Patent application number | Description | Published |
20110197097 | INCREMENTAL PROBLEM DETERMINATION AND RESOLUTION IN CLOUD ENVIRONMENTS - Installation files are annotated, which annotations may trigger system snapshots to be taken at a plurality of points during the execution of the installation files and/or collected. During a test run, the generated snapshots are examined incrementally to determine whether the installation is success or failure at that point. Checkpoint snapshots are stored, and those indicating failure are recorded with description of the error and/or remediation that suggest how the errors may be resolved or fixed. During a production run, the annotated installation files may be executed and the checkpoint snapshots generated during the production run may be compared with those stored of the test run to incrementally identify and resolve potential problems in the production run. | 08-11-2011 |
20130191539 | SYSTEM AND METHOD FOR SUPPORTING SECURE APPLICATION DEPLOYMENT IN A CLOUD - A method of securely deploying a software application in the Internet cloud including identifying those aspects of a software application that use secure data, and those aspects of the application that use non-secure data, deploying the secure data on one or more secure servers that are not publicly accessible over the Internet, and deploying non-secure data on one or more cloud servers that are publicly available over the Internet, where communication between the secure servers and the cloud servers is managed using secure connections with access only to computation results. | 07-25-2013 |
20140074561 | CONFIGURABLE RATING AND METERING - A method for creating a configurable model for rating and metering resource usage, the method includes utilizing at least one rating context for a contract of a registered offering, wherein the registered offering is a resource, monitoring the resource usage to create a usage record, optimizing the collection of the usage data based on revenue potential and metering costs, contextualizing a usage record of the resource, generating rated usage data according to the usage record, and tuning a performance indicator of a metering definition for the registered offering based on the rated usage data. | 03-13-2014 |
20140074562 | CONFIGURABLE RATING AND METERING - A method for creating a configurable model for rating and metering resource usage, the method includes utilizing at least one rating context for a contract of a registered offering, wherein the registered offering is a resource, monitoring the resource usage to create a usage record, optimizing the collection of the usage data based on revenue potential and metering costs, contextualizing a usage record of the resource, generating rated usage data according to the usage record, and tuning a performance indicator of a metering definition for the registered offering based on the rated usage data. | 03-13-2014 |
Patent application number | Description | Published |
20110060946 | METHOD AND SYSTEM FOR PROBLEM DETERMINATION USING PROBE COLLECTIONS AND PROBLEM CLASSIFICATION FOR THE TECHNICAL SUPPORT SERVICES - A system and method for problem determination using probe collections and problem classification for the technical support services monitor and collect data associated with a computer system, raise an alarm based on the monitored and collected data, probe the computer system for additional information, filter the monitored and collected data based on the additional information established from probing, and use the filtered data to label a problem associated with the raised alarm. | 03-10-2011 |
20120005051 | Semi-Automated Customer Model-Based Service Deployment Into Data Centers - A non-transitory computer readable medium embodying instructions executed by a processor to perform a method for service creation and mapping between at least two support systems includes receiving a request for a new service, wherein the request includes resource requirement information and QOS requirement information corresponding to the new service, determining a location that the request originated from, identifying at least one data center within a communication range of the location, identifying at least one data center having resources complying with the resource requirement information, identifying at least one data center complying with the QOS requirement information, and deploying the new service into each data center that is within the communication range of the location, that has resources complying with the resource requirement information, and that complies with the QOS requirement information. | 01-05-2012 |
20120005236 | Cloud Services Creation Based on Graph Mapping - A method for service creation based on graph mapping including constructing a graph having leaf nodes in an environment including business support nodes associated with respective services and operations support nodes including attribute models, identifying a plurality of services at a level of the leafs in the graph, extending the graph by representing existing services offerings in terms of operation level service definitions and new services at the level of the leafs, and re-combining leaf nodes to define new services at service creation time. | 01-05-2012 |
20120005342 | Cloud Service Cost-Optimal Data Center Assignment - A method for service creation and mapping between at least two support systems includes provisioning a service based on a service requirement and a plurality of available data centers, collecting a value of the service requirement and a cost associated with the service, matching resource types of the data centers to resource availability, determining at least one valid data center from the plurality of data centers, and selecting a valid data center with a minimum cost for service placement and provisioning. | 01-05-2012 |
20130073504 | SYSTEM AND METHOD FOR DECISION SUPPORT SERVICES BASED ON KNOWLEDGE REPRESENTATION AS QUERIES - In a method for decision support, a request for information that is part of a context is received, data is generated in response the request, a knowledge model associated with the context is populated with the data, the knowledge model is populated with real-time data associated with the request, the knowledge model is executed, and a result of the executed knowledge model is output. | 03-21-2013 |
20130073576 | System and Protocol To Dynamically Query Sensor Data Collections - A sensor registry includes a query dispatcher, a registration dispatcher, and a continuous query engine. The query dispatcher receives a query from a subscriber, searches a sensor database for at least one sensor that satisfies the query, and returns a result set corresponding to the query to the subscriber. The result set includes the at least one sensor. The registration dispatcher receives a message from a requesting sensor in a sensor network, and updates the sensor database based on the message. The continuous query engine receives the query from the query dispatcher, updates the result set corresponding to the query based on the received message, and notifies the subscriber upon determining that a change has been made to the result set. | 03-21-2013 |
