公开(公告)号：US20080235168A1

公开(公告)日：2008-09-25

申请号：US12131424

申请日：2008-06-02

申请人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

发明人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

IPC分类号： G06F15/18

CPC分类号： G06N5/02 ,  H04L43/02 ,  H04L43/08 ,  H04L43/16

摘要： A statistical approach implementing Singular Value Decomposition (SVD) to a policy-based management system for autonomic and on-demand computing applications. The statistical approach empowers a class of applications that require policies to handle ambiguous conditions and allow the system to “evolve” in response to changing operation and environment conditions. In the system and method providing the statistical approach, observed event-policy associated data, which is represented by an event-policy matrix, is treated as a statistical problem with the assumption that there are some underlying or implicit higher order correlations among events and policies. The SVD approach enables such correlations to be modeled, extracted and modified. From these correlations, recommended policies can be selected or created without exact match of policy conditions. With a feedback mechanism, new knowledge can be acquired as new situations occur and the corresponding policies to manage them are recorded and used to generate new event and policy correlations. Consequently, based on these new correlations, new recommended policies can be derived.

摘要翻译： 一种统计方法，将自适应和按需计算应用程序的单一值分解（SVD）实现到基于策略的管理系统。 统计方法赋予一类应用程序，这些应用程序需要策略来处理模糊的条件，并允许系统根据不断变化的操作和环境条件“演变”。 在提供统计方法的系统和方法中，由事件 - 策略矩阵表示的观察到的事件 - 策略关联数据被视为统计问题，假设在事件和策略之间存在一些潜在或隐含的高阶相关性 。 SVD方法可以对这些相关性进行建模，提取和修改。 根据这些相关性，可以选择或创建推荐的策略，而不会完全匹配策略条件。 通过反馈机制，可以获得新的知识，因为新的情况发生，相应的管理策略被记录并用于生成新的事件和策略相关性。 因此，基于这些新的相关性，可以推导出新的推荐政策。

公开(公告)号：US20070282778A1

公开(公告)日：2007-12-06

申请号：US11446761

申请日：2006-06-05

申请人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

发明人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

IPC分类号： G06N5/02

CPC分类号： G06N5/02 ,  H04L43/02 ,  H04L43/08 ,  H04L43/16

摘要： A statistical approach implementing Singular Value Decomposition (SVD) to a policy-based management system for autonomic and on-demand computing applications. The statistical approach empowers a class of applications that require policies to handle ambiguous conditions and allow the system to “evolve” in response to changing operation and environment conditions. In the system and method providing the statistical approach, observed event-policy associated data, which is represented by an event-policy matrix, is treated as a statistical problem with the assumption that there are some underlying or implicit higher order correlations among events and policies. The SVD approach enables such correlations to be modeled, extracted and modified. From these correlations, recommended policies can be selected or created without exact match of policy conditions. With a feedback mechanism, new knowledge can be acquired as new situations occur and the corresponding policies to manage them are recorded and used to generate new event and policy correlations. Consequently, based on these new correlations, new recommended policies can be derived.

摘要翻译： 一种统计方法，将自适应和按需计算应用程序的单一值分解（SVD）实现到基于策略的管理系统。 统计方法赋予一类应用程序，这些应用程序需要策略来处理模糊的条件，并允许系统根据不断变化的操作和环境条件“演变”。 在提供统计方法的系统和方法中，由事件 - 策略矩阵表示的观察到的事件 - 策略关联数据被视为统计问题，假设在事件和策略之间存在一些潜在或隐含的高阶相关性 。 SVD方法可以对这些相关性进行建模，提取和修改。 根据这些相关性，可以选择或创建推荐的策略，而不会完全匹配策略条件。 通过反馈机制，可以获得新的知识，因为新的情况发生，相应的管理策略被记录并用于生成新的事件和策略相关性。 因此，基于这些新的相关性，可以推导出新的推荐政策。

公开(公告)号：US07996353B2

公开(公告)日：2011-08-09

申请号：US12131424

申请日：2008-06-02

申请人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

发明人： Hoi Y. Chan ,  David M. Chess ,  Thomas Y. Kwok ,  Steve R. White

IPC分类号： G06N5/00

CPC分类号： G06N5/02 ,  H04L43/02 ,  H04L43/08 ,  H04L43/16

摘要： A statistical approach implementing Singular Value Decomposition (SVD) to a policy-based management system for autonomic and on-demand computing applications. The statistical approach empowers a class of applications that require policies to handle ambiguous conditions and allow the system to “evolve” in response to changing operation and environment conditions. In the system and method providing the statistical approach, observed event-policy associated data, which is represented by an event-policy matrix, is treated as a statistical problem with the assumption that there are some underlying or implicit higher order correlations among events and policies. The SVD approach enables such correlations to be modeled, extracted and modified. From these correlations, recommended policies can be selected or created without exact match of policy conditions. With a feedback mechanism, new knowledge can be acquired as new situations occur and the corresponding policies to manage them are recorded and used to generate new event and policy correlations. Consequently, based on these new correlations, new recommended policies can be derived.

