公开(公告)号：US09998490B2

公开(公告)日：2018-06-12

申请号：US15632484

申请日：2017-06-26

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

公开(公告)号：US20170295198A1

公开(公告)日：2017-10-12

申请号：US15632484

申请日：2017-06-26

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

公开(公告)号：US09722964B2

公开(公告)日：2017-08-01

申请号：US15291398

申请日：2016-10-12

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F15/16 ,  H04L12/58 ,  H04L29/08 ,  G06K9/00

CPC classification number: H04L51/20 ,  G06K9/00671 ,  H04L51/10 ,  H04L51/32 ,  H04L67/18

Abstract: An approach for delaying social media messages is provided herein. A first computing device receives user preferences. The first computing device detects a social media message of a user. The first computing device determines that the user is not in the physical location. The first computing device determines whether to delay the posting of the social media message based on a comparison of the content of the social media message with the received user preferences.

公开(公告)号：US20170163562A1

公开(公告)日：2017-06-08

申请号：US15434106

申请日：2017-02-16

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L12/927 ,  G06F9/44 ,  H04L29/08

Abstract: Approaches for automatically managing user privileges for computer resources based on determined levels of expertise in a networked computing environment (e.g., a cloud computing environment) are provided. In a typical approach, a user profile associated with a prospective user of a set of computer resources in the networked computing environment may be accessed. The user profile may include information pertaining to a skill level of the prospective user with respect to the set of computer resources. Based on the information contained in the user profile, an expertise level of the prospective user with respect to the set of computer resources may be determined, and a corresponding score may be calculated. Based on the score, a level of user privileges for the set of computer resources may be provided.

公开(公告)号：US09654358B2

公开(公告)日：2017-05-16

申请号：US13741959

申请日：2013-01-15

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/911 ,  G06F21/60

CPC classification number: H04L47/808 ,  G06F9/451 ,  G06F21/60 ,  H04L41/5067 ,  H04L41/5083 ,  H04L41/5096 ,  H04L47/70 ,  H04L67/10 ,  H04L67/306

Abstract: Approaches for automatically managing user privileges for computer resources based on determined levels of expertise in a networked computing environment (e.g., a cloud computing environment) are provided. In a typical approach, a user profile associated with a prospective user of a set of computer resources in the networked computing environment may be accessed. The user profile may include information pertaining to a skill level of the prospective user with respect to the set of computer resources. Based on the information contained in the user profile, an expertise level of the prospective user with respect to the set of computer resources may be determined, and a corresponding score may be calculated. Based on the score, a level of user privileges for the set of computer resources may be provided.

公开(公告)号：US09565206B2

公开(公告)日：2017-02-07

申请号：US15142456

申请日：2016-04-29

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract translation: 提供了一种在虚拟化/网络化（例如，云）计算环境中寻址（例如，防止）检测到的网络入侵的方法。 在典型的实施例中，用户可以根据安全敏感度级别/分类的范围对环境/域的组件/系统进行分组。 用户可以进一步配置用于响应每个安全敏感度级别/分类的安全威胁的规则。 例如，如果在包含高度敏感的系统的网段中或附近检测到“高度危险”的安全威胁，则用户可以配置将自动隔离那些属于高安全级别的系统的规则。 这种方法允许对系统安全性/入侵防御进行更细粒度的优化和/或管理，该系统安全/入侵防御可以在系统级别而不是在域级别进行管理。

公开(公告)号：US20150244596A1

公开(公告)日：2015-08-27

申请号：US14189051

申请日：2014-02-25

Applicant: International Business Machines Corporation

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L43/08 ,  H04L41/04 ,  H04L41/0883 ,  H04L41/145 ,  H04L67/10 ,  H04L67/32 ,  H04L67/34

Abstract: An approach for deploying and managing applications in a networked computing environment (e.g., a cloud computing environment) is provided. In one aspect, a user uploads an application for deployment in the networked computing environment. Metadata of the application is analyzed and compared to metadata of previously deployed applications. Using the comparison, a set of architectures used in conjunction with previously deployed application(s) with similar platform and middleware requirements are presented to a user. The user can select an architecture for deploying the application. The application is continuously monitored after deployment, and alternative architectures to improve the application can be presented to the user, if desired.

