CN110914809B - 基于应用程序模式和风险评估的合规感知的运行时生成 - Google Patents

基于应用程序模式和风险评估的合规感知的运行时生成 Download PDF

Info

Publication number
CN110914809B
CN110914809B CN201880048011.3A CN201880048011A CN110914809B CN 110914809 B CN110914809 B CN 110914809B CN 201880048011 A CN201880048011 A CN 201880048011A CN 110914809 B CN110914809 B CN 110914809B
Authority
CN
China
Prior art keywords
compliance
component
computer
information
determination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201880048011.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN110914809A (zh
Inventor
C·M·亚当
M·武科维奇
黄珍镐
S·纳德高达
N·亚尼罗西斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN110914809A publication Critical patent/CN110914809A/zh
Application granted granted Critical
Publication of CN110914809B publication Critical patent/CN110914809B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
CN201880048011.3A 2017-07-19 2018-06-18 基于应用程序模式和风险评估的合规感知的运行时生成 Active CN110914809B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/653,676 US10803177B2 (en) 2017-07-19 2017-07-19 Compliance-aware runtime generation based on application patterns and risk assessment
US15/653,676 2017-07-19
PCT/IB2018/054458 WO2019016628A1 (en) 2017-07-19 2018-06-18 COMPLIANCE-SUSTAINABLE EXECUTION GENERATION BASED ON REASONS FOR APPLICATION AND RISK ASSESSMENT

Publications (2)

Publication Number Publication Date
CN110914809A CN110914809A (zh) 2020-03-24
CN110914809B true CN110914809B (zh) 2023-08-29

Family

ID=65015628

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880048011.3A Active CN110914809B (zh) 2017-07-19 2018-06-18 基于应用程序模式和风险评估的合规感知的运行时生成

Country Status (6)

Country Link
US (2) US10803177B2 (enExample)
JP (1) JP6963671B2 (enExample)
CN (1) CN110914809B (enExample)
DE (1) DE112018002984T5 (enExample)
GB (1) GB2578066B (enExample)
WO (1) WO2019016628A1 (enExample)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10848494B2 (en) * 2017-08-14 2020-11-24 Microsoft Technology Licensing, Llc Compliance boundaries for multi-tenant cloud environment
US11637844B2 (en) * 2017-09-28 2023-04-25 Oracle International Corporation Cloud-based threat detection
CN109919479B (zh) * 2019-03-01 2020-08-04 友谊国际工程咨询有限公司 一种工程项目的安全施工评估系统及其评估方法
US11232078B2 (en) 2019-04-05 2022-01-25 Sap Se Multitenancy using an overlay file system
US10942723B2 (en) 2019-04-05 2021-03-09 Sap Se Format for multi-artefact software packages
US10809994B1 (en) * 2019-04-05 2020-10-20 Sap Se Declarative multi-artefact software installation
US11113249B2 (en) 2019-04-05 2021-09-07 Sap Se Multitenant application server using a union file system
US10956140B2 (en) 2019-04-05 2021-03-23 Sap Se Software installation through an overlay file system
CN110610318B (zh) * 2019-09-18 2020-09-22 金润方舟科技股份有限公司 一种基于大数据的工程造价管理系统
US11029975B2 (en) * 2019-10-02 2021-06-08 International Business Machines Corporation Automated container image assembly
US11463478B2 (en) 2019-10-29 2022-10-04 International Business Machines Corporation Remediation strategy optimization for development, security and operations (DevSecOps)
US11762985B2 (en) * 2020-01-13 2023-09-19 Acronis International Gmbh Systems and methods for protecting files indirectly related to user activity
CN111324357B (zh) * 2020-02-11 2022-06-28 支付宝(杭州)信息技术有限公司 应用程序接入风控平台的方法及相关设备
CN111552908A (zh) * 2020-04-30 2020-08-18 深信服科技股份有限公司 终端、系统和应用程序的运行方法
US11537602B2 (en) * 2020-05-12 2022-12-27 International Business Machines Corporation Computer implemented live cross walks in compliance mappings in response to regulatory changes and assessing risks of changes
CN111767585A (zh) * 2020-06-29 2020-10-13 北京百度网讯科技有限公司 对象识别方法、装置、电子设备及存储介质
CN111885191B (zh) * 2020-07-30 2021-08-17 西安电子科技大学 一种计算机网络通信系统
US20220075329A1 (en) * 2020-09-04 2022-03-10 International Business Machines Corporation Movement sequence analysis utilizing printed circuits
KR102380434B1 (ko) * 2020-10-06 2022-03-31 숭실대학교 산학협력단 도커 파일 분석을 수행하는 도커 이미지 취약점 검사 장치 및 방법
KR102439818B1 (ko) * 2020-12-23 2022-09-02 사단법인 금융보안원 금융 컴플라이언스에 기반한 평가 기준 관리 장치 및 그 방법
KR102439817B1 (ko) * 2020-12-23 2022-09-02 사단법인 금융보안원 보안 취약점 관리 시스템과 방법 및 그 기록매체
JP2022135170A (ja) * 2021-03-04 2022-09-15 オムロン株式会社 開発支援装置、開発支援装置の制御方法、情報処理プログラム、および記録媒体
US11632411B2 (en) * 2021-03-31 2023-04-18 Tencent America LLC Method and apparatus for cascaded multi-input content preparation templates for 5G networks
US12086262B2 (en) * 2021-07-28 2024-09-10 Red Hat, Inc. Secure container image builds
US12010145B2 (en) * 2021-07-29 2024-06-11 International Business Machines Corporation Certification of computer pipeline results
US11556351B1 (en) * 2021-10-13 2023-01-17 International Business Machines Corporation Facilitation of application containerization
US12493455B2 (en) * 2022-02-11 2025-12-09 Micro Focus Llc Container based generation of inputs for generic functions
DE102022203086A1 (de) * 2022-03-29 2023-10-05 Volkswagen Aktiengesellschaft Risikoanalyse eines verteilten Untersuchungsgegenstands
US20240354422A1 (en) * 2023-04-20 2024-10-24 Micron Technology, Inc. Certification of device calibrations

