公开(公告)号：US20240022609A1

公开(公告)日：2024-01-18

申请号：US18373059

申请日：2023-09-26

申请人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Malini Bhandaru ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam ,  Bruno Vavala ,  Vidya Ranganathan

发明人： Ned M. Smith ,  Kshitij Arun Doshi ,  Sunil Cheruvu ,  Malini Bhandaru ,  Anahit Tarkhanyan ,  Mats Gustav Agerstam ,  Bruno Vavala ,  Vidya Ranganathan

IPC分类号： H04L9/40 ,  G06F9/50

CPC分类号： H04L63/20 ,  G06F9/5088

摘要： Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.

公开(公告)号：US20230342478A1

公开(公告)日：2023-10-26

申请号：US18217341

申请日：2023-06-30

申请人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

发明人： Vidya Ranganathan ,  Sunil Cheruvu ,  Anahit Tarkhanyan

IPC分类号： G06F21/57 ,  G06F9/455

CPC分类号： G06F21/577 ,  G06F9/45558 ,  G06F2009/4557

摘要： Various systems and methods are described for implementing attestation operations. A computing device includes a processor; and memory to store instructions, which when executed by the processor, cause the computing device to: receive a workload from a source computing device over a network shared with the computing device; determine whether the workload has valid attestation; establish attestation for the workload when the workload does not have valid attestation; determine whether the attestation is compliant with a policy; and execute the workload when the attestation is compliant with the policy.

公开(公告)号：US20230045110A1

公开(公告)日：2023-02-09

申请号：US17972393

申请日：2022-10-24

申请人： Vidya Ranganathan ,  Mruthunjaya Chetty ,  Avinash Reddy Palleti ,  Ramakrishna Dorairaju

发明人： Vidya Ranganathan ,  Mruthunjaya Chetty ,  Avinash Reddy Palleti ,  Ramakrishna Dorairaju

IPC分类号： G06F21/57 ,  G06F8/41 ,  G06F8/61

摘要： Various systems and methods are described for testing and deployment of containers on cloud and edge computing hardware. An example development platform may include capabilities for identifying, from a remote location, data to import a container software package. The development platform may store a container image, based on the data to import the container software package.
The development platform may perform a security evaluation of the container image, before execution of the container image. The development platform may store results of the security evaluation of the container image in a database accessible to the development platform. The development platform may add the container image into a registry of containers available for execution at the development platform, with execution of the container image being based on verification of the results of the security evaluation and use of the registry of containers.

公开(公告)号：US08745597B2

公开(公告)日：2014-06-03

申请号：US12625840

申请日：2009-11-25

申请人： Madhusudanan Kandasamy ,  Vidya Ranganathan

发明人： Madhusudanan Kandasamy ,  Vidya Ranganathan

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F11/00

CPC分类号： G06F11/3644

摘要： System, and computer program product for providing programming support to a debugger are disclosed. The debugger executes at least one debugger programming statement which modifies at least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.

摘要翻译： 公开了一种用于向调试器提供编程支持的系统和计算机程序产品。 调试器执行至少一个调试器编程语句，其在计算机程序的执行期间修改计算机程序的至少一部分，而不重新编译计算机程序。 可以指示调试器在计算机程序的指定位置执行至少一个调试器编程语句。 所述至少一个调试器编程语句可以包括指令调试器防止在计算机程序中的指定位置处的一个或多个编程语句被执行的删除指令。 可以指示调试器在计算机程序中的指定位置执行至少一个调试器编程语句而不是一个或多个编程语句，而不重新编译计算机程序。

公开(公告)号：US08631123B2

公开(公告)日：2014-01-14

申请号：US13006618

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L63/0236 ,  H04L63/104

摘要： When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.

摘要翻译： 当操作系统进程评估在逻辑网络端口上尝试的操作的规则时，操作系统进程确定目标逻辑端口是否落入逻辑端口的范围内，然后确定该操作是否与允许的域 逻辑端口的范围。 如果操作是绑定操作，则如果目标端口在范围内，并且操作/进程与允许的域相关联，则尝试绑定到目标端口的进程将被允许绑定。 否则，将不允许绑定操作继续。

公开(公告)号：US07908476B2

公开(公告)日：2011-03-15

申请号：US11621800

申请日：2007-01-10

申请人： Madhusudanan Kandasamy ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Vidya Ranganathan

发明人： Madhusudanan Kandasamy ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Vidya Ranganathan

IPC分类号： H04L29/06 ,  G06F9/00 ,  G06F12/00

CPC分类号： G06F21/6218 ,  G06F2221/2107

摘要： A computer implemented method, apparatus, and computer program product for using a virtual file system to encrypt files. The process registers a plurality of file systems on a data processing system with the virtual file system. The virtual file system is enabled to encrypt files without intervention from any file system in the plurality of file systems. The virtual file system identifies whether a file on a given file system is an encrypted file using a map file associated with the given file system. In response to identifying the file as an encrypted file, the virtual file system encrypts all data written to the file in accordance with encryption specifications in the map file.

