-
公开(公告)号:US08566373B2
公开(公告)日:2013-10-22
申请号:US13367441
申请日:2012-02-07
IPC分类号: G06F17/30
CPC分类号: G06F17/30109 , G06F21/6236
摘要: A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures.
摘要翻译: 本文介绍了数据泄漏防护功能。 数据泄漏防止能力通过使用在安全网络的边界上的数据流的在线指纹检查来防止来自安全网络的具有多个文件的文件组的数据的泄漏。 使用为文件集配置的一组数据结构来执行在线指纹检查。 文件集的数据结构是基于文件集的文件集特征信息和指示要确定文件集的数据泄漏事件的最大位数的目标检测滞后来配置的。 为配置为用于监视文件集文件的多个数据结构计算数据结构配置。 数据结构配置包括用于各个多个数据结构的多个数据结构位置和数据结构大小。
-
公开(公告)号:US20130204903A1
公开(公告)日:2013-08-08
申请号:US13367441
申请日:2012-02-07
IPC分类号: G06F7/00
CPC分类号: G06F17/30109 , G06F21/6236
摘要: A data-leakage prevention capability is presented herein. The data-leakage prevention capability prevents leakage of data, of a file set having a plurality of files, from a secure network using online fingerprint checking of data flows at a boundary of the secure network. The online fingerprint checking is performed using a set of data structures configured for the file set. The data structures for the file set are configured based on file set characteristics information of the file set and a target detection lag indicative of a maximum number of bits within which a data leakage event for the file set is to be determined. The data structure configuration is computed for a plurality of data structures configured for use in monitoring the files of the file set. The data structure configuration includes a plurality of data structure locations and data structure sizes for the respective plurality of data structures.
摘要翻译: 本文介绍了数据泄漏防护功能。 数据泄漏防止能力通过使用在安全网络的边界上的数据流的在线指纹检查来防止来自安全网络的具有多个文件的文件组的数据的泄漏。 使用为文件集配置的一组数据结构来执行在线指纹检查。 文件集的数据结构是基于文件集的文件集特征信息和指示要确定文件集的数据泄漏事件的最大位数的目标检测滞后来配置的。 为配置为用于监视文件集文件的多个数据结构计算数据结构配置。 数据结构配置包括用于各个多个数据结构的多个数据结构位置和数据结构大小。
-
公开(公告)号:US20140089506A1
公开(公告)日:2014-03-27
申请号:US13627003
申请日:2012-09-26
IPC分类号: G06F15/173
CPC分类号: H04L47/80 , H04L12/4641 , H04L45/42 , H04L45/50 , H04L45/64 , H04L45/7457 , H04L63/1458 , H04L63/20
摘要: A flow deflection capability is provided for deflecting data flows within a Software Defined Network (SDN) in order to provide security for the SDN. A flow forwarding rule is generated for a first network element of the SDN based on detection of a condition (e.g., TCAM utilization condition, CPU utilization condition, or the like) associated with the first network element. The flow forwarding rule is generated by a control element of the SDN or the first network element of the SDN. The flow forwarding rule is indicative that at least a portion of new flow requests received at the first network element are to be forwarded from the first network element to a second network element of the SDN. The flow forwarding rule may specify full flow deflection or selective flow deflection.
摘要翻译: 提供流量偏转能力用于偏转软件定义网络(SDN)内的数据流,以便为SDN提供安全性。 基于与第一网元相关联的条件(例如,TCAM利用条件,CPU利用条件等)的检测,为SDN的第一网元生成流转发规则。 流转发规则由SDN的控制元素或SDN的第一网元生成。 流转发规则指示在第一网元接收到的新流请求的至少一部分将从第一网元转发到SDN的第二网元。 流量转移规则可以指定全流量偏转或选择性流量偏转。
-
公开(公告)号:US09548962B2
公开(公告)日:2017-01-17
申请号:US13469176
申请日:2012-05-11
IPC分类号: H04L29/06
CPC分类号: H04L63/0263 , H04L63/20
摘要: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.
