding to the query, reconstructing the user profile from the metadata, responding to the query by providing attribute data to the identity consumer, and creating and storing hashes of the attribute data and metadata to the shared ledger.

Abstract: A processor-implemented method provides a calculated identity confidence score for an identity. The processor(s) in each of a plurality of decentralized identity providers calculate an identity confidence score of an entity. The processor(s) store the calculated identity confidence score in a blockchain. The processor(s) retrieve the calculated identity confidence score from the blockchain. The processor(s) provide the calculated identity confidence score to a requestor, which is a computer-based system that performs an action based on the provided calculated identity score.

Abstract: An example operation may include one or more of receiving, by a blockchain node or peer of a blockchain network, attribute data for a user profile, creating blockchain transactions to store attribute hashes and metadata to a shared ledger, receiving a user profile query from an identity consumer, creating blockchain transactions to retrieve attribute hashes and metadata corresponding to the query, reconstructing the user profile from the metadata, responding to the query by providing attribute data to the identity consumer, and creating and storing hashes of the attribute data and metadata to the shared ledger.

Abstract: An example operation may include one or more of connect to a blockchain network of an ecosystem comprised of a plurality of consumer nodes, generate a universal unique identifier (UUID) associated with a user data attribute, execute a query request for the user data attribute associated with the UUID, derive a disclosure level from the query request, execute a smart contract to commit to a blockchain ledger, a monetary value associated with the user data attribute, negotiate a transaction with the consumer node to access the user data attribute and recording an agreement result onto the a blockchain ledger.

Abstract: A processor-implemented method provides a calculated identity confidence score for an identity. The processor(s) in each of a plurality of decentralized identity providers calculate an identity confidence score of an entity. The processor(s) store the calculated identity confidence score in a blockchain. The processor(s) retrieve the calculated identity confidence score from the blockchain. The processor(s) provide the calculated identity confidence score to a requestor, which is a computer-based system that performs an action based on the provided calculated identity score.

Abstract: A framework system is present that provides an end-to-end solution for user on-boarding, storing, securing, configuring, authenticating of the target person (grantee user), and transmittal of digitized documents assets. The framework system is preferably a multi-tenant cloud based system, although other systems may be used. The system processes multiple inputs to cognitively determine implementation (cognitive decision making) of digitized assets to a grantee user or target user without human intervention.

Abstract: A method, for context aware data protection is provided. Information about an access context is received in a data processing system. A resource affected by the access context is identified. The identification of the resource may include deriving knowledge about resource by making an inference from a portion of contents of the resource that the access context affects the resource, making an inference that the access context affects a second resource thereby inferring that the resource has to be modified, determining that the access context is relevant to the resource, or a combination thereof. The resource is received. A policy that is applicable to the access context is identified. A part of the resource to modify according to the policy is determined. The part is modified according to the policy and the access context to form a modified resource. The modified resource is transmitted.

Abstract: An approach is provided that registers a component plug-in with a console application. A request is received from a user of the console application. The console application displays a console user interface in a predetermined interface style. The console application detects that the request corresponds to the component plug-in and sends an initial request to the component plug-in. The console application receives an initial model of an initial user interface from the component plug-in and this model is provided to the user in response to the initial request. The console application builds an initial component user interface based on the received initial model. The initial component user interface is also consistent with the predetermined interface style. The console application displays the initial component user interface and the console user interface in a common application window in the predetermined interface style.

Abstract: A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

Abstract: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

Abstract: A system, apparatus, computer program product and method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.