公开(公告)号：US11157474B2

公开(公告)日：2021-10-26

申请号：US16548328

申请日：2019-08-22

Applicant: International Business Machines Corporation

Inventor： Mustafa Bal ,  Canturk Isci ,  Shripad Nadgowda

IPC: G06F16/00 ,  G06F16/22 ,  G06F9/50 ,  G06F9/445 ,  H04L12/46 ,  H04L12/24 ,  G06F16/188 ,  H04L29/08 ,  G06Q20/22 ,  H04L12/911 ,  G06F9/455

Abstract: Techniques facilitating representing and analyzing cloud computing data as pseudo systems are provided. A system comprises a memory that stores, and a processor that executes, computer executable components. The computer executable components comprise a framework component and a generation component. The framework component can recreate a system state of a computing device as a pseudo system state for the computing device. The pseudo system state can be decoupled from an original operating state of the computing device and can comprise data abstracted from the original operating state. The data abstracted can mimic an operation of the computing device. The generation component can create the pseudo system state and can facilitate black-box execution of software over the pseudo system state. The black-box execution of software can comprise running applications in the pseudo system state as if the applications were executing in the original operating state of the computing device.

公开(公告)号：US10530849B2

公开(公告)日：2020-01-07

申请号：US15789649

申请日：2017-10-20

Applicant: International Business Machines Corporation

Inventor： Canturk Isci ,  Shripad Nadgowda

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06 ,  G06F9/30 ,  H04L12/803

Abstract: Techniques facilitating compliance aware service registry and load balancing are provided. A system can comprise a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can comprise an extraction component that removes a service from a load balancer ring based on a first determination by a verification component that a compliance state of the service is a non-compliant state. Further, the computer executable components can comprise an insertion component that adds the service to the load balancer ring based on a second determination by the verification component that, after a defined amount of time, the compliance state of the service is a compliant state.

公开(公告)号：US20190294779A1

公开(公告)日：2019-09-26

申请号：US15934412

申请日：2018-03-23

Applicant: International Business Machines Corporation

Inventor： Sahil Suneja ,  Shripad Nadgowda ,  Canturk Isci

IPC: G06F21/53 ,  G06F9/455

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer. The Plugin is essentially considered sandboxed as it runs in a sidecar and is fenced in by a set of kernel constructs.

公开(公告)号：US09575848B2

公开(公告)日：2017-02-21

申请号：US14167345

申请日：2014-01-29

Applicant: International Business Machines Corporation

Inventor： David P. Goodman ,  Sandeep Gopisetty ,  Shripad Nadgowda ,  Ramani R. Routray

IPC: G06F7/00 ,  G06F17/00 ,  G06F11/14 ,  G06F17/30

CPC classification number: G06F17/30082 ,  G06F11/1451 ,  G06F11/1461 ,  G06F11/1464 ,  G06F11/1469 ,  G06F17/30088 ,  G06F17/302 ,  G06F17/30575

Abstract: Embodiments of the present invention provide an approach for protecting and restoring data within a networked (e.g. cloud) storage computing environment through asynchronous replication and remote backup of data and its associated metadata. Under embodiments of the present invention, data backup and recovery functionality provides data backups by detecting incremental updates to the data and its associated metadata at specific points in time determined by policies. The policies are configurable based on user requirements. Multiple copies of the data backups can be made and stored in separate compressed files at backup/disaster recovery locations. The backups of data and its associated metadata, which includes file system configuration information can be used to restore the state of a computer file system to that of a given point-in-time. Accordingly, a data protection approach is disclosed for protecting data at both the file system level and application level.

Abstract translation: 本发明的实施例提供了一种用于通过数据及其相关联的元数据的异步复制和远程备份来保护和恢复联网（例如云）存储计算环境内的数据的方法。 在本发明的实施例中，数据备份和恢复功能通过在由策略确定的特定时间点检测数据及其相关联的元数据的增量更新来提供数据备份。 这些策略可以根据用户需求进行配置。 数据备份的多个副本可以在备份/灾难恢复位置存储在单独的压缩文件中。 数据及其关联元数据的备份（包括文件系统配置信息）可用于将计算机文件系统的状态恢复到给定时间点的状态。 因此，公开了一种用于在文件系统级和应用级保护数据的数据保护方法。

公开(公告)号：US20150067283A1

公开(公告)日：2015-03-05

申请号：US14010865

申请日：2013-08-27

Applicant: International Business Machines Corporation

Inventor： Gaurab Basu ,  Shripad Nadgowda ,  Akshat Verma

IPC: G06F3/06

CPC classification number: G06F3/061 ,  G06F3/0641 ,  G06F3/0674 ,  G06F9/45558 ,  G06F2009/45579

Abstract: Methods, systems, and articles of manufacture for image deduplication of guest virtual machines are provided herein. A method includes implementing a shared image file on a host server, transparently consolidating multiple duplicate blocks across multiple virtual machines on the shared image file, and creating a merged data path for the multiple virtual machines via the shared image file based on the multiple consolidated duplicate blocks.

