Abstract: A return address of a caller of a software function within an access control component is determined, the caller comprising a software component seeking access to a protected resource protected by the access control component. From the return address, a filename of the caller is determined. Responsive to determining that the filename is included in a set of filenames of components allowed to access the protected resource, the caller is allowed to access the protected resource.

Abstract: By analyzing a content of a first message, a confidentiality level of the first message is determined. An encryption rule for a first computational complexity level corresponding to the confidentiality level of the first message is selected. The first message is encoded according to the encryption rule. The encoded first message and the confidentiality level of the first message are caused to be sent to a recipient.

Abstract: Disclosed is a ship identity recognition method based on the fusion of AIS data and video data, comprising: collecting a ship sample to train a ship target classifier; performing, using the ship target classifier, ship target detection on a video frame collected by a gimbal camera; performing a comparison with a recognized ship library to filter a recognized ship; acquiring AIS data and filtering same across time and spatial scales; predicting the current position of an AIS target using a linear extrapolation method and converting the current position to an image coordinate system; performing position matching between a target to be matched and the converted AIS target; and performing feature extraction on the successfully matched target and storing the extracted feature, together with ship identity information, into the recognized ship library.

Abstract: In an embodiment, a method for allocating privileges on a computer network includes calculating a permission level based at least in part on a login context associated with a login request for connection to a network from a user via a client device, adjusting the calculated permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device, assigning the first adjusted permission level to the client device, collecting activity data representative of network activity by the user while logged in to the network, and classifying, using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device.

Abstract: By analyzing a content of a first message, a confidentiality level of the first message is determined. An encryption rule for a first computational complexity level corresponding to the confidentiality level of the first message is selected. The first message is encoded according to the encryption rule. The encoded first message and the confidentiality level of the first message are caused to be sent to a recipient.

Abstract: A return address of a caller of a software function within an access control component is determined, the caller comprising a software component seeking access to a protected resource protected by the access control component. From the return address, a filename of the caller is determined. Responsive to determining that the filename is included in a set of filenames of components allowed to access the protected resource, the caller is allowed to access the protected resource.

Abstract: In an embodiment, a method for allocating privileges on a computer network includes calculating a permission level based at least in part on a login context associated with a login request for connection to a network from a user via a client device, adjusting the calculated permission level such that a resulting first adjusted permission level does not exceed a previous permission level assigned to the client device, assigning the first adjusted permission level to the client device, collecting activity data representative of network activity by the user while logged in to the network, and classifying, using a classifier model, at least a portion of the activity data to generate a second adjusted permission level for the client device.

Abstract: Disclosed is a ship identity recognition method based on the fusion of AIS data and video data, comprising: collecting a ship sample to train a ship target classifier; performing, using the ship target classifier, ship target detection on a video frame collected by a gimbal camera; performing a comparison with a recognized ship library to filter a recognized ship; acquiring AIS data and filtering same across time and spatial scales; predicting the current position of an AIS target using a linear extrapolation method and converting the current position to an image coordinate system; performing position matching between a target to be matched and the converted AIS target; and performing feature extraction on the successfully matched target and storing the extracted feature, together with ship identity information, into the recognized ship library.

Abstract: For one-touch user-defined context-aware text selection for touchscreen devices, an apparatus includes a processor and a memory storing code that is executable by the processor to determine a text selection context for a touchscreen device. The apparatus ascertains whether a text selection override policy is satisfied. The apparatus replaces application text selection rules with one-touch user-defined context-aware text selection rules for the determined text selection context in response to ascertaining that the text selection override policy is satisfied.

Abstract: For one-touch user-defined context-aware text selection for touchscreen devices, an apparatus includes a processor and a memory storing code that is executable by the processor to determine a text selection context for a touchscreen device. The apparatus ascertains whether a text selection override policy is satisfied. The apparatus replaces application text selection rules with one-touch user-defined context-aware text selection rules for the determined text selection context in response to ascertaining that the text selection override policy is satisfied.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles.

Abstract: A computer implemented method, apparatus, and computer program product for performing an automated task in a role-based access control environment. A set of roles is assigned to a user to form assigned roles, wherein the role-based access control environment allows the user to assume a subset of the assigned roles at a given time. Responsive to receiving a request to execute an automated task, an identity of the user creating the automated task is identified. Responsive to determining that the user creating the automated task is not logged in, a set of session roles are identified based on the identity of the user. A session is created for the automated task. The automated task is performed in the session using the set of session roles.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: A method of securing data traffic between a local and remote host systems is provided. The method includes autogenerating a filter having rules associated with a defined tunnel. The filter rules are used to permit or deny acceptance of transmitted data by the host system and to direct traffic to the tunnel. The tunnel, on the other hand, is used to keep data confidential. The method further includes autogeneration of a counterpart tunnel and associated filter to be used by the remote host when in communication with the local host. The method further autogenerates a new filter to reflect changes to any one of the tunnels and autodeactivates the filter associated with a deleted tunnel.