专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08694786B2 Virtual machine images encryption using trusted computing group sealing 有权
标题翻译：使用可信计算组密封的虚拟机映像加密
公开(公告)号：US08694786B2
公开(公告)日：2014-04-08
申请号：US13252713
申请日：2011-10-04
申请人： Rajiv Augu , Steven A. Bade , Jeb R Linton , Dimitrios Pendarakis , George C. Wilson , Lee Hardy Wilson
发明人： Rajiv Augu , Steven A. Bade , Jeb R Linton , Dimitrios Pendarakis , George C. Wilson , Lee Hardy Wilson
IPC分类号： H04L9/08
CPC分类号： H04L9/0897 , G06F21/57
摘要： A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
摘要翻译：主机从虚拟机目录中提供虚拟机。主机实例化虚拟机。主机根据客户输入配置虚拟机，形成客户配置的虚拟机。主机从客户配置的虚拟机创建映像。主机打开密封客户的对称密钥，形成客户的对称密钥。主机使用客户的对称密钥加密客户配置的虚拟机，形成加密配置的虚拟机。主机将加密的配置虚拟机存储到非易失性存储。

2. 发明申请

US20090327492A1 TEMPLATE-BASED APPROACH FOR WORKLOAD GENERATION 有权
标题翻译：基于模板的工作生成方法
公开(公告)号：US20090327492A1
公开(公告)日：2009-12-31
申请号：US12128959
申请日：2008-05-29
申请人： Kay S. Anderson , Eric P. Bouillet , Parijat Dube , Zhen Liu , Dimitrios Pendarakis
发明人： Kay S. Anderson , Eric P. Bouillet , Parijat Dube , Zhen Liu , Dimitrios Pendarakis
IPC分类号： G06F15/16
CPC分类号： G06Q10/06 , G06F11/3414 , G06Q10/10
摘要： A system and method for workload generation include a processor for identifying a workload model by determining each of a hierarchy for workload generation, time scales for workload generation, and states and transitions at each of the time scales, and defining a parameter by determining each of fields for user specific attributes, application specific attributes, network specific attributes, content specific attributes, and a probability distribution function for each of the attributes; a user level template unit corresponding to a relatively slow time scale in signal communication with the processor; an application level template corresponding to a relatively faster time scale in signal communication with the processor; a stream level template corresponding to a relatively fastest time scale in signal communication with the processor; and a communications adapter in signal communication with the processor for defining a workload generating unit responsive to the template units.
摘要翻译：用于工作负载生成的系统和方法包括：通过确定工作负载生成的层次结构，工作负载生成的时间标度以及每个时间尺度上的状态和转换来确定工作负载模型的每个处理器，以及通过确定每个针对用户特定属性的字段，应用特定属性，网络特定属性，内容特定属性以及每个属性的概率分布函数; 用户级模板单元，其对应于与处理器进行信号通信的相对较慢的时标; 应用级模板对应于与处理器进行信号通信的相对较快的时间尺度; 对应于与处理器进行信号通信的相对较快的时标的流级模板; 以及与处理器进行信号通信的通信适配器，用于响应于模板单元来定义工作量生成单元。

3. 发明申请

US20090228324A1 Method and System for Efficient Energy Distribution in Electrical Grids Using Sensor and Actuator Networks 审中-公开
标题翻译：使用传感器和执行器网络在电网中高效能量分配的方法和系统
公开(公告)号：US20090228324A1
公开(公告)日：2009-09-10
申请号：US12042012
申请日：2008-03-04
申请人： Ronald Ambrosio , Nagui Halim , Zhen Liu , Dimitrios Pendarakis , Mark G. Yao
发明人： Ronald Ambrosio , Nagui Halim , Zhen Liu , Dimitrios Pendarakis , Mark G. Yao
IPC分类号： G06Q10/00 , G05D7/06 , G06F17/10 , G06Q30/00
CPC分类号： G06Q30/02 , G06Q10/06 , G06Q10/063 , Y02E40/76 , Y04S10/545 , Y04S50/14 , Y04S50/16
摘要： Techniques are disclosed for managing a commodity resource in a distributed network by aggregating marginal demand functions or marginal supply functions, depending on whether a node is a commodity consumer or a commodity producer, and determining an optimal allocation/production based on the aggregated function. By way of example, the commodity being managed may be an energy-based commodity such as electrical energy. In such case, the distributed commodity resource-based network may be a distributed electrical grid network.
摘要翻译：公开了用于通过根据节点是商品消费者还是商品生产者来聚合边际需求功能或边际供应功能来管理分布式网络中的商品资源的技术，以及基于聚合功能确定最佳分配/生产。作为例子，被管理的商品可以是诸如电能的基于能量的商品。在这种情况下，基于分布式商业资源的网络可以是分布式电网网络。

