公开(公告)号：US20120317636A1

公开(公告)日：2012-12-13

申请号：US13596431

申请日：2012-08-28

申请人： Takuya Mishina ,  Tadashi Tsumura ,  John David Wilson

发明人： Takuya Mishina ,  Tadashi Tsumura ,  John David Wilson

IPC分类号： G06F21/00

CPC分类号： H04L63/0209 ,  G05B23/0286 ,  H04L63/0263 ,  H04L63/1408

摘要： A system and method of an appropriate countermeasure at the time of anomaly. The management system for an industrial control system includes a control apparatus, a control network connected to the control apparatus, and multiple devices controlled by the control apparatus via the control network, the management system includes multiple firewall modules provided for each of control zones each controlling one part of the industrial control system, the firewall modules relaying communication between devices in the control zones and the control network; an event analyzing module collecting events from each of the multiple firewall modules and analyzing the events to detect an anomaly of each of the control zones, and a communication managing module changing a communication operation performed via the firewall module provided for the control zone where an anomaly has been detected.

公开(公告)号：US20120272308A1

公开(公告)日：2012-10-25

申请号：US13443083

申请日：2012-04-10

申请人： Takuya Mishina ,  Tadashi Tsumura ,  John David Wilson

发明人： Takuya Mishina ,  Tadashi Tsumura ,  John David Wilson

IPC分类号： G06F21/00

CPC分类号： H04L63/0209 ,  G05B23/0286 ,  H04L63/0263 ,  H04L63/1408

摘要： A system and method of an appropriate countermeasure at the time of anomaly. The management system for an industrial control system includes a control apparatus, a control network connected to the control apparatus, and multiple devices controlled by the control apparatus via the control network, the management system includes multiple firewall modules provided for each of control zones each controlling one part of the industrial control system, the firewall modules relaying communication between devices in the control zones and the control network; an event analyzing module collecting events from each of the multiple firewall modules and analyzing the events to detect an anomaly of each of the control zones, and a communication managing module changing a communication operation performed via the firewall module provided for the control zone where an anomaly has been detected.

摘要翻译： 异常时的适当对策的系统和方法。 用于工业控制系统的管理系统包括控制装置，连接到控制装置的控制网络和经由控制网络由控制装置控制的多个装置，管理系统包括为每个控制区域提供的多个防火墙模块，每个控制区域控制 工业控制系统的一部分，防火墙模块中继控制区域设备与控制网络之间的通信; 事件分析模块，从所述多个防火墙模块中的每一个收集事件，并且分析所述事件以检测每个所述控制区域的异常;以及通信管理模块，其改变经由为所述控制区域提供的防火墙模块执行的通信操作， 已被检测到。

公开(公告)号：US09037505B2

公开(公告)日：2015-05-19

申请号：US13322529

申请日：2010-05-12

申请人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

IPC分类号： G06F15/177 ,  G06F15/173 ,  G06Q40/00 ,  H04L29/06 ,  H04L12/24 ,  H04L29/08

CPC分类号： G06Q40/12 ,  H04L29/06 ,  H04L29/08144 ,  H04L41/0213

摘要： Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.

摘要翻译： 在云计算中所请求的服务量可能发生变化的情况下，由于资源短缺和/或由于资源过多而造成的支持成本增加导致的服务质量恶化最小化。 提供了一种用于在云计算环境中执行由用户指定的过程的机制，并为用户对该过程进行计费。 这些机构包括用于接收执行指定处理的指令的接收部分和用于确定从第一其他计算机系统提供费用的外部资源的确定部分。 所述机构还包括用于将所述外部资源固定在所述第一其他计算机系统上的外部资源保护部分和用于使所述外部资源执行所述指定处理的至少一部分的执行部分。

公开(公告)号：US08782189B2

公开(公告)日：2014-07-15

申请号：US12951865

申请日：2010-11-22

申请人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

IPC分类号： G06F15/173

CPC分类号： H04L12/145 ,  H04L12/14 ,  H04L12/1446 ,  H04L41/5029 ,  H04L41/5096

摘要： A method for dynamically updating a service level agreement, performed by a cloud computing server, includes storing a preference for service selection, acquiring an actual usage level of a first service provided to a user during a predetermined time period in accordance with a first service level agreement, determining a second service level agreement different from the first service level agreement based on the actual usage level acquired during the predetermined time period, and selecting a second service that satisfies the second service level agreement.