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1669033A (zh) * 2002-06-14 2005-09-14 Rga技术合作公司 用于执行可保性分析的计算机化系统以及方法
US8090974B1 (en) * 2008-02-08 2012-01-03 Joviandata, Inc. State machine controlled dynamic distributed computing
CN104813331A (zh) * 2012-12-28 2015-07-29 英特尔公司 用于客户级运行时控制的网络应用程序容器
CN105637833A (zh) * 2013-10-03 2016-06-01 高通股份有限公司 基于配置通道来预先识别可能的恶意行为

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1619572A1 (en) * 2004-07-23 2006-01-25 Texas Instruments Incorporated System and method of identifying and preventing security violations within a computing system
US20090320088A1 (en) * 2005-05-23 2009-12-24 Jasvir Singh Gill Access enforcer
US20070101432A1 (en) 2005-10-28 2007-05-03 Microsoft Corporation Risk driven compliance management
US8346911B2 (en) 2006-03-17 2013-01-01 International Business Machines Corporation Computer system evaluation
US20080016339A1 (en) * 2006-06-29 2008-01-17 Jayant Shukla Application Sandbox to Detect, Remove, and Prevent Malware
US9069967B2 (en) * 2007-02-16 2015-06-30 Veracode, Inc. Assessment and analysis of software security flaws
US8438609B2 (en) * 2007-03-22 2013-05-07 The Invention Science Fund I, Llc Resource authorizations dependent on emulation environment isolation policies
US8005950B1 (en) * 2008-12-09 2011-08-23 Google Inc. Application server scalability through runtime restrictions enforcement in a distributed application execution system
US20110112973A1 (en) * 2009-11-09 2011-05-12 Microsoft Corporation Automation for Governance, Risk, and Compliance Management
US9166966B2 (en) 2011-08-15 2015-10-20 Bank Of America Corporation Apparatus and method for handling transaction tokens
US20130219156A1 (en) 2012-02-22 2013-08-22 Sungard Availability Services Lp Compliance aware change control
US20150089300A1 (en) 2013-09-26 2015-03-26 Microsoft Corporation Automated risk tracking through compliance testing
US20160043892A1 (en) 2014-07-22 2016-02-11 Intigua, Inc. System and method for cloud based provisioning, configuring, and operating management tools
US9116768B1 (en) 2014-11-20 2015-08-25 Symantec Corporation Systems and methods for deploying applications included in application containers
JP6717206B2 (ja) * 2015-01-29 2020-07-01 日本電気株式会社 マルウェア対策装置、マルウェア対策システム、マルウェア対策方法、及び、マルウェア対策プログラム
US9646159B2 (en) 2015-03-31 2017-05-09 Juniper Networks, Inc. Multi-file malware analysis
US9785776B2 (en) 2015-04-27 2017-10-10 Iboss, Inc. High risk program identification based on program behavior
US10171310B2 (en) * 2015-06-17 2019-01-01 International Business Machines Corporation Ensuring regulatory compliance during application migration to cloud-based containers
US10223074B2 (en) * 2015-12-11 2019-03-05 International Business Machines Corporation Determining the identity of software in software containers
JP6749094B2 (ja) * 2015-12-18 2020-09-02 エヌ・ティ・ティ・コミュニケーションズ株式会社 コンテナ収容装置、コンテナ作成方法、及びプログラム
US10592664B2 (en) * 2017-02-02 2020-03-17 Cisco Technology, Inc. Container application security and protection
US10885189B2 (en) * 2017-05-22 2021-01-05 Microsoft Technology Licensing, Llc Isolated container event monitoring