摘要翻译: 安全管理功能可以在存储/应用程序位置之间迁移各个安全规则。 安全规则的迁移可以包括选择要应用安全规则的位置,以及将安全规则迁移到要应用安全规则的所选择的位置。 可以基于安全规则策略和/或安全规则位置选择信息来执行对应用安全规则的位置的选择。 安全规则从当前位置(例如,当前应用安全规则的位置,管理系统等)迁移到要应用安全规则的所选择的位置。 以这种方式,可以提供流体安全层。 可以针对安全级别,性能,成本等中的一个或多个优化流体安全层。
-
公开(公告)号:US20130212710A1
公开(公告)日:2013-08-15
申请号:US13369475
申请日:2012-02-09
IPC分类号: G06F21/20
CPC分类号: H04L63/0245 , H04L9/3247 , H04L63/123
摘要: Apparatuses, methods and articles of manufacture for performing data leakage prevention are provided. Data leakage prevention may be performed by determining a signature of a transmitted document, the transmitted document being in transit to a location beyond a network boundary. The signature of the transmitted document is compared with one or more signatures of documents authorized to be transmitted beyond the network boundary. The transmitted document is prevented from being transmitted beyond the network boundary if the signature of the document does not correspond to a signature of a document authorized to be transmitted beyond the network boundary.
摘要翻译: 提供了用于执行防止数据泄漏的设备,方法和制造。 可以通过确定所发送的文档的签名,所发送的文档正在转移到超出网络边界的位置来执行数据泄露防止。 将所发送的文档的签名与授权发送超出网络边界的文档的一个或多个签名进行比较。 如果文档的签名不对应于被授权在网络边界之外被发送的文档的签名,则防止传输的文档被超出网络边界的传输。
-
公开(公告)号:US20130305311A1
公开(公告)日:2013-11-14
申请号:US13469176
申请日:2012-05-11
IPC分类号: G06F21/00
CPC分类号: H04L63/0263 , H04L63/20
摘要: A security management capability enables migration of individual security rules between storage/application locations. The migration of a security rule may include selection of a location at which the security rule is to be applied and migration of the security rule to the selected location at which the security rule is to be applied. The selection of the location at which the security rule is to be applied may be performed based on security rule policies and/or security rule location selection information. The security rule is migrated from a current location (e.g., a location at which the security rule is currently applied, a management system, or the like) to the selected location at which the security rule is to be applied. In this manner, a fluid security layer may be provided. The fluid security layer may be optimized for one or more of security level, performance, cost, or the like.
摘要翻译: 安全管理功能可以在存储/应用程序位置之间迁移各个安全规则。 安全规则的迁移可以包括选择要应用安全规则的位置,以及将安全规则迁移到要应用安全规则的所选择的位置。 可以基于安全规则策略和/或安全规则位置选择信息来执行对应用安全规则的位置的选择。 安全规则从当前位置(例如,当前应用安全规则的位置,管理系统等)迁移到要应用安全规则的所选择的位置。 以这种方式,可以提供流体安全层。 可以针对安全级别,性能,成本等中的一个或多个优化流体安全层。
-
公开(公告)号:US09306840B2
公开(公告)日:2016-04-05
申请号:US13627003
申请日:2012-09-26
IPC分类号: G06F15/173 , H04L12/717 , H04L29/06 , H04L12/715 , H04L12/743
CPC分类号: H04L47/80 , H04L12/4641 , H04L45/42 , H04L45/50 , H04L45/64 , H04L45/7457 , H04L63/1458 , H04L63/20
摘要: A flow deflection capability is provided for deflecting data flows within a Software Defined Network (SDN) in order to provide security for the SDN. A flow forwarding rule is generated for a first network element of the SDN based on detection of a condition (e.g., TCAM utilization condition, CPU utilization condition, or the like) associated with the first network element. The flow forwarding rule is generated by a control element of the SDN or the first network element of the SDN. The flow forwarding rule is indicative that at least a portion of new flow requests received at the first network element are to be forwarded from the first network element to a second network element of the SDN. The flow forwarding rule may specify full flow deflection or selective flow deflection.