摘要翻译： 一种统计方法，将自适应和按需计算应用程序的单一值分解（SVD）实现到基于策略的管理系统。 统计方法赋予一类应用程序，这些应用程序需要策略来处理模糊的条件，并允许系统根据不断变化的操作和环境条件“演变”。 在提供统计方法的系统和方法中，由事件 - 策略矩阵表示的观察到的事件 - 策略关联数据被视为统计问题，假设在事件和策略之间存在一些潜在或隐含的高阶相关性 。 SVD方法可以对这些相关性进行建模，提取和修改。 根据这些相关性，可以选择或创建推荐的策略，而不会完全匹配策略条件。 通过反馈机制，可以获得新的知识，因为新的情况发生，相应的管理策略被记录并用于生成新的事件和策略相关性。 因此，基于这些新的相关性，可以推导出新的推荐政策。

公开(公告)号：US08458694B2

公开(公告)日：2013-06-04

申请号：US11741975

申请日：2007-04-30

申请人： David M. Chess ,  Sean L. Dague ,  Ronald T. Goering ,  Hidayatullah H. Shaikh ,  Ian N. Whalley ,  Steve R. White ,  Jian Yin

发明人： David M. Chess ,  Sean L. Dague ,  Ronald T. Goering ,  Hidayatullah H. Shaikh ,  Ian N. Whalley ,  Steve R. White ,  Jian Yin

IPC分类号： G06F9/455

CPC分类号： G06F9/45558 ,  G06F8/63 ,  G06F2009/45587 ,  G06F2221/2101

摘要： A method, information processing system, and computer readable medium for managing virtual machine imaging. The method includes receiving a request for an imaging operation associated with at least one virtual machine. A notification is sent to at least one operating system associated with the at least one virtual machine of the request for the imaging operation. The operating system is determined to be in a state for the virtual machine to be imaged. The request for the imaging operation is granting in response to determining.

摘要翻译： 一种用于管理虚拟机成像的方法，信息处理系统和计算机可读介质。 该方法包括接收与至少一个虚拟机相关联的成像操作的请求。 将通知发送到与成像操作的请求的至少一个虚拟机相关联的至少一个操作系统。 操作系统被确定为处于使虚拟机成像的状态。 对成像操作的请求是响应于确定而授予的。

公开(公告)号：US07996905B2

公开(公告)日：2011-08-09

申请号：US12062152

申请日：2008-04-03

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F12/14 ,  H04L29/06 ,  G06F11/30

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

公开(公告)号：US07117182B2

公开(公告)日：2006-10-03

申请号：US10041391

申请日：2002-01-08

申请人： David M. Chess ,  Ian N. Whalley ,  Steve R. White

发明人： David M. Chess ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F17/60

CPC分类号： G06Q30/06 ,  G06Q20/02 ,  G06Q20/382 ,  G06Q20/383 ,  G06Q20/401

摘要： A method for carrying out multi-party transactions in which at least one party or user has information which he considers private, the method comprising: a first determining step, in which it is determined which parties will take part in the transaction; a second determining step, in which it is determined, for each party taking part in the transaction, what information about the user that party requires in order to complete the corresponding part of the transaction; a selecting step, which may occur before or after the determining steps, in which one or more nonces, GUIDs, or other tokens are selected, to represent the user in the course of the transaction; a providing step, in which each party determined in the first determining step is provided with information comprising the corresponding information about the user determined in the second determining step, and one or more of the nonces, GUIDs, or other tokens selected in the selecting step; an execution step, in which the parties to the transaction complete the transaction, using the information about the user that they have been given, and the one or more nonces, GUIDs, or other tokens, to determine and communicate the details of the fulfillment while minimizing the amount of unneeded private information that is transmitted or otherwise exposed.

公开(公告)号：US20080256633A1

公开(公告)日：2008-10-16

申请号：US12141165

申请日：2008-06-18

申请人： William C. ARNOLD ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. ARNOLD ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F12/14

CPC分类号： G06F21/566

摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.

摘要翻译： 公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于指导计算机系统执行用于确定怀疑含有不期望的软件的程序的非复制行为的过程 实体。 该过程导致在至少一个已知环境中执行该程序，并且自动检查该至少一个已知环境以检测由于该程序的执行而在该环境中是否发生了改变。 如果检测到改变，则该过程自动分析检测到的变化（即，过程执行副作用分析），以确定改变是由执行程序还是由不期望的软件实体的执行引起。 该过程然后使用分析结果至少用于撤销由不期望的软件实体的执行导致的检测到的改变。 分析的结果也可以用于向用户通知反病毒系统对环境的非复制变化。

公开(公告)号：US20080189787A1

公开(公告)日：2008-08-07

申请号：US12062152

申请日：2008-04-03

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F21/00

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。

公开(公告)号：US07861300B2

公开(公告)日：2010-12-28

申请号：US12141165

申请日：2008-06-18

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G06F11/00

CPC分类号： G06F21/566

摘要： Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity. The result of the analysis can also be used for informing a user of an anti-virus system of the non-replicative changes made to the environment.

摘要翻译： 公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于指导计算机系统执行用于确定怀疑含有不期望的软件的程序的非复制行为的过程 实体。 该过程导致在至少一个已知环境中执行该程序，并且自动检查该至少一个已知环境以检测由于该程序的执行而在该环境中是否发生了改变。 如果检测到改变，则该过程自动分析检测到的变化（即，过程执行副作用分析），以确定改变是由执行程序还是由不期望的软件实体的执行引起。 该过程然后使用分析结果至少用于撤销由不期望的软件实体的执行导致的检测到的改变。 分析的结果也可以用于向用户通知反病毒系统对环境的非复制变化。

公开(公告)号：US07487543B2

公开(公告)日：2009-02-03

申请号：US10202517

申请日：2002-07-23

申请人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

发明人： William C. Arnold ,  David M. Chess ,  John F. Morar ,  Alla Segal ,  Ian N. Whalley ,  Steve R. White

IPC分类号： G08B23/00 ,  G06F15/18 ,  G06F12/14 ,  H04L9/00

CPC分类号： G06F21/51

摘要： A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

摘要翻译： 用于自动确定涉嫌具有蠕虫特征的程序的行为特征的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示具有蠕虫状特征的程序， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问，以确定非网络环境中程序的行为。 分析观察行为的记录记录，以确定行为是否表明具有蠕虫状特征的程序。 非网络环境可以模拟网络对程序的外观，而不模拟网络的操作。