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1669033A (zh) * 2002-06-14 2005-09-14 Rga技术合作公司 用于执行可保性分析的计算机化系统以及方法
US8090974B1 (en) * 2008-02-08 2012-01-03 Joviandata, Inc. State machine controlled dynamic distributed computing
CN104813331A (zh) * 2012-12-28 2015-07-29 英特尔公司 用于客户级运行时控制的网络应用程序容器
CN105637833A (zh) * 2013-10-03 2016-06-01 高通股份有限公司 基于配置通道来预先识别可能的恶意行为

Also Published As

Publication number Publication date
US10803177B2 (en) 2020-10-13
WO2019016628A1 (en) 2019-01-24
GB2578066A (en) 2020-04-15
US20190026474A1 (en) 2019-01-24
US10789368B2 (en) 2020-09-29
DE112018002984T5 (de) 2020-02-27
GB202000336D0 (en) 2020-02-26
GB2578066B (en) 2022-02-16
JP6963671B2 (ja) 2021-11-10
CN110914809A (zh) 2020-03-24
US20190026472A1 (en) 2019-01-24
JP2020527798A (ja) 2020-09-10

Similar Documents

Publication Publication Date Title
CN110914809B (zh) 基于应用程序模式和风险评估的合规感知的运行时生成
US11288055B2 (en) Model-based differencing to selectively generate and deploy images in a target computing environment
US10073974B2 (en) Generating containers for applications utilizing reduced sets of libraries based on risk analysis
US11748648B2 (en) Quantum pulse optimization using machine learning
US11720826B2 (en) Feedback loop learning between artificial intelligence systems
US9426030B1 (en) Automatically generating configuration images and deploying computer components in a computing environment that comprises a shared pool of configurable computing resources
US11221855B2 (en) Transformation of an enterprise application into a cloud native application
CN115668129A (zh) 流水线工件选择的动态自动化
US11226889B2 (en) Regression prediction in software development
US11120225B2 (en) Updating an online multi-domain sentence representation generation module of a text classification system
US11573785B2 (en) Predicting code vulnerabilities using machine learning classifier models trained on internal analysis states
US11775655B2 (en) Risk assessment of a container build
US12099904B2 (en) Uniform artificial intelligence model conversion
CN111406255A (zh) 混合云组成的协调引擎蓝图方面
CN111406383B (zh) 用于云计算的方法、系统和计算机可读存储介质
CN111406256A (zh) 混合云组成的协调引擎蓝图方面
CN116134419A (zh) 软件容器的运行时环境确定
US11221846B2 (en) Automated transformation of applications to a target computing environment
JP2024536372A (ja) プログラム簡略化を介したトレーニングデータ拡張
US11157474B2 (en) Representing and analyzing cloud computing data as pseudo systems
US11573770B2 (en) Container file creation based on classified non-functional requirements
US11928519B2 (en) Modernization of an application for related image generation
US10778709B2 (en) Cloud-native extensibility provided to security analytics
US12422476B2 (en) Co-debug of processing conditions of logic devices
US12254393B2 (en) Risk assessment of a container build

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant