公开(公告)号：US08121043B2

公开(公告)日：2012-02-21

申请号：US11207270

申请日：2005-08-19

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

IPC分类号： G06F11/30

CPC分类号： H04L43/026 ,  H04L43/024 ,  Y02D50/30

摘要： An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.

摘要翻译： 管理资源消耗的方法使用自适应随机抽样来减少流量统计数据的收集，随着资源消耗的增加。 当从网络接收到分组时，确定分组是否属于正在收集流量统计数据的现有流或新流。 如果分组属于现有流，则更新现有流的流统计数据以反映分组。 如果分组属于新流，则采用抽样概率来确定新流是否被采样。 至少部分地根据资源的当前使用来确定抽样概率。

公开(公告)号：US20070041331A1

公开(公告)日：2007-02-22

申请号：US11207270

申请日：2005-08-19

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Ganesh Sadasivan ,  Sunil Khaunte ,  Paul Aitken

IPC分类号： G06F15/173 ,  G01R31/08

CPC分类号： H04L43/026 ,  H04L43/024 ,  Y02D50/30

摘要： An approach for managing the consumption of resources uses adaptive random sampling to decrease the collection of flow statistical data as the consumption of resources increases. When a packet is received from a network, a determination is made whether the packet belongs to an existing flow, for which flow statistical data is being collected, or to a new flow. If the packet belongs to an existing flow, then the flow statistical data for the existing flow is updated to reflect the packet. If the packet belongs to the new flow, then a sampling probability is used to determine whether the new flow is to be sampled. The sampling probability is determined, at least in part, upon a current usage of resources.

摘要翻译： 管理资源消耗的方法使用自适应随机抽样来减少流量统计数据的收集，随着资源消耗的增加。 当从网络接收到分组时，确定分组是否属于正在收集流量统计数据的现有流或新流。 如果分组属于现有流，则更新现有流的流统计数据以反映分组。 如果分组属于新流，则采用抽样概率来确定新流是否被采样。 至少部分地根据资源的当前使用来确定抽样概率。

公开(公告)号：US20110173295A1

公开(公告)日：2011-07-14

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US08156230B2

公开(公告)日：2012-04-10

申请号：US13069304

申请日：2011-03-22

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US20060217923A1

公开(公告)日：2006-09-28

申请号：US11088325

申请日：2005-03-23

申请人： Xiaoxue Ma ,  Paul Gleichauf ,  Paul Atkins

发明人： Xiaoxue Ma ,  Paul Gleichauf ,  Paul Atkins

IPC分类号： G06F17/18

CPC分类号： H04L43/00 ,  H04L41/0893 ,  H04L41/22 ,  H04L43/026

摘要： A policy-based approach for managing the export of network flow statistical data uses constraints and prioritization to select flow data to be exported by flow monitoring processes. According to the approach, a flow monitoring process monitors a plurality of flows at an observation point. The flow monitoring process generates flow statistical data for the plurality of flows. Policy data is made available to the flow monitoring process and includes constraint data and priority data. The constraint data indicates usage constraints for one or more resources available to the flow monitoring process. The priority data indicates a desired priority of flow attributes. The flow monitoring process uses the policy data to select one or more flows from the plurality of flows, such that the resource usage constraints are satisfied. The flow monitoring process exports a portion of the flow statistical data that corresponds to the selected one or more flows.

公开(公告)号：US07949766B2

公开(公告)日：2011-05-24

申请号：US11472678

申请日：2006-06-21

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US20080244747A1

公开(公告)日：2008-10-02

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。

公开(公告)号：US20070011272A1

公开(公告)日：2007-01-11

申请号：US11472678

申请日：2006-06-21

申请人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

发明人： Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Paul Gleichauf ,  Xiaoxue Ma

IPC分类号： G06F15/16

CPC分类号： G06F9/45558 ,  G06F9/5027 ,  G06F2009/45595 ,  G06F2209/509

摘要： An apparatus for offloading network, block and file functions from an operating system comprises a network interface coupled to a network for receiving packet flows; one or more processors each having one or more processor cores; a computer-readable medium carrying one or more operating systems and an input/output networking stack which are hosted in one or more of the processor cores. The networking stack is shared among the operating systems. The networking stack comprises instructions which when executed cause receiving a request for data transfer from one of the operating systems at internal network, block and file system interfaces, and permitting data to be transferred between the internal interfaces and a plurality of external interfaces by preventing the operating systems from performing the data transfer and performing the data transfer on behalf of the operating systems.