4. 发明授权

US07480817B2 Method for replicating data based on probability of concurrent failure 失效
标题翻译：基于并发故障概率复制数据的方法
公开(公告)号：US07480817B2
公开(公告)日：2009-01-20
申请号：US11395018
申请日：2006-03-31
申请人： Jinliang Fan , Zhen Liu , Dimitrios Pendarakis
发明人： Jinliang Fan , Zhen Liu , Dimitrios Pendarakis
IPC分类号： G06F11/00
CPC分类号： H04L67/1095 , G06F11/202 , G06F11/2053 , H04L67/18 , H04L69/40 , H04W4/02
摘要： A method is provided for replicating data. All nodes coupled to a source node via a network are surveyed to determine candidate replication nodes, and coordinates for each candidate replication node are acquired. The coordinates are used to determine a geographic location of and a communication cost for each candidate replication node. Each geographic location is rated based on probability of a concurrent failure of the source node and the candidate replication node, and a branch-and-bound algorithm is used to assign values to sets of candidate replication nodes based on the communication costs and the ratings. One set of candidate replication nodes is selected based on the assigned values. The data is replicated on the nodes of the selected set of candidate replication nodes, and all nodes coupled to the source node via the network are at least periodically monitored to determine availability of new nodes.
摘要翻译：提供了一种用于复制数据的方法。调查经由网络耦合到源节点的所有节点以确定候选复制节点，并且获取每个候选复制节点的坐标。坐标用于确定每个候选复制节点的地理位置和通信成本。基于源节点和候选复制节点的并发故障的概率对每个地理位置进行评估，并且使用分支和边界算法根据通信成本和等级将值分配给候选复制节点的集合。基于分配的值来选择一组候选复制节点。数据被复制在所选择的候选复制节点集合的节点上，并且经由网络耦合到源节点的所有节点至少被周期性地监视以确定新节点的可用性。

5. 发明申请

US20080195447A1 SYSTEM AND METHOD FOR CAPACITY SIZING FOR COMPUTER SYSTEMS 审中-公开
标题翻译：用于计算机系统的容量大小的系统和方法
公开(公告)号：US20080195447A1
公开(公告)日：2008-08-14
申请号：US11673118
申请日：2007-02-09
申请人： Eric Bouillet , Zhen Liu , Dimitrios Pendarakis , Li Zhang
发明人： Eric Bouillet , Zhen Liu , Dimitrios Pendarakis , Li Zhang
IPC分类号： G05B19/418 , G06F9/46
CPC分类号： G06F9/5061 , G06Q10/0631 , G06Q10/06315 , G06Q30/0202
摘要： A system and method for capacity sizing in a computer device or system includes determining one or more classes of operations based on at least one of historical computational usage and predicted usage for a system. Based on the one or more classes of operations, at least one capacity target is set based on the computational usage for each class such that computational capacity is maintained at a set level over a given time period and the set level satisfies at least one usage criterion over the given time period.
摘要翻译：一种用于计算机设备或系统中的容量大小化的系统和方法包括基于系统的历史计算使用和预测使用中的至少一个来确定一个或多个类别的操作。基于一个或多个类别的操作，基于每个类的计算使用来设置至少一个容量目标，使得计算能力在给定时间段内保持在设定电平，并且所述设定电平满足至少一个使用准则在给定的时间段内。

