Patent application number | Description | Published |
20080198752 | DATA REPLICA SELECTOR - A method is provided for selecting a replication node from eligible nodes in a network. A multidimensional model is constructed that defines a multidimensional space and includes the eligible nodes, with each of the dimensions of the multidimensional model being a system characteristic. A data availability value is determined for each of the eligible nodes, and a cost of deploying is determined for each of at least two availability strategies to the eligible nodes. At least one of the eligible nodes is selected for replication of data that is stored on a source node in the network. The selecting step includes selecting the eligible node whose: data availability value is determined to be highest among the eligible nodes whose cost of deploying does not exceed a specified maximum, or cost of deploying is determined to be lowest among the eligible nodes whose data availability value does not exceed a specified minimum. | 08-21-2008 |
20080228443 | SYSTEM AND METHOD FOR BENCHMARKING CORRELATED STREAM PROCESSING SYSTEMS - A system, method, and computer program product for benchmarking a stream processing system are disclosed. The method comprises generating a plurality of correlated test streams. A semantically related data set is embedded within each of the test streams in the plurality of correlated test streams. The plurality of correlated test streams is provided to at least one stream processing system. A summary is generated for each of the semantically related embedded data sets. A common identifier, which is transparent to the system being tested, is embedded within each stream in the plurality of correlated test streams. The common identifier is extracted from the output data set generated by the stream processing system. At least one of the stored copies of the summaries and the common identifier are compared to an output data set including a set of zero or more correlation results generated by the stream processing system. | 09-18-2008 |
20080270822 | DATA REPLICA SELECTOR - There is provided a method and system for replicating data at another location. The system includes a source node that contains data in a data storage area. The source node is coupled to a network of potential replication nodes. The processor determines at least two eligible nodes in the network of nodes and determines the communication cost associated with a each of the eligible nodes. The processor also determines a probability of a concurrent failure of the source node and each of eligible nodes, and selects at least one of the eligible nodes for replication of the data located on the source node. The selection is based on the determined communication costs and probability of concurrent failure. | 10-30-2008 |
20090024358 | BENCHMARKING CORRELATED STREAM PROCESSING SYSTEMS - A system, method, and computer program product for benchmarking a stream processing system are disclosed. The method comprises generating a plurality of correlated test streams. A semantically related data set is embedded within each of the test streams in the plurality of correlated test streams. The plurality of correlated test streams is provided to at least one stream processing system. A summary is generated for each of the semantically related embedded data sets. A common identifier, which is transparent to the system being tested, is embedded within each stream in the plurality of correlated test streams. The common identifier is extracted from the output data set generated by the stream processing system. At least one of the stored copies of the summaries and the common identifier are compared to an output data set including a set of zero or more correlation results generated by the stream processing system. | 01-22-2009 |
20090043893 | Multiple Resource Control-Advisor for Management of Distributed or Web-Based Systems - A system and method are provided for autonomic system management in a computing system containing system resources including network resources and multiple resource demands, or processes. The computing system may be a stream-processing system or other real-time computer management system, such as workload management, or a virtualization engine. The system and method enables achieving a better level of performance than would occur in the computing system using only existing mechanism. It permits, with very low computational overhead, achieving or driving the system closer to a user-defined system performance objective. To do so, a system performance equation is defined to determine a level of performance of the system as a function of the allocation of two or more system resources among a plurality of system resource demands or processes. From this system performance equation, a plurality of resource-specific change equations is derived. Each resource-specific change equation is capable of calculating changes in the level of performance of the system attributable to changes in the allocation of one of the system resources. The resource-specific change equation yielding the greatest change in the level of system performance at a given allocation of all of the system resources and the system resource associated with the identified resource-specific change equation are identified. The allocation of the identified associated system resource to at least one system resource demand to provide the largest increase in the level of performance of the system, and allocations for all system resources are adjusted in accordance with the modified allocation of the identified associated system resource. | 02-12-2009 |
20090122760 | Method and Apparatus for Association Control in Mobile Wireless Networks - A method for association of a mobile terminal with an access point (AP) includes determining a set of available APs. The AP from among the available APs that has the coverage area that is likely to encompass the mobile terminal for the greatest period of time or distance is selected. The selected AP is associated with the mobile terminal. | 05-14-2009 |
20090235324 | METHOD FOR DISCOVERING A SECURITY POLICY - Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies. | 09-17-2009 |
20090327492 | TEMPLATE-BASED APPROACH FOR WORKLOAD GENERATION - A system and method for workload generation include a processor for identifying a workload model by determining each of a hierarchy for workload generation, time scales for workload generation, and states and transitions at each of the time scales, and defining a parameter by determining each of fields for user specific attributes, application specific attributes, network specific attributes, content specific attributes, and a probability distribution function for each of the attributes; a user level template unit corresponding to a relatively slow time scale in signal communication with the processor; an application level template corresponding to a relatively faster time scale in signal communication with the processor; a stream level template corresponding to a relatively fastest time scale in signal communication with the processor; and a communications adapter in signal communication with the processor for defining a workload generating unit responsive to the template units. | 12-31-2009 |
20110258610 | OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING - A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values. | 10-20-2011 |
20130086383 | VIRTUAL MACHINE IMAGES ENCRYPTION USING TRUSTED COMPUTING GROUP SEALING - A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage. | 04-04-2013 |
20130232238 | MOBILE DEVICE WITH MULTIPLE SECURITY DOMAINS - Included within a shared housing are at least one user interface element; a first isolated computational entity; a second isolated computational entity; and a switching arrangement. The switching arrangement is configured to, in a first mode, connect the first isolated computational entity to the at least one user interface element; and, in a second mode, connect the second isolated computational entity to the at least one user interface element. | 09-05-2013 |
20140108784 | REDUCING NOISE IN A SHARED MEDIA SESSSION - A method to verify a geographic location of a virtual disk image executing at a data center server within a data center. One embodiment includes a cryptoprocessor proximate the data center server, a hypervisor configured to send a disk image hash value of the virtual disk image, a digital certificate issued to the cryptoprocessor, an endorsement key to a data center tenant and a location provider. The method includes sending a disk image hash value of the virtual disk image, an endorsement key unique to a cryptoprocessor proximate the data center server to a data center tenant, and a digital certificate to a data center tenant. Next, the location provider sends the geographic location of the cryptoprocessor matching the endorsement key to the data center tenant. | 04-17-2014 |
20140137179 | PROTECTION OF USER DATA IN HOSTED APPLICATION ENVIRONMENTS - A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component. | 05-15-2014 |
20140137181 | PROTECTION OF USER DATA IN HOSTED APPLICATION ENVIRONMENTS - A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component. | 05-15-2014 |
20150074392 | SECURE PROCESSING ENVIRONMENT FOR PROTECTING SENSITIVE INFORMATION - A processor-implemented method for a secure processing environment for protecting sensitive information is provided. The processor-implemented method may include receiving encrypted data and routing the encrypted data to the secure processing environment. Then the encrypted data may be decrypted and fields containing sensitive information may be found. The method may also include obfuscating the sensitive information and returning, by the secure processing environment, the decrypted data and obfuscated data. | 03-12-2015 |