摘要翻译： 用于从操作系统卸载网络，块和文件功能的装置包括耦合到网络的用于接收分组流的网络接口; 每个处理器具有一个或多个处理器核心; 携带一个或多个操作系统的计算机可读介质和托管在一个或多个处理器核心中的输入/输出网络堆栈。 网络堆栈在操作系统之间共享。 网络堆栈包括指令，当被执行时，在内部网络，块和文件系统接口处接收来自操作系统之一的数据传输请求，并允许数据在内部接口和多个外部接口之间传输， 操作系统执行数据传输并代表操作系统执行数据传输。

公开(公告)号：US08127412B2

公开(公告)日：2012-03-06

申请号：US11731728

申请日：2007-03-30

申请人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

发明人： Paul Gleichauf ,  Mark Bakke ,  Timothy Kuik ,  David Thompson ,  Xiaoxue Ma

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F11/1415 ,  H04L63/1433 ,  H04L67/306

摘要： A computer system, comprising at least one controlled execution space hosting an operating system and an application program; a vulnerability monitoring agent coupled to the controlled execution space; one or more vulnerability profiles coupled to the vulnerability monitoring agent, wherein each of the vulnerability profiles comprises an application program identifier, an operating system identifier, a vulnerability specification describing a vulnerability of an application program that the application program identifier indicates when executed with an operating system that the operating system identifier indicates, and a remedial action which when executed will remediate the vulnerability; wherein the vulnerability monitoring agent is configured to monitor execution of the operating system and the application program in the controlled execution space, to detect an anomaly associated with the vulnerability, to determine the remedial action for the operating system and application program based on one of the vulnerability profiles, and to cause the remedial action.

摘要翻译： 一种计算机系统，包括托管操作系统和应用程序的至少一个受控执行空间; 耦合到受控执行空间的漏洞监视代理; 耦合到所述漏洞监视代理的一个或多个漏洞简档，其中所述漏洞简档中的每一个包括应用程序标识符，操作系统标识符，描述应用程序标识符在执行操作时指示的应用程序的漏洞的漏洞规范 操作系统标识符指示的系统以及在执行时将补救该漏洞的补救措施; 其中所述漏洞监视代理被配置为监视所述受控执行空间中的所述操作系统和所述应用程序的执行，以检测与所述漏洞相关联的异常，以基于所述操作系统和应用程序之一来确定所述操作系统和应用程序的补救动作 漏洞简介，并采取补救措施。

公开(公告)号：US20070112683A1

公开(公告)日：2007-05-17

申请号：US11281047

申请日：2005-11-16

申请人： Paul Gleichauf

发明人： Paul Gleichauf

IPC分类号： G06Q99/00

CPC分类号： G06Q99/00

摘要： A method and system for managing payment for a license for a licensed product is provided. The method includes the use of regulations to enforce payment for the license that is issued to a client. The license is issued to the client by a license manager. The license manager informs the client if payment for the license is due. The client is instructed to make payment for the license by including payment for license in auditing functions of an auditor. Thereafter, the access expiration date of the licensed product is extended. The auditing functions include verification of the compliance of the client with the regulations. Thereafter, the client makes payment for the license.

摘要翻译： 提供了用于管理许可产品的许可证的支付的方法和系统。 该方法包括使用法规来强制执行向客户发出的许可证的付款。 许可证由许可证管理员发给客户。 许可证管理员通知客户付款许可证是否到期。 指示客户通过在审核员的审计职能中包括许可证支付来支付许可证。 此后，许可产品的访问有效期延长。 审计功能包括验证客户遵守规定的情况。 此后，客户支付许可证。