6. 发明申请

US20070234102A1 Data replica selector 失效
标题翻译：数据副本选择器
公开(公告)号：US20070234102A1
公开(公告)日：2007-10-04
申请号：US11395018
申请日：2006-03-31
申请人： Jinliang Fan , Zhen Liu , Dimitrios Pendarakis
发明人： Jinliang Fan , Zhen Liu , Dimitrios Pendarakis
IPC分类号： G06F11/00
CPC分类号： H04L67/1095 , G06F11/202 , G06F11/2053 , H04L67/18 , H04L69/40 , H04W4/02
摘要： There is provided a method and system for replicating data at another location. The system includes a source node that contains data in a data storage area. The source node is coupled to a network of potential replication nodes. The processor determines at least two eligible nodes in the network of nodes and determines the communication cost associated with a each of the eligible nodes. The processor also determines a probability of a concurrent failure of the source node and each of eligible nodes, and selects at least one of the eligible nodes for replication of the data located on the source node. The selection is based on an the determined communication costs and probability of concurrent failure.
摘要翻译：提供了在另一个位置复制数据的方法和系统。该系统包括在数据存储区域中包含数据的源节点。源节点耦合到潜在复制节点的网络。处理器确定节点网络中的至少两个合格节点，并确定与每个合格节点相关联的通信成本。处理器还确定源节点和每个合格节点的并发故障的概率，并且选择至少一个合格节点用于复制位于源节点上的数据。该选择基于所确定的通信成本和并发故障的概率。

7. 发明授权

US08839345B2 Method for discovering a security policy 有权
标题翻译：发现安全策略的方法
公开(公告)号：US08839345B2
公开(公告)日：2014-09-16
申请号：US12049629
申请日：2008-03-17
申请人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： H04L21/00 , H04L29/06 , H04L29/08 , G06F21/62 , H04W12/08
CPC分类号： G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要： Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译：提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略，使用所发现的策略来创建可强制执行的隔离策略，以及使用所述隔离策略来映射所述至少一个物理系统和至少一个虚拟系统进入至少两个独立的执行环境。还提供了用于生成一个或多个隔离策略的数据库的技术。

8. 发明申请

US20130086383A1 VIRTUAL MACHINE IMAGES ENCRYPTION USING TRUSTED COMPUTING GROUP SEALING 有权
标题翻译：虚拟机图像加密使用有争议的计算机组密封
公开(公告)号：US20130086383A1
公开(公告)日：2013-04-04
申请号：US13252713
申请日：2011-10-04
申请人： Rajiv Augusto Santos Galvao de Andrade , Steven A. Bade , Jeb R. Linton , Dimitrios Pendarakis , George C. Wilson , Lee H. Wilson
发明人： Rajiv Augusto Santos Galvao de Andrade , Steven A. Bade , Jeb R. Linton , Dimitrios Pendarakis , George C. Wilson , Lee H. Wilson
IPC分类号： H04L9/08 , H04L9/32
CPC分类号： H04L9/0897 , G06F21/57
摘要： A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer's configured virtual machine. The host machine creates an image from the customer's configured virtual machine. The host machine unwraps a sealed customer's symmetric key to form a customer's symmetric key. The host machine encrypts the customer's configured virtual machine with the customer's symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
摘要翻译：主机从虚拟机目录中提供虚拟机。主机实例化虚拟机。主机根据客户输入配置虚拟机，形成客户配置的虚拟机。主机从客户配置的虚拟机创建映像。主机打开密封客户的对称密钥，形成客户的对称密钥。主机使用客户的对称密钥加密客户配置的虚拟机，形成加密配置的虚拟机。主机将加密的配置虚拟机存储到非易失性存储。

9. 发明申请

US20110258610A1 OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING 有权
标题翻译：优化性能监测
公开(公告)号：US20110258610A1
公开(公告)日：2011-10-20
申请号：US12761952
申请日：2010-04-16
申请人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
发明人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
IPC分类号： G06F11/30 , G06F9/44
CPC分类号： G06F21/566 , G06F21/554 , G06F21/563
摘要： A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
摘要翻译：一种用于验证计算设备上正在运行的应用程序的完整性的系统，方法和计算机程序产品。该方法包括：将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视，以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。运行时监视检测数据事务（例如写入事件）何时到达恶意代理的入口点，触发对应的存储器钩子，并将控制传递到在被监视系统外部运行的安全代理。该代理请求数据元素的值，并确定先前计算的不变量是否在检索的数据值集合下保持为真。

10. 发明申请

US20090235324A1 METHOD FOR DISCOVERING A SECURITY POLICY 有权
标题翻译：发现安全政策的方法
公开(公告)号：US20090235324A1
公开(公告)日：2009-09-17
申请号：US12049629
申请日：2008-03-17
申请人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F17/00
CPC分类号： G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要： Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译：提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略，使用所发现的策略来创建可强制执行的隔离策略，以及使用所述隔离策略来映射所述至少一个物理系统和至少一个虚拟系统进入至少两个独立的执行环境。还提供了用于生成一个或多个隔离策略的数据库的技术。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式