摘要翻译: 提供流量偏转能力用于偏转软件定义网络(SDN)内的数据流,以便为SDN提供安全性。 基于与第一网元相关联的条件(例如,TCAM利用条件,CPU利用条件等)的检测,为SDN的第一网元生成流转发规则。 流转发规则由SDN的控制元素或SDN的第一网元生成。 流转发规则指示在第一网元接收到的新流请求的至少一部分将从第一网元转发到SDN的第二网元。 流量转移规则可以指定全流量偏转或选择性流量偏转。
-
公开(公告)号:US08856960B2
公开(公告)日:2014-10-07
申请号:US13369475
申请日:2012-02-09
CPC分类号: H04L63/0245 , H04L9/3247 , H04L63/123
摘要: Apparatuses, methods and articles of manufacture for performing data leakage prevention are provided. Data leakage prevention may be performed by determining a signature of a transmitted document, the transmitted document being in transit to a location beyond a network boundary. The signature of the transmitted document is compared with one or more signatures of documents authorized to be transmitted beyond the network boundary. The transmitted document is prevented from being transmitted beyond the network boundary if the signature of the document does not correspond to a signature of a document authorized to be transmitted beyond the network boundary.
摘要翻译: 提供了用于执行防止数据泄漏的设备,方法和制造。 可以通过确定所发送的文档的签名,所发送的文档正在转移到超出网络边界的位置来执行数据泄露防止。 将所发送的文档的签名与授权发送超出网络边界的文档的一个或多个签名进行比较。 如果文档的签名不对应于被授权在网络边界之外被发送的文档的签名,则防止传输的文档被超出网络边界的传输。
-
公开(公告)号:US09043588B2
公开(公告)日:2015-05-26
申请号:US13466251
申请日:2012-05-08
CPC分类号: H04L63/0428 , G06F17/3089 , H04L67/2852 , H04L2209/60
摘要: Various embodiments provide a method and apparatus of providing accelerated encrypted connections in a cloud network supporting transmission of data including per-user encrypted data. Transmission of encrypted data from an application server uses an encryption scheme that encrypts static data using a first encryption scheme that derives keys from the content itself and encrypts dynamic data, such as dynamic website content with personalized user data, using a second encryption scheme.
摘要翻译: 各种实施例提供了一种在支持包括每用户加密数据的数据传输的云网络中提供加速加密连接的方法和装置。 来自应用服务器的加密数据的传输使用使用从内容本身导出密钥的第一加密方案来加密静态数据的加密方案,并使用第二加密方案来加密诸如具有个性化用户数据的动态网站内容的动态数据。
-
公开(公告)号:US08812454B2
公开(公告)日:2014-08-19
申请号:US13348754
申请日:2012-01-12
CPC分类号: G06F12/123 , G06F3/0605 , G06F3/064 , G06F3/0647 , G06F3/0652 , G06F3/067 , G06F2212/622 , H04L67/1097
摘要: A data block storage management capability is presented. A cloud file system management capability manages storage of data blocks of a file system across multiple cloud storage services (e.g., including determining, for each data block to be stored, a storage location and a storage duration for the data block). A cloud file system management capability manages movement of data blocks of a file system between storage volumes of cloud storage services. A cloud file system management capability provides a probabilistic eviction scheme for evicting data blocks from storage volumes of cloud storage services in advance of storage deadlines by which the data blocks are to be removed from the storage volumes. A cloud file system management capability enables dynamic adaptation of the storage volume sizes of the storage volumes of the cloud storage services.
摘要翻译: 提出了数据块存储管理能力。 云文件系统管理能力跨多个云存储服务管理文件系统的数据块的存储(例如,包括确定要存储的每个数据块,数据块的存储位置和存储持续时间)。 云文件系统管理功能管理云存储服务的存储卷之间的文件系统的数据块的移动。 云文件系统管理能力提供了概率驱逐方案,用于在数据块从存储卷中移除的存储期限之前从云存储服务的存储卷驱逐数据块。 云文件系统管理功能可以实现云存储服务的存储卷的存储卷大小的动态调整。
-
-
-
-
-
-
-
-
-
搜索结果
31 条记录 (耗时 0.024 秒)
