In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.

In an embodiment of the invention, a system for assessing vulnerabilities includes: a security management system; a network device in a system under test (SUT), wherein the network device is privy to traffic in the SUT; and wherein the SMS is privy to traffic that is known by the network device and/or to one or more traffic observations that is known by the network device.

A processing device provides a method for protecting a program from unauthorized copying. The processing device may include an encrypted version of the program. According to one example method, the processing device creates a secure enclave, and in response to a request to execute the encrypted program, the processing device automatically generates a decrypted version of the program in the secure enclave by decrypting the encrypted program in the secure enclave. After automatically generating the decrypted version of the program in the secure enclave, the processing device may automatically execute the decrypted version of the program in the secure enclave. Other embodiments are described and claimed.

A data management system, method and computer-readable medium for data integration and quality control are described. In some implementations, a computer-implemented method comprises steps of receiving datasets from one or more data sources, storing the datasets belonging to a domain, checking data integrity of the datasets, performing a quality control check on the datasets, receiving selections from the domain on the datasets that are selected to be processed based on one or more reference libraries, processing one or more selected datasets based on the one or more reference libraries to create mapped data, integrating the mapped data with metadata to provide an integrated analysis, and causing to display, at a graphical user interface (GUI), real-time processing status for each of the one or more selected datasets.

A cryptography module for at least temporarily controlling an operation of at least one computing device. The cryptography module is designed to check at least one memory area of a memory unit capable of being accessed by the computing device, and to control the operation of the at least one computing device as a function of the check.

Systems and methods are provided for automatically implementing parental controls at a computing device. One example method includes identifying a user profile and determining a baseline user behavior associated with the user profile. Deviations from the baseline user behavior at a computing device associated with the user profile are monitored for. A confidence value is generated based on the deviations from the baseline user behavior. An action to perform at the computing device is determined based on the user behavior and the confidence value. The action is performed.

Methods, systems, and computer storage media for providing data security posture management using an application discovery engine in a security management system. Application discovery supports identifying and mapping various applications within a computing environment. In particular, application discovery can be provided as part of security management operations to assess security posture of applications, identify vulnerabilities, and ensure compliance with regulations. In operation, application discovery data associated with a plurality computing resources of a computing environment is accessed. An annotated application discovery graph comprising a plurality of entities that represent the plurality of computing resources is generated. The annotated application discovery graph is deployed to support generating security postures for computing environments. A request is received for a security posture of the computing environment. A security posture visualization that includes an application discovery graph annotation is generated. The security posture visualization is communicated to cause display of the security posture visualization.

Systems, methods, and software can be used to determine security risks in binary software using a software relationship model. In some aspects, a method comprises: receiving a software relationship model that identifies: (i) a set of software components, and (ii) communication interfaces between software components in the set of software components; receiving a set of binary software code; generating a risk assessment for the set of binary software code based on the software relationship model; and generating a notification, based on the risk assessment for the set of binary software code, that indicates security risks associated with the set of binary software code.