-
公开(公告)号:US20190034218A1
公开(公告)日:2019-01-31
申请号:US16073363
申请日:2017-01-23
Inventor: Fadi EL-MOUSSA , Theo DIMITRAKOS
Abstract: A computer implemented method of instantiating an encrypted disk image for a virtualized computer system includes providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine; and providing a basic input output system (BIOS) for the second hypervisor, the BIOS being configured to decrypt and load the encrypted disk image to instantiate the virtualized computer system as a second virtual machine in the second hypervisor, and wherein the software component is further configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encrypted disk image for the second virtual machine executing in the first hypervisor.
-
公开(公告)号:US20180225611A1
公开(公告)日:2018-08-09
申请号:US15749391
申请日:2016-07-20
Inventor: Joshua DANIEL , Gery DUCATEL , Theo DIMITRAKOS
CPC classification number: G06Q10/06315 , G06F16/27 , G06F21/6236 , G06Q20/065
Abstract: A computer implemented method to provide allocation of one or more computing resources for a consumer computing component, each resource having a resource type and being provided by one or more resource providers, and the consumer having associated a quantity of tradeable value constraining an extent of resource consumption.
-
公开(公告)号:US20170099278A1
公开(公告)日:2017-04-06
申请号:US15126925
申请日:2015-03-17
Inventor: Gery Michel DUCATEL , Theo DIMITRAKOS
CPC classification number: H04L63/08 , G06F21/31 , G06F21/316 , H04L63/107 , H04L63/108 , H04L2463/082
Abstract: A selector apparatus to select one or more shared authentication facilities for a software service executing in a virtualized shared computing environment, the software service including an interface through which a user request to access a restricted resource of the service is receivable, the request having associated a user context defining one or more characteristics of the user, and the software service further having associated a plurality of authentication rules for the service, wherein each rule is associated with one or more user contexts and identifies one or more shared authentication facilities for the computing environment, the selector apparatus comprising: a launcher, responsive to a user request received via the interface, adapted to instantiate one or more authentication facilities in accordance with an authentication rule retrieved based on a user context for the received request, so as to generate one or more challenges for the user to authenticate the user, wherein the authentication rule further defines one or more parameters for the identified authentication facilities.
-
公开(公告)号:US20160147518A1
公开(公告)日:2016-05-26
申请号:US14899747
申请日:2014-06-12
Inventor: Theo DIMITRAKOS , Nektarios GEORGALAS , Fadi EL-MOUSSA , Pramod PAWAR , George VAFIADIS
CPC classification number: G06F8/60 , G06F8/61 , G06F8/70 , G06F9/45533
Abstract: A method for enforcing a model deployment specification for a software application in execution in a virtualised computing environment, the method comprising: retrieving a compliance characteristic for the application, the compliance characteristic having associated a compliance criterion; receiving a model deployment specification for the compliance characteristic, the model deployment specification including an identification of a set of model resources being selected to, when instantiated, satisfy the compliance criterion; identifying a set of instantiated resources as resources instantiated for execution of the application; in response to a determination that the set of model resources includes absent resources as resources outside the set of instantiated resources, modifying the set of instantiated resources by instantiating the absent resources for execution of the application such that the absent resources are included in the set of instantiated resources.
Abstract translation: 一种用于对在虚拟化计算环境中执行的软件应用执行模型部署规范的方法,所述方法包括:检索所述应用的合规特性,所述合规特性具有相关联的合规标准; 接收用于所述合规特性的模型部署规范,所述模型部署规范包括当被实例化时满足所述合规性准则的被选择的一组模型资源的标识; 将实例化的资源集合识别为用于执行应用程序的资源; 响应于确定所述模型资源集合包括缺少资源作为所述实例化资源集合之外的资源,通过实例化所述资源来执行所述应用来修改所述一组已实例化的资源,使得所述缺少的资源被包括在所述一组 实例资源。
-
公开(公告)号:US20170288871A1
公开(公告)日:2017-10-05
申请号:US15509090
申请日:2015-09-24
Inventor: Theo DIMITRAKOS , Ali SAJJAD
CPC classification number: H04L9/321 , G06F21/31 , G06F21/602 , G06F21/6209 , H04L9/0866 , H04L2209/24
Abstract: A method of a security system to provide access by a requester to an encrypted data object stored in an object store, the requester being authenticated by the object store, the method comprising: receiving, from the object store: the encrypted object having associated an object identifier; and an identifier of the requester; deriving a first cryptographic key to decrypt the object; deriving a second cryptographic key; re-encrypting the object based on the second key and communicating the re-encrypted object to the requester; wherein each of the first and second keys are based on the object identifier, the requester identifier and a secret key portion generated by the security system, the secret key portion being different for each of the first and second keys, the method further comprising: in response to a second authentication of the requester by the security system, communicating the secret key portion for the second key to the requester.