Abstract translation: 提供了在网络计算环境（例如，云计算环境）中部署和管理应用程序的方法。 在一个方面，用户在网络计算环境中上传用于部署的应用。 分析应用程序的元数据并将其与先前部署的应用程序的元数据进行比较。 使用比较，将一组结合先前部署的具有类似平台和中间件需求的应用程序结构呈现给用户。 用户可以选择用于部署应用程序的体系结构。 应用程序在部署后不断监控，如果需要，可以向用户呈现改进应用程序的替代架构。

公开(公告)号：US20140201345A1

公开(公告)日：2014-07-17

申请号：US13741959

申请日：2013-01-15

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: H04L12/24

CPC classification number: H04L47/808 ,  G06F9/451 ,  G06F21/60 ,  H04L41/5067 ,  H04L41/5083 ,  H04L41/5096 ,  H04L47/70 ,  H04L67/10 ,  H04L67/306

Abstract: Approaches for automatically managing user privileges for computer resources based on determined levels of expertise in a networked computing environment (e.g., a cloud computing environment) are provided. In a typical approach, a user profile associated with a prospective user of a set of computer resources in the networked computing environment may be accessed. The user profile may include information pertaining to a skill level of the prospective user with respect to the set of computer resources. Based on the information contained in the user profile, an expertise level of the prospective user with respect to the set of computer resources may be determined, and a corresponding score may be calculated. Based on the score, a level of user privileges for the set of computer resources may be provided.

Abstract translation: 提供了基于在网络计算环境（例如，云计算环境）中确定的专业知识水平来自动管理计算机资源的用户特权的方法。 在典型的方法中，可以访问与联网计算环境中的一组计算机资源的预期用户相关联的用户简档。 用户简档可以包括与潜在用户相对于该组计算机资源的技能水平有关的信息。 基于用户简档中包含的信息，可以确定预期用户相对于该组计算机资源的专业级别，并且可以计算相应的分数。 基于分数，可以提供该组计算机资源的用户权限级别。

公开(公告)号：US20140189865A1

公开(公告)日：2014-07-03

申请号：US13732678

申请日：2013-01-02

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Kelly Abuelsaad ,  Lisa Seacat DeLuca ,  Soobaek Jang ,  Daniel C. Krook

IPC: G06F21/55

CPC classification number: H04L63/1433 ,  G06F21/55 ,  G06F21/552 ,  G06F21/554 ,  H04L63/105 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/20 ,  H04L67/02

Abstract: An approach for addressing (e.g., preventing) detected network intrusions in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, users may group components/systems of an environment/domain according to a range of security sensitivity levels/classifications. The users may further configure rules for responding to security threats for each security sensitivity level/classification. For example, if a “highly dangerous” security threat is detected in or near a network segment that contains highly sensitive systems, the user may configure rules that will automatically isolate those systems that fall under the high security classification. Such an approach allows for more granular optimization and/or management of system security/intrusion prevention that may be managed at a system level rather than at a domain level.

Abstract translation: 提供了一种在虚拟化/网络化（例如，云）计算环境中寻址（例如，防止）检测到的网络入侵的方法。 在典型的实施例中，用户可以根据安全敏感度级别/分类的范围对环境/域的组件/系统进行分组。 用户可以进一步配置用于响应每个安全敏感度级别/分类的安全威胁的规则。 例如，如果在包含高度敏感的系统的网段中或附近检测到“高度危险”的安全威胁，则用户可以配置将自动隔离那些属于高安全级别的系统的规则。 这种方法允许对系统安全性/入侵防御进行更细粒度的优化和/或管理，该系统安全/入侵防御可以在系统级别而不是在域级别进行管理。

公开(公告)号：US10394766B2

公开(公告)日：2019-08-27

申请号：US15342426

申请日：2016-11-03

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ryan G. Dejana ,  Lisa Seacat Deluca ,  Brian D. Goodman ,  Daniel C. Krook

IPC: G06F17/30 ,  G06F16/182 ,  G06F3/06 ,  G06F16/22

Abstract: Approaches for routing data to storage are provided. An approach includes determining implicit metadata from explicit metadata received with a request from a user to store a file. The approach also includes determining a storage resource based on the explicit metadata, the implicit metadata, and a registry of storage resources. The approach additionally includes routing data of the file to the determined storage resource.