Provided are systems and methods for automatic search query refinement. An example method commences with identifying a plurality of electronic sources of data content of an entity stored at different network-accessible locations. The content may be dynamically assigned fields based on criteria specified by the entity. Thereupon, a unified search interface may be provided to authorized users to search the content. A search query subsequently received from a user may be parsed. The method continues with determining, upon the parsing and based on predetermined rules, triggers associated with the search query. In some embodiments, the triggers include search triggers to be used for searching content, filter triggers to be applied for filtering search results, and structural triggers to be used for ranking the search results. The method further includes searching the content based on the triggers to retrieve the search results and providing the search results to the user.

Disclosed is a database encryption method supporting composable SQL query, which mainly comprises the following steps: (1) a user encrypting and preprocessing data based on the encryption scheme provided by the present disclosure and uploading an encryption result and preprocessed data to a service provider; (2) setting and uploading a SQL query instructions: the user uploads the query instruction to the service provider according to actual needs, and uploads auxiliary parameters for the query instruction at the same time; (3) data query: the service provider performs SQL query according to the query instruction and auxiliary parameters received from the user, saves a calculation result, updates the data and returns a query result to the user.

Systems and methods for throttling requests submitted to a database are designed to maximize the rate at which information can be obtained from the database. In the throttling methods, the time required for the database to perform a certain operation is monitored. If the time required to perform the operation exceeds a threshold time period, a request limit is imposed on the database, the request limit limiting the number of data read and/or write requests that can be submitted to the database per unit of time.

Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include receiving a data query referencing unredacted data of a database, responsive to the data query, executing, by a processing device, a redaction operation to identify sensitive data within the unredacted data of the database, and returning a redacted data set in which the sensitive data is replaced or removed to the data query.

A method, computer program and apparatus is disclosed. The method, performed by one or more processors, may comprise receiving, from one or more predetermined organizations, datasets representing entities and datasets representing one or more tasks for those entities and storing in a database, in accordance with an ontology which is common to the organizations, the received one or more datasets as data objects, the ontology defining properties of data objects and relationships between the data objects. The method may also comprise mapping the data objects stored in the database to the organization from which the one or more datasets were received and receiving, through a querying application, a query from a user of one of the predetermined organizations to view one or more data objects relating to a task. The method may also comprise identifying the organization to which the user is associated, generating, based on the mapping, a view including at least the one or more task data objects associated with the identified organization and not data objects associated with other organizations and displaying the view on a user interface.

Embodiments of the present disclosure relate to sharing database roles using hidden roles. A database role may be generated within a database container having a plurality of data objects, wherein the database role exists exclusively within the database container. A set of grants to a particular subset of the plurality of data objects of the database container may be assigned to the database role. For each of a set of share objects to which the database role is to be granted: a hidden role having no identifier may be created, the database role may be granted to the hidden role, and the hidden role may be granted to a share object. Each of the set of share objects are mounted within a consumer account to generate a set of imported database containers within the consumer account, wherein each imported database container includes an individualized grant of the database roles.

A method of enhancing security in object based datastores is provided. The method mounts first and second datastores identified, respectively, by first and second datastore identifiers. The first and second datastores include, respectively, first and second namespace objects that are mapped to first and second subfolders in the first and second datastores. A first file within the first subfolder references a first object via a first object identifier, while a second file within the second subfolder references a second object via a second object identifier. The first and second objects are tagged with the first and second datastores' identifiers. The first and second datastores share an underlying storage and may be configured to have separate access permissions. The method receives a command to access the first object via a datastore identifier, compares the datastore identifier with the first datastore identifier, and if they match, allows access to the first object.

Systems, computer program products, and methods are described herein for implementing multi-dimensional data obfuscation. The present invention is configured to electronically receive, from a computing device of a user, a request to implement a multi-dimensional data obfuscation on a first database; initiate a data obfuscation engine on the first database based on at least receiving the request, wherein initiating further comprises: determining one or more data types associated with the one or more data artifacts; determining one or more exposure levels of the one or more data artifacts; retrieving, from a data obfuscation repository, one or more data obfuscation algorithms; and implementing the one or more data obfuscation algorithms on the one or more data artifacts based on at least the one or more data types; and generate an obfuscated first database based on at least initiating the data obfuscation engine on the first database.

In one embodiment, a processor includes a memory hierarchy and a core coupled to the memory hierarchy. The memory hierarchy stores encrypted data, and the core includes circuitry to access the encrypted data stored in the memory hierarchy, decrypt the encrypted data to yield decrypted data, perform an entropy test on the decrypted data, and update a processor state based on a result of the entropy test. The entropy test may include determining a number of data entities in the decrypted data whose values are equal to one another, determining a number of adjacent data entities in the decrypted data whose values are equal to one another, determining a number of data entities in the decrypted data whose values are equal to at least one special value from a set of special values, or determining a sum of n highest data entity value frequencies.

Techniques for providing data loss prevention, including data exfiltration prevention and crypto-ransomware prevention, are provided. In some embodiments, a slack-space file system is created by using a modified packing algorithm to increase and/or optimize an amount of slack space created by files stored in a standard file system. A program for accessing and indexing the slack-space file system may be stored, and requests by a user to store data on a storage medium of a computer system may cause the information to be stored in the slack-space file system, where it may be protected from destructive malware that operates solely on the standard file system. In some embodiments, sensitive information may be hidden by storing the information in an alternate data stream of a file and by replacing the information in the unnamed data stream of the file with non-sensitive information that may appear to be sensitive.