摘要翻译： 一种用于动态更新由云计算服务器执行的服务级别协议的方法，包括存储对服务选择的偏好，根据第一服务级别在预定时间段内获取提供给用户的第一服务的实际使用水平 协议，基于在所述预定时间段期间获取的实际使用水平确定与所述第一服务级别协议不同的第二服务级别协议，以及选择满足所述第二服务级别协议的第二服务。

公开(公告)号：US20090210435A1

公开(公告)日：2009-08-20

申请号：US12363193

申请日：2009-01-30

申请人： Kazuhito Akiyama ,  Yasuhiro Suzuki ,  Tadashi Tsumura ,  Takeshi Fukuda

发明人： Kazuhito Akiyama ,  Yasuhiro Suzuki ,  Tadashi Tsumura ,  Takeshi Fukuda

IPC分类号： G06F17/30

CPC分类号： G06F16/211

摘要： A computer system is presented for managing a plurality of configuration items. A first computer may be connected to a second computer over a network. The first computer may manage configuration items conforming to a first specification, while the second computer may manage configuration items conforming to a second specification. A repository may store, for each of the configuration items, a set of data conforming to the first specification. The set of data may include one or more predetermined attributes of each configuration item, and at least one relationship between each configuration item and other configuration items. A discovery section may detect external reference data associated with configuration items conforming to the second specification. The set of data for each configuration item conforming to the second specification may be created from the external reference data and stored in the repository.

摘要翻译： 呈现用于管理多个配置项的计算机系统。 第一计算机可以通过网络连接到第二计算机。 第一计算机可以管理符合第一规范的配置项，而第二计算机可以管理符合第二规范的配置项。 存储库可以为每个配置项存储符合第一规范的一组数据。 该组数据可以包括每个配置项的一个或多个预定属性，以及每个配置项与其他配置项之间的至少一个关系。 发现部分可以检测与符合第二规范的配置项相关联的外部参考数据。 符合第二规范的每个配置项的数据集可以从外部参考数据创建并存储在存储库中。

公开(公告)号：US09075410B2

公开(公告)日：2015-07-07

申请号：US13365533

申请日：2012-02-03

申请人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G05B9/02 ,  G06F11/00 ,  G05B19/048 ,  H04L29/06 ,  G06F21/55

CPC分类号： G05B19/048 ,  G06F21/552 ,  H04L63/1425

摘要： A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.

摘要翻译： 提供一种用于有效地检测控制系统中发生的异常并隔离异常被确认的控制系统的机构。 该机构从多个控制系统中的一个或多个控制系统接收由多个控制系统监控的各个计数器控制系统的各自的异常通知。 该机构将从多个控制系统的各监视部发送的异常通知相加，以评估疑似异常的控制系统的信誉。 该机制导致受保护区域操作怀疑有异常的控制系统，以至少在保护区内部限制出站流量，当根据评估结果的标准确定控制系统异常的指示时 。

公开(公告)号：US08726085B2

公开(公告)日：2014-05-13

申请号：US13365594

申请日：2012-02-03

申请人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G06F11/00

CPC分类号： G06F21/50 ,  G05B19/0428 ,  G06F11/07 ,  G06F21/552 ,  G06F21/554 ,  G06F21/577 ,  G06F2221/2145 ,  G06F2221/2151 ,  H04L63/1425

摘要： An anomaly detection mechanism is provided that detects an anomaly in a control network, and includes an identifying unit to receive event information on an event that occurs, and to identify a group including a resource related to the event information by referring to a configuration management database for retaining dependence relationships between processes and resources including a control system; a policy storing unit to store one or more policies each of which associates one or more actions with a condition defining a situation suspected to have an anomaly; an adding unit to acquire group-related information needed for application to the one or more policies, and to add the acquired information to the event information; and a determining unit to apply the event information to the one or more policies and to determine the one or more actions associated with the matched condition as one or more actions to be taken.