20130074096 | Hierarchical Contexts to Drive Live Sensor Applications - A method for operating a sensor based application includes receiving a context hierarchy for the sensor based application, the context hierarchy comprising a plurality of contexts, wherein each of the contexts is assigned a level of interest and a priority, reading the context hierarchy and discovering at least one sensor associated with each of the plurality of contexts, and reading at least one value of each of the sensors, and applying the values. | 03-21-2013 |
Patent application number | Description | Published |
20080235372 | METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS - A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state. | 09-25-2008 |
20080235804 | Dynamic Creation and Hierarchical Organization of Trusted Platform Modules - A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has. | 09-25-2008 |
20080263203 | METHOD AND APPARATUS FOR DELEGATING RESPONSES TO CONDITIONS IN COMPUTING SYSTEMS - METHOD AND APPARATUS FOR DELEGATING RESPONSES TO CONDITIONS IN COMPUTING SYSTEMS ABSTRACT One embodiment of the present method and apparatus for delegating responses to conditions in computing systems includes acknowledging (e.g., at a systems management component in the computing system) a condition, and delegating responsibility for a strategy for a response to the condition to another component. In further embodiments, the present method and apparatus for delegating responses to conditions in computing systems includes receiving (e.g., at a computing system component) an assignment from another computing system component (e.g., a systems management component), where the assignment assigns responsibility for a strategy for a response to a condition, and determining whether and how to respond to the condition. | 10-23-2008 |
20080270603 | METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM - A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications. | 10-30-2008 |
20090235324 | METHOD FOR DISCOVERING A SECURITY POLICY - Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies. | 09-17-2009 |
20090328145 | METHOD AND APPARATUS FOR MIGRATING A VIRTUAL TPM INSTANCE AND PRESERVING UNIQUENESS AND COMPLETENESS OF THE INSTANCE - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt. | 12-31-2009 |
20110258610 | OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING - A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values. | 10-20-2011 |
20110283352 | Method and Apparatus for Migrating a Virtual TPM Instance and Preserving Uniqueness and Completeness of the Instance - A migration scheme for virtualized Trusted Platform Modules is presented. The procedure is capable of securely migrating an instance of a virtual Trusted Platform Module from one physical platform to another. A virtual Trusted Platform Module instance's state is downloaded from a source virtual Trusted Platform Module and all its state information is encrypted using a hybrid of public and symmetric key cryptography. The encrypted state is transferred to the target physical platform, decrypted and the state of the virtual Trusted Platform Module instance is rebuilt. | 11-17-2011 |
20120096549 | ADAPTIVE CYBER-SECURITY ANALYTICS - Performing adaptive cyber-security analytics including a computer implemented method that includes receiving a report on a network activity. A score responsive to the network activity and to a scoring model is computed at a computer. The score indicates a likelihood of a security violation. The score is validated and the scoring model is automatically updated responsive to results of the validating. The network activity is reported as suspicious in response to the score being within a threshold of a security violation value. | 04-19-2012 |
20130318615 | PREDICTING ATTACKS BASED ON PROBABILISTIC GAME-THEORY - Methods for determining cyber-attack targets include collecting and storing network event information from sensors to extract information regarding an attacker; forming an attack scenario tree that encodes network topology and vulnerability information including paths from known compromised nodes to a set of potential targets; calculating a likelihood for each of the paths using a processor; calculating a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker; calculating a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker; determining a network graph edge to remove which minimizes a defender's expected uncertainty over the potential targets; and removing the determined network graph edge. | 11-28-2013 |
20130318616 | PREDICTING ATTACKS BASED ON PROBABILISTIC GAME-THEORY - Systems for determining cyber-attack target include a network monitor module configured to collect network event information from sensors in one or more network nodes; a processor configured to extract information regarding an attacker from the network event information, to form an attack scenario tree that encodes network topology and vulnerability information including a plurality of paths from known compromised nodes to a set of potential targets, to calculate a likelihood for each of the paths, to calculate a probability distribution for the set of potential targets to determine which potential targets are most likely pursued by the attacker, to calculate a probability distribution over a set of nodes and node vulnerability types already accessed by the attacker, and to determine a network graph edge to remove that minimizes a defender's expected uncertainty over the potential targets; and a network management module configured to remove the determined network graph edge. | 11-28-2013 |
20130332539 | Method and Apparatus for Detecting Unauthorized Bulk Forwarding of Sensitive Data Over a Network - Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time. | 12-12-2013 |
20130332541 | Method and Apparatus for Detecting Unauthorized Bulk Forwarding of Sensitive Data Over a Network - Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time. | 12-12-2013 |
20130333034 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system: and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 12-12-2013 |
20130333041 | Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion - Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines. | 12-12-2013 |
20140223560 | MALWARE DETECTION VIA NETWORK INFORMATION FLOW THEORIES - Access is obtained to a plurality of information flow theories for a plurality of malicious programs. The information flow theories include differences in information flows between the malicious programs, executing in a controlled environment, and information flows of known benign programs. Execution of a suspicious program is monitored by comparing runtime behavior of the suspicious program to the plurality of information flow theories. An alarm is output if the runtime behavior of the suspicious program matches at least one of the plurality of information flow theories. | 08-07-2014 |
20140310396 | IDENTIFICATION AND CLASSIFICATION OF WEB TRAFFIC INSIDE ENCRYPTED NETWORK TUNNELS - The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information. | 10-16-2014 |
20140310517 | IDENTIFICATION AND CLASSIFICATION OF WEB TRAFFIC INSIDE ENCRYPTED NETWORK TUNNELS - The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information. | 10-16-2014 |
20140351226 | Distributed Feature Collection and Correlation Engine - A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs. | 11-27-2014 |
20140351227 | Distributed Feature Collection and Correlation Engine - A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs. | 11-27-2014 |