-
公开(公告)号:US09715401B2
公开(公告)日:2017-07-25
申请号:US12210249
申请日:2008-09-15
申请人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
发明人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要: In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
-
公开(公告)号:US08925081B2
公开(公告)日:2014-12-30
申请号:US13469357
申请日:2012-05-11
CPC分类号: G06F21/554
摘要: Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译: 通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。 而且,请求被传送给策略传输代理,以提供专门为应用配置的入侵检测系统策略。 该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。 根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。 如果检测到与应用程序相关联的入侵,则基于入侵检测系统策略中的信息进行条件响应。
-
公开(公告)号:US08891550B2
公开(公告)日:2014-11-18
申请号:US11355023
申请日:2006-02-15
CPC分类号: H04L63/105 , H04L63/166
摘要: Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.
摘要翻译: 本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷,并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法,系统和计算机程序产品。 在本发明的一个实施例中,用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。 此后,可以选择目标节点以接收网络服务协议实现的部署,并且将配置的平台无关配置转换为目标节点的平台特定配置。 最后,转换的平台特定配置可以部署到目标节点上。
-
公开(公告)号:US20120222087A1
公开(公告)日:2012-08-30
申请号:US13469357
申请日:2012-05-11
CPC分类号: G06F21/554
摘要: Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译: 通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。 而且,请求被传送给策略传输代理,以提供专门为应用配置的入侵检测系统策略。 该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。 根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。 如果检测到与应用程序相关联的入侵,则基于入侵检测系统策略中的信息进行条件响应。
-
公开(公告)号:US20120198542A1
公开(公告)日:2012-08-02
申请号:US13423788
申请日:2012-03-19
申请人: Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人: Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
CPC分类号: H04L63/0227 , H04W4/00 , H04W8/26
摘要: A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译: 提供了一种用于共享一个或多个安全设备的机制。 与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。 可信系统组件将接收到的数据包发送到安全设备。 可信系统组件接收来自安全设备的响应。 可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。 可信系统组件响应于指示允许所接收的分组继续进行的响应,将接收的分组发送给接收者。
-
公开(公告)号:US08220052B2
公开(公告)日:2012-07-10
申请号:US10457908
申请日:2003-06-10
IPC分类号: H04L29/06
CPC分类号: G06F21/554
摘要: A method of detecting an intrusion into a computer. At least one communication to an application program is selectively evaluated by the application program accessing an intrusion detection service to evaluate the communication.
摘要翻译: 一种检测入侵计算机的方法。 通过访问入侵检测服务的应用程序来选择性地评估对应用程序的至少一个通信以评估通信。
-
公开(公告)号:US20110126194A1
公开(公告)日:2011-05-26
申请号:US12624762
申请日:2009-11-24
申请人: Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人: Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
CPC分类号: H04L63/0227 , H04W4/00 , H04W8/26
摘要: A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译: 提供了一种用于共享一个或多个安全设备的机制。 与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。 可信系统组件将接收到的数据包发送到安全设备。 可信系统组件接收来自安全设备的响应。 可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。 可信系统组件响应于指示允许所接收的分组继续进行的响应,将接收的分组发送给接收者。
-
公开(公告)号:US20100071025A1
公开(公告)日:2010-03-18
申请号:US12210249
申请日:2008-09-15
申请人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
发明人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
CPC分类号: G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要: In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM cna be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
摘要翻译: 在本发明的一个实施例中,用于虚拟计算环境中的虚拟机(VM)的安全实时迁移的方法可以包括在安全虚拟化计算环境中选择虚拟机,以便实时迁移到不同的虚拟化计算环境并阻止与 安全虚拟化计算环境中选定的虚拟机和其他虚拟机。 所选择的虚拟机可以实时迁移到不同的虚拟化计算环境中,并且在不同的虚拟化计算环境中重新启动VM。 值得注意的是,可以在重新启动的VM和安全虚拟化计算环境中的至少另一个VM之间建立安全的通信链路。 最后,可以通过安全通信链路来启用重新启动的VM与至少另一个VM之间的数据通信。
-
9.发明申请公开(公告)号:US20080259790A1
公开(公告)日:2008-10-23
申请号:US11738499
申请日:2007-04-22
申请人: Dinakaran Joseph , Jon K. Franks , Christopher N. Freeman , Sivaram Gottimukkala , Jason P. Hawrysz , Lap T. Huynh , Barry Mosakowski
发明人: Dinakaran Joseph , Jon K. Franks , Christopher N. Freeman , Sivaram Gottimukkala , Jason P. Hawrysz , Lap T. Huynh , Barry Mosakowski
IPC分类号: H04J1/16
CPC分类号: H04L41/022
摘要: Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.
摘要翻译: 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷,并提供了用于异构网络中的弹性和可靠的端到端连接的方法,系统和计算机程序产品。 在本发明的一个实施例中,可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型(NRM)的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 该方法还可以包括检测第一不同网络资源节点中的中断。 最后,该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。
-
公开(公告)号:US5563875A
公开(公告)日:1996-10-08
申请号:US500674
申请日:1995-07-10
CPC分类号: H04L43/50 , H04L12/2697 , H04L45/123 , H04L45/00
摘要: A packet communications network includes a route testing system which launches a plurality of route testing messages from the source node to each of the nodes along the route, including the destination node, and returning to the source node. Time stamps in each of theses testing messages are compared to reception times to determine round trip delays which can be halved and compared to determine link transit times. These link transit times can, in turn, be analyzed to localize congestion or identify failed resources. The source resource is where the data is accumulated for the entire path and then analyzed to determine the location of failed links, if any, the response time from the source to the destination, the response time of each resource in the path, and the location of congested links. Packet switched resources identify the path test command themselves and carry out the testing procedure. Circuit switched resources utilize the control point controlling that resource to carry out the testing procedure.
摘要翻译: 分组通信网络包括:路由测试系统,其从源节点向包括目的地节点的路由的每个节点启动多个路由测试消息,并返回到源节点。 将每个测试消息中的时间戳与接收时间进行比较,以确定往返延迟,其可以减半并进行比较以确定链路传输时间。 反过来,可以分析这些链路传输时间以本地化拥塞或识别出现故障的资源。 源资源是整个路径数据的累积位置,然后进行分析,以确定故障链路的位置(如果有的话),从源到目标的响应时间,路径中每个资源的响应时间以及位置 拥挤的环节。 分组交换资源本身标识路径测试命令并执行测试过程。 电路交换资源利用控制该资源的控制点来执行测试程序。
-
-
-
-
-
-
-
-
-
搜索结果
28 条记录 (耗时 0.02 秒)
