公开(公告)号：US20080235387A1

公开(公告)日：2008-09-25

申请号：US12051953

申请日：2008-03-20

申请人： David M. Chess ,  Murthy V. Devarakonda ,  Alla Segal ,  Ian Nicholas Whalley

发明人： David M. Chess ,  Murthy V. Devarakonda ,  Alla Segal ,  Ian Nicholas Whalley

IPC分类号： G06F15/173 ,  G05B15/00

CPC分类号： H04L41/0893 ,  H04L41/5009

摘要： In one aspect this invention provides a computer program embodied on a computer readable medium that is executed by at least one data processor of a policy management system. The computer program includes first computer program instructions for implementing a user interface and second computer program instructions for implementing a policy manager that is coupled to the user interface via a policy repository for introducing a new attribute, using the first computer program instructions, into a policy for a policy-managed system, without requiring a change to (e.g., without having to re-write or re-compile) the second computer program instructions.

摘要翻译： 在一个方面，本发明提供一种包含在计算机可读介质上的计算机程序，该计算机程序由策略管理系统的至少一个数据处理器执行。 计算机程序包括用于实现用户界面的第一计算机程序指令和用于实现策略管理器的第二计算机程序指令，所述策略管理器经由策略储存器耦合到用户界面，用于使用第一计算机程序指令将新属性引入到策略 对于策略管理的系统，而不需要改变（例如，不必重写或重新编译）第二计算机程序指令。

公开(公告)号：US07480912B2

公开(公告)日：2009-01-20

申请号：US10449269

申请日：2003-05-29

申请人： William C. Arnold ,  David M. Chess ,  Murthy V. Devarakonda ,  Alla Segal ,  Ian N. Whalley

发明人： William C. Arnold ,  David M. Chess ,  Murthy V. Devarakonda ,  Alla Segal ,  Ian N. Whalley

IPC分类号： G06F9/46 ,  G06F11/00 ,  G06F12/00 ,  G06F13/00 ,  G06F13/28

CPC分类号： G06F9/5016 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1097 ,  H04L67/22 ,  H04L69/329

摘要： Methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides a method for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides methods for automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation. The invention reduces human involvement, allows policy control, minimizes error, and provides efficient service delivery specified by policies.

摘要翻译： 通过指定高层次目标而不是通过低级手动步骤，分配存储资源的方法，性能监测和重新分配资源以消除热点。 策略被指定为管理员指定的约束，资源被管理。 根据所需存储的性能，可用性和安全性要求指定目标。 作为自动化的一部分，本发明提供了一种用于分析计算机存储系统的能力并形成分析结果的方法，其后来用于确定将满足指定的高级目标的资源分配。 本发明还提供了用于自动监视分配资源的性能，可用性和安全目标的方法。 如果目标没有得到满足，则重新分配资源，以便能够通过分配来满足目标。 本发明减少人的参与，允许策略控制，最小化错误，并提供由策略指定的有效的服务提供。

公开(公告)号：US07043419B2

公开(公告)日：2006-05-09

申请号：US10252816

申请日：2002-09-20

申请人： David M. Chess ,  Edward Charles Snible ,  Ian Nicholas Whalley

发明人： David M. Chess ,  Edward Charles Snible ,  Ian Nicholas Whalley

IPC分类号： G06F15/173

CPC分类号： H04L67/26 ,  H04L29/06 ,  H04L67/10 ,  H04L69/329

摘要： A method, apparatus, and computer instructions for providing identification and monitoring of entities. A distributed data processing system includes one or more distributed publishing entities, which publish computer readable announcements in a standard language. These announcements may contain a description of a monitoring method that may be used to monitor the behavior of one or more distributed monitored entities. These announcements also may include information used to identify a monitoring method that may be used by the distributed monitored entity to monitor its own behavior or by a distributed consumer entity to monitor the behavior of the distributed monitored entity. The monitoring also may be performed by a third-party distributed monitoring entity.

摘要翻译： 一种用于提供实体的识别和监视的方法，装置和计算机指令。 分布式数据处理系统包括一个或多个分布式发布实体，其以标准语言发布计算机可读公告。 这些公告可以包含可用于监视一个或多个分布式监视实体的行为的监视方法的描述。 这些公告还可以包括用于识别监视方法的信息，该监视方法可以被分布式监视实体用于监视其自己的行为，或者由分布式消费者实体来监视分布式监视实体的行为。 监视也可以由第三方分布式监控实体执行。

公开(公告)号：US07996905B2

公开(公告)日：2011-08-09

申请号：US12062152

申请日：2008-04-03

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F12/14 ,  H04L29/06 ,  G06F11/30

