The technology disclosed herein enables enforcement of high-level rules defined by a user across multiple data environments. In a particular embodiment, a method includes receiving a high-level rule from a user for enforcement across a plurality of data environments and interpreting the high-level rule into a computer-readable rule. The method further includes translating the computer-readable rule into an instruction compatible with a data environment of the plurality of data environments. The method also includes providing the instruction to the data environment, wherein the data environment implements the high-level rule within the data environment based on the instruction.

This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

A method for managing data processes in a network of computing resources includes: receiving at least one child request being routed from an intermediary device to at least one corresponding destination device, the at least one child request requesting execution of at least one corresponding child data process, each of the at least one child data process for executing at least a portion of the at least one parent data process from an instructor device, and each of the at least one child request including a destination key derived at least in part from the at least one instructor key; storing the at least one child request in at least one storage device; modifying the at least one child request upon receiving a child request modification signal; and generating signals for communicating the child requests to one or more requesting devices.

The present disclosure provides systems and methods that perform structure-based access control. In particular, rather than relying upon a user-specific credential scheme, which can require manual sharing of user-specific credentials and/or switching between the multiple accounts to access the particular devices, applications, or services associated with such accounts, the systems and methods of the present disclosure facilitate user credentials to be inherited by or otherwise assigned to a structure identifier associated with a structure (e.g., a home in which the user resides), thereby generating a set of structure credentials. This enables other users in the structure, who may be part of a collaborative user group, to access devices, applications, and/or services using the structure credentials.

A centralized document system generates a document package in response to a request by an originating entity. The document package includes at least one document for execution by a first receiving entity. The first receiving entity can specify a set of permissions for a second receiving entity to perform actions to documents within the package on behalf of the first receiving entity. Accordingly, the system may provide the document package to both the first and second receiving entities for the first receiving entity to execute the at least one document. Before providing the document to the second receiving entity, system may determine whether there is a sensitive document in the package and whether to delegate the document to the second entity. Accordingly, the system may prevent a sensitive document package from being provided to the second receiving entity for execution.

Systems and methods are provided for child-friendly authentication for autonomous vehicle rides. In particular, systems and methods are provided for offering alternative authentication methods that automatically engage child-friendly features. The systems and methods provided enable unsupervised children to take advantage of autonomous rideshare and delivery programs using child-friendly authentication methods. Additionally, augmented autonomous vehicle safety and security practices for children are provided.

An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable.

Methods, systems, and devices for access control configurations for inter-processor communications are described to support reconfiguration of a dynamic access control configuration at a device. The configuration may support additional configuration fields that may be added to existing access control rules of the device. A processor of the device may request creation of a new shared memory resource, using a subregion of an existing memory resource, where the additional fields may indicate a parent memory resource for the new memory resource. The additional fields may also include a value which may indicate a processor which has write permission for a respective memory region of the shared memory, where other processors of the device may be prevented from writing to the memory region. The additional fields may further indicate a chain of delegation, or a history, of which processors have been assigned the exclusive write permission for the respective memory region.

A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Trusted, privacy-protected systems and methods are disclosed for processing, handling, and performing tests on human genomic and other information. According to some embodiments, a system is disclosed that is a cloud-based system for the trusted storage and analysis of genetic and other information. Some embodiments of the system may include or support some or all of authenticated and certified data sources; authenticated and certified diagnostic tests; and policy-based access to data.