-
Patent Agency Ranking
公开(公告)号:US20170093920A1
公开(公告)日:2017-03-30
申请号:US15126861
申请日:2015-03-17
Inventor: Gery Michel DUCATEL , Theo DIMITRAKOS
CPC classification number: H04L63/20 , G06F21/316 , G06F21/335 , G06F2221/2111 , G06N99/005 , H04L63/08 , H04L63/083 , H04L63/0861 , H04L63/10 , H04L2463/082
Abstract: An authentication apparatus to authenticate a user requesting access to a restricted resource in a computer system comprising: an interface adapted to receive an indication of a user request to access the restricted resource, the request having associated a current user context defining one or more characteristics of the user; a receiver adapted to receive a user selected authentication scheme from a set of authentication schemes for the current user context; a comparator adapted to compare the user selected authentication scheme with a set of user-specific rules, each rule indicating one or more authentication schemes for a user context as preferred authentication schemes; an access controller adapted to permit access to the restricted resource based on the comparison so as to prevent access to the restricted resource when the rules indicate one or more authentication schemes other than the user selected authentication scheme are preferred for the current user context.
-
公开(公告)号:US20160140209A1
公开(公告)日:2016-05-19
申请号:US14899731
申请日:2014-06-12
Inventor: Theo DIMITRAKOS , Nektarios GEORGALAS , Fadi EL-MOUSSA , Pramod PAWAR , George VAFIADIS
CPC classification number: G06F16/285 , G06F9/44505 , G06F9/45533 , G06F9/5055 , G06F11/3692 , G06F2009/45587 , G06F2009/45591
Abstract: A method for categorising a state of operation of a software application in execution in a virtualised computing environment, the application having associated a set of software components being operable to access data associated with the application, the method comprising the steps of: receiving a set of software application state definitions, each state definition including a definition of an application characteristic having associated criteria based on one or more formal parameters; identifying a set of hypothetical states for the application from the set of state definitions based on the data, wherein the data is used to formulate a set of one or more actual parameters corresponding to formal parameters for criteria associated with one or more of the states in the set of hypothetical states; for each of the states in the set of hypothetical states, in response to a determination that criteria associated with a current state is fully evaluable in the negative, removing the current state from the set of hypothetical states; selecting a candidate state from the set of hypothetical states based on a level of satisfaction of criteria associated with each state in the set of hypothetical states, the candidate state having associated one or more absent formal parameters for which no actual parameter is included in the set of actual parameters; and determining if a level of satisfaction of criteria associated with the candidate state fails to meet a threshold level of satisfaction, and in response to the determination undertaking the steps of: a) adjusting the set of software components such that the set of software components is operable to obtain an improved set of actual parameters associated with the application, the improved set of actual parameters including at least one actual parameter corresponding to an absent formal parameter; and b) repeating the removing, selecting and determining steps.
Abstract translation: 一种用于对在虚拟化计算环境中执行的软件应用程序的操作状态进行分类的方法,所述应用程序具有关联的一组软件组件,用于访问与所述应用程序相关联的数据,所述方法包括以下步骤:接收一组 软件应用状态定义,每个状态定义包括基于一个或多个形式参数的具有相关联标准的应用特征的定义; 基于所述数据从所述状态定义集合识别所述应用的一组假设状态,其中所述数据用于制定一组一组或多个实际参数,所述一个或多个实际参数对应于与所述状态中的一个或多个状态相关联的标准的形式参数 一组假设状态; 对于一组假设状态中的每个州,为了响应于与当前状态相关联的标准是否完全可评估的确定,将该状态从一组假设状态中移除; 基于与所述假设状态集合中的每个状态相关联的标准的满足程度从所述一组假设状态中选择候选状态,所述候选状态具有关联的一个或多个缺席形式参数,其中所述集合中不包括实际参数 的实际参数; 以及确定与所述候选状态相关联的标准的满足程度是否不满足阈值阈值水平,并且响应于所述确定采取以下步骤:a)调整所述软件组件的集合,使得所述一组软件组件为 可操作以获得与所述应用相关联的改进的实际参数集合,所述改进的实际参数集合包括对应于缺少形式参数的至少一个实际参数; 和b)重复去除,选择和确定步骤。
-
公开(公告)号:US20160139938A1
公开(公告)日:2016-05-19
申请号:US14899911
申请日:2014-06-12
Inventor: Theo DIMITRAKOS , Nektarios GEORGALAS , Fadi EL-MOUSSA , Pramod PAWAR , George VAFIADIS
CPC classification number: G06F9/44505 , G06F9/45533 , G06F9/5077
Abstract: An apparatus for enforcing a compliance requirement for a software application in execution in a virtualised computing environment, the apparatus comprising: an identifier component operable to identify a resource instantiated for execution of the application; a retriever component operable to retrieve a compliance characteristic for the application, the compliance characteristic being retrieved based on the identified resource and having associated a compliance criterion based on a formal parameter, the compliance criterion defining a set of compliant resource states; a first selector component operable to select a software component for providing an actual parameter corresponding to the formal parameter, the actual parameter being based on data concerning the resource; an evaluator component operable to evaluate the compliance criterion using the actual parameter; an application modifier component operable to, in response to a determination that the resource is outside the set of compliant resource states, the determination being based on the evaluation of the compliance criterion, modify the software application to a modified software application having associated a resource with a state belonging to the set of compliant resource states; and a detector component operable to detect a change to one or more of the resources, wherein the identifier component, selector component and evaluator component are operable in response to a determination by the detector component that one or more resources is changed, and wherein the selector selects the software component based on an identification of one or more data items that the software component is operable to provide.