摘要翻译： 提供了一种异常检测机制，其检测控制网络中的异常，并且包括识别单元，用于接收关于发生的事件的事件信息，并且通过参考配置管理数据库来识别包括与事件信息相关的资源的组 用于保持过程和资源之间的依赖关系，包括控制系统; 策略存储单元，用于存储一个或多个策略，每个策略将一个或多个动作与定义怀疑具有异常的情况的条件相关联; 添加单元，用于获取应用于所述一个或多个策略所需的组相关信息，并将所获取的信息添加到所述事件信息中; 以及确定单元，用于将所述事件信息应用于所述一个或多个策略，并且将与所述匹配条件相关联的所述一个或多个动作确定为要采取的一个或多个动作。

公开(公告)号：US20120209411A1

公开(公告)日：2012-08-16

申请号：US13365533

申请日：2012-02-03

申请人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

发明人： Akira Ohkado ,  Yukihiko Sohda ,  Masami Tada ,  Tadashi Tsumura

IPC分类号： G05B9/02

CPC分类号： G05B19/048 ,  G06F21/552 ,  H04L63/1425

摘要： A mechanism is provided for effectively detecting an abnormality occurring in a control system and isolating the control system in which abnormality is acknowledged. The mechanism receives, from one or more control systems in the plurality of control systems, respective abnormality notifications for respective counter control systems to be monitored by the plurality of control systems. The mechanism adds up abnormality notifications transmitted from respective monitoring sections of the plurality of control systems so as to evaluate the reputation of a control system suspected to have an abnormality. The mechanism causes a protected area for operating the control system suspected to have an abnormality to restrict outbound traffic from at least the inside of the protected area, when an indication is identified that the control system is abnormal according to criteria from a result of the evaluation.

摘要翻译： 提供一种用于有效地检测控制系统中发生的异常并隔离异常被确认的控制系统的机构。 该机构从多个控制系统中的一个或多个控制系统接收由多个控制系统监控的各个计数器控制系统的各自的异常通知。 该机构将从多个控制系统的各监视部发送的异常通知相加，以评估疑似异常的控制系统的信誉。 该机制导致受保护区域操作怀疑有异常的控制系统，以至少在保护区内部限制出站流量，当根据评估结果的标准确定控制系统异常的指示时 。

公开(公告)号：US20120072318A1

公开(公告)日：2012-03-22

申请号：US13322529

申请日：2010-05-12

申请人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Kazuo Iwano ,  Akira Ohkado ,  Tadashi Tsumura

IPC分类号： G06Q40/00 ,  G06F15/16

CPC分类号： G06Q40/12 ,  H04L29/06 ,  H04L29/08144 ,  H04L41/0213

摘要： Deterioration of service quality due to shortage of resources and/or increased cost of support due to excessive resources is minimized in the case where the amount of requested services may change in cloud computing. Provided are mechanisms for executing a process specified by a user in a cloud computing environment and charging the user for the process. The mechanisms include a receiving part for receiving an instruction to execute the specified process and a determining part for determining an external resource to provision from a first other computer system for a charge. The mechanisms further comprise an external resource securing part for securing the external resource on the first other computer system and an executing part for causing the external resource to execute at least a part of the specified process.

摘要翻译： 在云计算中所请求的服务量可能发生变化的情况下，由于资源短缺和/或由于资源过多而造成的支持成本增加导致的服务质量恶化最小化。 提供了一种用于在云计算环境中执行由用户指定的过程的机制，并为用户对该过程进行计费。 这些机构包括用于接收执行指定处理的指令的接收部分和用于确定从第一其他计算机系统提供费用的外部资源的确定部分。 所述机构还包括用于将所述外部资源固定在所述第一其他计算机系统上的外部资源保护部分和用于使所述外部资源执行所述指定处理的至少一部分的执行部分。

公开(公告)号：US20110131300A9

公开(公告)日：2011-06-02

申请号：US12336745

申请日：2008-12-17

申请人： Kazuhito Akiyama ,  Yasuhiro Suzuki ,  Tadashi Tsumura

发明人： Kazuhito Akiyama ,  Yasuhiro Suzuki ,  Tadashi Tsumura

IPC分类号： G06F15/177

CPC分类号： G06F9/44505 ,  G06F17/30604

摘要： There is provided a method for managing a plurality of configuration items. The method includes holding, at a repository, for each configuration item, one set of data indicating at least one predetermined attribute of the configuration item and a relationship with another configuration item. The method also includes detecting, at a discovery section, information on configuration items. The discovery section performs subsequent detection based on at least one of a predetermined attribute and a predetermined relationship in a new set of data created from the information detected by the discovery section.

摘要翻译： 提供了一种用于管理多个配置项的方法。 该方法包括在存储库处为每个配置项保存指示配置项的至少一个预定属性的一组数据以及与另一个配置项的关系。 该方法还包括在发现部分检测关于配置项的信息。 发现部分根据由发现部分检测到的信息创建的新的数据集中的预定属性和预定关系中的至少一个执行后续检测。