公开(公告)号：US08949847B2

公开(公告)日：2015-02-03

申请号：US13584028

申请日：2012-08-13

申请人： Young-Ho Kim ,  Gyu-Il Cha ,  Shin-Young Ahn ,  Eun-Ji Lim ,  Jin-Mee Kim ,  Seung-Jo Bae

发明人： Young-Ho Kim ,  Gyu-Il Cha ,  Shin-Young Ahn ,  Eun-Ji Lim ,  Jin-Mee Kim ,  Seung-Jo Bae

IPC分类号： G06F9/46

CPC分类号： G06F9/505 ,  G06F2209/501

摘要： Disclosed herein are a resource manager node and a resource management method. The resource manager node includes a resource management unit, a resource policy management unit, a shared resource capability management unit, a shared resource status monitoring unit, and a shared resource allocation unit. The resource management unit performs an operation necessary for resource allocation when a resource allocation request is received. The resource policy management unit determines a resource allocation policy based on the characteristic of the task, and generates resource allocation information. The shared resource capability management unit manages the topology of nodes, information about the capabilities of resources, and resource association information. The shared resource status monitoring unit monitors and manages information about the status of each node and the use of allocated resources. The shared resource allocation unit sends a resource allocation request to at least one of the plurality of nodes.

摘要翻译： 这里公开了资源管理器节点和资源管理方法。 资源管理器节点包括资源管理单元，资源策略管理单元，共享资源能力管理单元，共享资源状态监视单元和共享资源分配单元。 当接收资源分配请求时，资源管理单元执行资源分配所需的操作。 资源策略管理单元基于该任务的特性确定资源分配策略，生成资源分配信息。 共享资源能力管理单元管理节点拓扑，资源能力信息和资源关联信息。 共享资源状态监视单元监视和管理有关每个节点的状态和所分配资源的使用的信息。 共享资源分配单元向多个节点中的至少一个发送资源分配请求。

公开(公告)号：US20090158385A1

公开(公告)日：2009-06-18

申请号：US12076783

申请日：2008-03-21

申请人： Dong-Wook Kim ,  Gyu-Il Cha ,  Young-ho Kim ,  Eun-Ji Lim ,  Soo-Young Kim ,  Sung-In Jung ,  Myung-Joon Kim ,  Bong-Nam Noh ,  Jung-Soon Kim

发明人： Dong-Wook Kim ,  Gyu-Il Cha ,  Young-ho Kim ,  Eun-Ji Lim ,  Soo-Young Kim ,  Sung-In Jung ,  Myung-Joon Kim ,  Bong-Nam Noh ,  Jung-Soon Kim

IPC分类号： G06F21/00

CPC分类号： G06F21/6218 ,  G06F21/604

摘要： Provided is an apparatus and method for automatically generating a SELinux security policy based on SELT. In the method, process generation is prepared by receiving execution file names of a program destined for policy generation. A system call log, which is traced by generating a process by executing the received execution file of the program, is stored. The traced system call log is purified into data necessary for generation of a security policy. Objects are grouped in consideration of the relationship between the objects based on purified information. A normalized data structure is recorded in an SELT description language format using a security policy file. Duplication and collision between the generated SELT security policy and the previous security policy in a system are detected.

摘要翻译： 提供了一种基于SELT自动生成SELinux安全策略的装置和方法。 在该方法中，通过接收用于策略生成的程序的执行文件名来准备进程生成。 存储通过执行程序的接收到的执行文件生成处理来追踪的系统调用日志。 跟踪的系统调用日志被净化为生成安全策略所需的数据。 考虑到基于纯化信息的对象之间的关系对象进行分组。 使用安全策略文件以SELT描述语言格式记录归一化数据结构。 检测到生成的SELT安全策略与系统中之前的安全策略之间的重复和冲突。