Abstract translation: 本文提供了客户虚拟机图像重复数据删除的方法，系统和制造。 一种方法包括在主机服务器上实现共享映像文件，在共享映像文件上的多个虚拟机上透明地合并多个重复块，并且基于多个合并副本通过共享映像文件为多个虚拟机创建合并的数据路径 块。

公开(公告)号：US11989570B2

公开(公告)日：2024-05-21

申请号：US17241699

申请日：2021-04-27

Applicant: International Business Machines Corporation

Inventor： Shripad Nadgowda ,  Laura-Zaihua Luan ,  James R. Doran

IPC: G06F21/00 ,  G06F9/445 ,  G06F9/54 ,  G06F21/12 ,  G06F21/64

CPC classification number: G06F9/44589 ,  G06F9/542 ,  G06F9/544 ,  G06F9/547 ,  G06F21/128 ,  G06F21/64

Abstract: An approach is disclosed that selects a current processing element from a set of processing elements included in a software pipeline. A selected input data to the current processing element was an output data from a previously executed processing element. The input data is verified by computing a current fingerprint of the selected input data and comparing the computed fingerprint to an expected fingerprint. The expected fingerprint was previously computed after the output data was generated by the previously executed processing element. In response to the comparing revealing that the current fingerprint fails to match the expected fingerprint, a verification error is indicated to a user of the process.

公开(公告)号：US11500980B2

公开(公告)日：2022-11-15

申请号：US16787353

申请日：2020-02-11

Applicant: International Business Machines Corporation

Inventor： Shripad Nadgowda ,  James Doran

IPC: G06F21/54 ,  G06F8/71 ,  G06F8/65 ,  G06F21/57

Abstract: Techniques regarding managing one or more software application build processes are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a control component that can execute a freeze algorithm that modifies an incorporation of a software artifact within a software application build set. The freeze algorithm can prevent implementation of a change to the software artifact by a version control program.

公开(公告)号：US11488064B2

公开(公告)日：2022-11-01

申请号：US16834463

申请日：2020-03-30

Applicant: International Business Machines Corporation

Inventor： Muhammed Fatih Bulut ,  Jinho Hwang ,  Ali Kanso ,  Shripad Nadgowda

IPC: G06N20/00 ,  G06F9/22 ,  G06N5/04 ,  G06K9/62

Abstract: Embodiments relate to a computer system, computer program product, and computer-implemented method to train a machine learning (ML) model using artificial intelligence to learn an association between (regulatory) compliance requirements and features of micro-service training datasets. The trained ML model is leveraged to determine the compliance requirements of a micro-service requiring classification. In an exemplary embodiment, once the micro-service has been classified with respect to applicable compliance requirements, the classified micro-service may be used as an additional micro-service training dataset to further train the ML model and thereby improve its performance.

公开(公告)号：US20220131888A1

公开(公告)日：2022-04-28

申请号：US17078603

申请日：2020-10-23

Applicant: International Business Machines Corporation

Inventor： Ali Kanso ,  Muhammed Fatih Bulut ,  Jinho Hwang ,  Shripad Nadgowda

IPC: H04L29/06

Abstract: According to an embodiment, a computer-implemented method can comprise: inspecting, using a processor, a set of container images respectively associated with pods; identifying, using the processor, a first subset of the pods that contain a vulnerability; classifying, using the processor, the first subset of the pods as primary-infected pods; generating, using the processor, a first list of namespaces in which the primary-infected pods are deployed within a network; checking, using the processor, network policies in connection with the first list of namespaces to determine secondary-suspect pods that have ability to communicate with the primary-infected pods; generating, using the processor, a list of secondary-suspect namespaces in which the secondary-suspect pods are deployed within the network; identifying, using the processor, one or more secondary-suspect pods that communicated with one or more primary-infected pods; and generating, using the processor, a list of secondary-infected pods.

公开(公告)号：US10896260B2

公开(公告)日：2021-01-19

申请号：US16162315

申请日：2018-10-16

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Shripad Nadgowda ,  Sastry Duri

IPC: G06F21/57 ,  G06F8/65 ,  H04L12/24

Abstract: A system for determining vulnerability of an application container is provided. The system receives a report associating a first version of a software package with a vulnerability and a second version of the software package as being an update that fixes the vulnerability. The system receives the first version and the second version of the software package. The second version has one or more files that correspond to files in the first version. The system identifies a changed file in the first version of the software package that is different from a corresponding file in the second version of the software package. The system identifies a container file in an application container that matches the changed file in the first version of the software package. The system associates the identified container file with the vulnerability.