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

公开(公告)号：US08626569B2

公开(公告)日：2014-01-07

申请号：US12132799

申请日：2008-06-04

申请人： David M. Chess ,  Sophia Krasikov ,  Alla Segal ,  Senthilnathan Velayudham

发明人： David M. Chess ,  Sophia Krasikov ,  Alla Segal ,  Senthilnathan Velayudham

IPC分类号： G06Q10/00 ,  G06Q30/00

CPC分类号： G06Q10/06 ,  G06Q10/06393 ,  G06Q30/0201

摘要： Performance prediction techniques are provided that utilize business-process information such as transaction history and log information. For example, in one aspect of the invention, a computer-based technique for providing a performance prediction service comprises the following steps/operations. First, business-process information associated with a business is obtained. Then, a performance estimation function is generated based at least in part on the business-process information, the performance estimation function being usable in responding to a query obtained from a potential customer of the business.

摘要翻译： 提供了利用诸如事务历史和日志信息之类的业务处理信息的性能预测技术。 例如，在本发明的一个方面，用于提供性能预测服务的基于计算机的技术包括以下步骤/操作。 首先，获得与业务相关联的业务流程信息。 然后，至少部分地基于业务处理信息生成性能估计功能，所述性能估计功能可用于响应从业务的潜在客户获得的查询。

公开(公告)号：US20080256633A1

公开(公告)日：2008-10-16

申请号：US12141165

申请日：2008-06-18

申请人： William C. ARNOLD ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. ARNOLD ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F12/14

CPC分类号： G06F21/566

摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.

摘要翻译： 公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于指导计算机系统执行用于确定怀疑含有不期望的软件的程序的非复制行为的过程 实体。 该过程导致在至少一个已知环境中执行该程序，并且自动检查该至少一个已知环境以检测由于该程序的执行而在该环境中是否发生了改变。 如果检测到改变，则该过程自动分析检测到的变化（即，过程执行副作用分析），以确定改变是由执行程序还是由不期望的软件实体的执行引起。 该过程然后使用分析结果至少用于撤销由不期望的软件实体的执行导致的检测到的改变。 分析的结果也可以用于向用户通知反病毒系统对环境的非复制变化。

公开(公告)号：US20080189787A1

公开(公告)日：2008-08-07

申请号：US12062152

申请日：2008-04-03

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F21/00

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

公开(公告)号：US07861300B2

公开(公告)日：2010-12-28

申请号：US12141165

申请日：2008-06-18

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F11/00

CPC分类号： G06F21/566

摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.

摘要翻译： 公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于指导计算机系统执行用于确定怀疑含有不期望的软件的程序的非复制行为的过程 实体。 该过程导致在至少一个已知环境中执行该程序，并且自动检查该至少一个已知环境以检测由于该程序的执行而在该环境中是否发生了改变。 如果检测到改变，则该过程自动分析检测到的变化（即，过程执行副作用分析），以确定改变是由执行程序还是由不期望的软件实体的执行引起。 该过程然后使用分析结果至少用于撤销由不期望的软件实体的执行导致的检测到的改变。 分析的结果也可以用于向用户通知反病毒系统对环境的非复制变化。

公开(公告)号：US07487543B2

公开(公告)日：2009-02-03

申请号：US10202517

申请日：2002-07-23

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G08B23/00 ,  G06F15/18 ,  G06F12/14 ,  H04L9/00

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

公开(公告)号：US08346911B2

公开(公告)日：2013-01-01

申请号：US11378075

申请日：2006-03-17

申请人： David M. Chess ,  Sophia Krasikov ,  David W. Levine ,  John F. Morar ,  Edward J. Pring ,  Alla Segal ,  Ian N. Whalley

发明人： David M. Chess ,  Sophia Krasikov ,  David W. Levine ,  John F. Morar ,  Edward J. Pring ,  Alla Segal ,  Ian N. Whalley

IPC分类号： G06F15/16 ,  G06F15/173

CPC分类号： G06F21/552 ,  G06F21/577 ,  H04L41/048 ,  H04L63/08

摘要： A system, computer program and method for inspection of a system under inspection. The system may include an inspection program configured to access information available at the system under inspection and generate inspection data for the system under inspection. A runtime platform independent from the inspection program at the system under inspection is configured to limit the limit the contents of the inspection data to a maximum information content. A trusted third-party computer system may assist in selecting the inspection program and transferring the resulting inspection data.

摘要翻译： 用于检查被检查系统的系统，计算机程序和方法。 该系统可以包括被配置为访问在被检查的系统中可用的信息的检查程序，并且生成检查系统的检查数据。 在检查系统下独立于检查程序的运行平台被配置为将检查数据的内容限制为最大信息内容。 值得信赖的第三方计算机系统可以帮助选择检查程序并传送结果检查数据。