Abstract translation: 一种用于对在虚拟化计算环境中执行的软件应用执行合规要求的装置,所述装置包括:标识符组件,可操作以识别实例化用于执行所述应用的资源; 检索器组件,用于检索所述应用程序的符合性特征,所述遵从性特性是根据所识别的资源被检索的,并且具有基于形式参数的合规性标准,所述合规标准定义一组符合资源状态; 第一选择器部件,其可操作以选择用于提供与所述形式参数对应的实际参数的软件组件,所述实际参数基于与所述资源有关的数据; 评估器组件,其可操作以使用所述实际参数来评估所述合规性标准; 应用修改器组件可操作以响应于确定所述资源在所述一致的资源状态集合之外,所述确定是基于所述合规标准的评估,将所述软件应用修改为具有与资源相关联的修改的软件应用 属于一套符合资源状态的状态; 以及检测器组件,其可操作以检测对所述资源中的一个或多个的改变,其中所述标识符组件,选择器组件和评估器组件响应于所述检测器组件确定一个或多个资源被改变而可操作,并且其中所述选择器 基于软件组件可操作提供的一个或多个数据项的标识来选择软件组件。
-
公开(公告)号:US20150358356A1
公开(公告)日:2015-12-10
申请号:US14758663
申请日:2013-12-31
Inventor: Yair DIAZ-TELLEZ , Fadi EL-MOUSSA , Theo DIMITRAKOS , Abdullahi ARABO
CPC classification number: H04L63/20 , G06F21/6218 , G06F21/629 , H04L63/107 , H04W12/08 , H04W88/02
Abstract: A processing device (10) includes a policy evaluation module (131) for evaluating policies associated with an item of data or an application and a dynamic context determination module (133) for determining contextual information associated with the current context of operation of the device and for providing the thus determined contextual information to the policy evaluation module. The device (10) further includes a policy enforcement module (135) for enforcing the evaluation specified by the policy evaluation module (131), wherein the device is operable to cause the policy evaluation module to evaluate a policy associated with an item of data or an application whenever the associated item of data or application is invoked and, additionally, whilst the associated item of data or application is active on the device and a notification of a change in the determined contextual information is received by the policy evaluation module.
Abstract translation: 处理设备(10)包括用于评估与数据项或应用相关联的策略的策略评估模块(131)和动态上下文确定模块(133),用于确定与所述设备的当前操作上下文相关联的上下文信息,以及 用于将如此确定的上下文信息提供给策略评估模块。 所述设备(10)还包括用于执行由所述策略评估模块(131)指定的评估的策略执行模块(135),其中所述设备可操作以使所述策略评估模块评估与数据项相关联的策略, 无论何时调用相关联的数据或应用程序的项目,并且另外在数据或应用程序的相关项目在设备上是活动的并且策略评估模块接收到所确定的上下文信息的改变的通知。
-
公开(公告)号:US20200257814A1
公开(公告)日:2020-08-13
申请号:US16073453
申请日:2017-01-26
Inventor: Fadi EL-MOUSSA , Theo DIMITRAKOS
Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a hypervisor having a data store and instantiating a disk image of the virtualized computer system as a first virtual machine (VM) having a virtual disk from which an operating system of the first VM can be booted; instantiating a second VM in the hypervisor including a software component executing therein, wherein the data store is a shared data store accessible by both the first and second VMs, the method further comprising: the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM; and the software component encrypting the duplicate disk and unmounting the copied disk and mounting the encrypted duplicate disk in the first VM so as to provide an encrypted disk for the first VM.
-
-
-
-
-
-
-
-
-
Search Results
26
records
(took 0.022 seconds)