摘要翻译： 一种用于使用虚拟文件系统加密文件的计算机实现的方法，装置和计算机程序产品。 该过程使用虚拟文件系统在数据处理系统上注册多个文件系统。 启用虚拟文件系统来加密文件，而不需要在多个文件系统中的任何文件系统的干预。 虚拟文件系统识别给定文件系统上的文件是否是使用与给定文件系统相关联的映射文件的加密文件。 响应于将文件识别为加密文件，虚拟文件​​系统根据地图文件中的加密规范加密写入文件的所有数据。

公开(公告)号：US08949566B2

公开(公告)日：2015-02-03

申请号：US12958891

申请日：2010-12-02

申请人： Madhusudanan Kandasamy ,  Vidya Ranganathan ,  Murali Vaddagiri

发明人： Madhusudanan Kandasamy ,  Vidya Ranganathan ,  Murali Vaddagiri

IPC分类号： G06F12/14 ,  G06F9/52 ,  G06F17/30 ,  G06F9/45 ,  G06F9/54

CPC分类号： G06F9/526 ,  G06F8/458 ,  G06F9/52 ,  G06F9/524 ,  G06F9/546 ,  G06F17/30171

摘要： Methods, apparatuses, and computer program products are provided for locking access to data storage shared by a plurality of compute nodes. Embodiments include maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; and conveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage.

摘要翻译： 提供了用于锁定对由多个计算节点共享的数据存储的访问的方法，装置和计算机程序产品。 实施例包括由计算节点维护来自多个计算节点的请求计算节点的用于访问数据存储器的请求队列，其中拥有队列表示在数据存储器上拥有互斥锁，相互 指示访问数据存储器的独占权限; 以及当所述计算节点不再需要对所述数据存储器的独占访问时，基于所述队列中的请求的顺序传送所述队列从所述计算节点到下一个请求计算节点。

公开(公告)号：US08903096B2

公开(公告)日：2014-12-02

申请号：US13556398

申请日：2012-07-24

申请人： Jes Kiran Chittigala ,  Ravi A. Shankar ,  Vidya Ranganathan

发明人： Jes Kiran Chittigala ,  Ravi A. Shankar ,  Vidya Ranganathan

IPC分类号： H04L29/06 ,  H04L9/08

CPC分类号： H04L9/0825 ,  H04L63/045

摘要： Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.

摘要翻译： 提供了用于在计算设备或计算机的群集内快速和可靠地分发安全密钥的技术。 一个实施例提供了一种用于安全分发加密密钥的方法，包括：生成用于在节点簇的多个节点之间进行通信加密的对称密钥; 用多个公开密钥加密所述对称密钥，每个公共密钥对应于所述多个模式中的特定节点，以生成多个加密的对称密钥; 将所述多个加密对称密钥存储在中央存储库中; 以及将加密的对称密钥分发到节点，使得每个特定节点接收与特定节点的相应公钥对应的加密对称密钥。

公开(公告)号：US08429191B2

公开(公告)日：2013-04-23

申请号：US13006621

申请日：2011-01-14

申请人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

发明人： Saurabh Desai ,  George Mathew Koikara ,  Pruthvi Panyam Nataraj ,  Guha Prasad Venkataraman ,  Vidya Ranganathan

IPC分类号： G07F17/30

CPC分类号： G06F21/6281 ,  G06F2221/2141

摘要： Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.

摘要翻译： 可以在操作系统中实现功能，以增加对象的隔离粒度。 可以定义域以表示不同实体（例如，不同部门或工作组）。 用户标识符和/或用户凭证可以与适当的域或域相关联。 然后，管理员可以定义一组管理基于域的对象执行的操作的规则。 在系统上运行的进程将继承登录系统的用户帐户的域。 当在系统上运行的进程尝试对对象执行操作时，操作系统进程将使用对象的标识符和域标识符来评估域隔离规则，以确定是否允许该操作继续进行。

公开(公告)号：US20100125835A1

公开(公告)日：2010-05-20

申请号：US12272401

申请日：2008-11-17

申请人： Madhusudanan Kandasamy ,  Manish Gupta ,  Vidya Ranganathan ,  Dibyendu Das

发明人： Madhusudanan Kandasamy ,  Manish Gupta ,  Vidya Ranganathan ,  Dibyendu Das

IPC分类号： G06F9/45

CPC分类号： G06F8/4441

摘要： A method and system for reducing processing overhead during execution of a code block in a high efficiency compilation framework. The method identifies second code blocks within the code block and separates them out from the first code block during compilation. Further, during compilation, the system converts the second code blocks to kernel program modules, in a form recognizable by the system kernel. The compilation is followed by execution of the first code block, with the compiled object code of the first code block being executed in user mode and the kernel program modules being executed in kernel mode.

摘要翻译： 一种用于在高效编译框架中执行代码块期间减少处理开销的方法和系统。 该方法识别代码块中的第二个代码块，并在编译期间将它们从第一个代码块中分离出来。 此外，在编译期间，系统以系统内核可识别的形式将第二代码块转换为内核程序模块。 编译之后执行第一个代码块，第一个代码块的编译对象代码以用户模式执行，内核程序模块以内核模式执行。