BRPI0410569A - extensão de segurança de rede de sistemas de arquivos distribuìdos - Google Patents

extensão de segurança de rede de sistemas de arquivos distribuìdos

Info

Publication number
BRPI0410569A
BRPI0410569A BRPI0410569-9A BRPI0410569A BRPI0410569A BR PI0410569 A BRPI0410569 A BR PI0410569A BR PI0410569 A BRPI0410569 A BR PI0410569A BR PI0410569 A BRPI0410569 A BR PI0410569A
Authority
BR
Brazil
Prior art keywords
file
file system
client
server
sensitive
Prior art date
Application number
BRPI0410569-9A
Other languages
English (en)
Inventor
Susann Marie Keohane
Gerald Francis Mcbrearty
Shawn Patrick Mullen
Jessica Kelley Murillo
Johnny Meng-Han Shieh
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Publication of BRPI0410569A publication Critical patent/BRPI0410569A/pt
Publication of BRPI0410569B1 publication Critical patent/BRPI0410569B1/pt

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)
  • Small-Scale Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

"EXTENSãO DE SEGURANçA DE REDE DE SISTEMAS DE ARQUIVOS DISTRIBUìDOS". Um protocolo de segurança que dinamicamente implementa segurança de montagem aumentada de um sistema de arquivos, quando o acesso a arquivos sensíveis em uma rede de sistema de arquivos é solicitado. Quando o usuário de um sistema cliente tenta acessar um arquivo sensível especificamente etiquetado, o servidor que hospeda o sistema de arquivos executa um código de software que termina a montagem corrente e reconfigura as portas do servidor para aceitar uma remontagem a partir do cliente através de uma porta mais segura. A porta do servidor reconfigurada é fornecido o endereço de IP do cliente e a correspondência do endereço de IP durante a operação de remontagem. A comutação para uma montagem segura é completada de uma maneira perfeitamente consistente de modo que os usuários autorizados são permitidos acessar arquivos sensíveis sem derrubar o servidor com as a criptografação custosa e outras características de segurança de intensivo recurso. Nenhum retardo significante é experimentado pelo usuário, enquanto o arquivo sensível é protegido de captura não autorizada durante a transmissão do sistema cliente.
BRPI0410569A 2003-05-22 2004-04-15 extensão de segurança de rede de sistemas de arquivos distribuídos BRPI0410569B1 (pt)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/443,675 US7917751B2 (en) 2003-05-22 2003-05-22 Distributed filesystem network security extension
PCT/GB2004/001629 WO2004104902A1 (en) 2003-05-22 2004-04-15 Distributed filesystem network security extension

Publications (2)

Publication Number Publication Date
BRPI0410569A true BRPI0410569A (pt) 2006-06-20
BRPI0410569B1 BRPI0410569B1 (pt) 2016-08-23

Family

ID=33450477

Family Applications (1)

Application Number Title Priority Date Filing Date
BRPI0410569A BRPI0410569B1 (pt) 2003-05-22 2004-04-15 extensão de segurança de rede de sistemas de arquivos distribuídos

Country Status (12)

Country Link
US (1) US7917751B2 (pt)
EP (1) EP1625524B1 (pt)
JP (1) JP4602981B2 (pt)
KR (1) KR100906119B1 (pt)
CN (1) CN100530207C (pt)
AT (1) ATE339733T1 (pt)
BR (1) BRPI0410569B1 (pt)
CA (1) CA2525249C (pt)
DE (1) DE602004002401T2 (pt)
IL (1) IL172054A (pt)
TW (1) TWI282229B (pt)
WO (1) WO2004104902A1 (pt)

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7124171B1 (en) * 2002-05-23 2006-10-17 Emc Corporation In a networked computing cluster storage system and plurality of servers sharing files, in the event of server unavailability, transferring a floating IP network address from first server to second server to access area of data
US7480700B2 (en) * 2004-04-27 2009-01-20 Apple Inc. Method and system for retrieval and usage of remote entry points
US7827294B2 (en) 2004-05-06 2010-11-02 American Express Travel Related Services Company, Inc. System and method for dynamic security provisioning of computing resources
US20060031326A1 (en) * 2004-07-06 2006-02-09 Francis Ovenden Managing personal communications from a calendar scheduling application
US7640346B2 (en) * 2005-02-01 2009-12-29 Microsoft Corporation Dispatching network connections in user-mode
JP4722519B2 (ja) * 2005-03-25 2011-07-13 株式会社日立製作所 計算機システム及びストレージサーバ、検索サーバ、端末装置並びに検索方法
US7742498B2 (en) 2005-05-17 2010-06-22 At&T Intellectual Property Ii, L.P. Method and apparatus for routing a call to a dual mode wireless device
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
JP4600762B2 (ja) * 2005-08-31 2010-12-15 ソニー株式会社 情報処理装置および方法、並びにプログラム
KR100810368B1 (ko) * 2006-07-10 2008-03-07 주식회사 한글과 컴퓨터 그룹 내 문서에 대한 유출 방지 및 접근 제어 시스템
US8874907B1 (en) * 2007-09-28 2014-10-28 Symantec Operating Corporation Controlling access to an NFS share
US8560833B2 (en) * 2010-10-29 2013-10-15 Aruba Networks, Inc. Automatic secure client access
US8959113B2 (en) 2011-03-30 2015-02-17 Open Text S.A. System, method and computer program product for managing tabulated metadata
GB2495079A (en) 2011-09-23 2013-04-03 Hybrid Logic Ltd Live migration of applications and file systems in a distributed system
US10311027B2 (en) 2011-09-23 2019-06-04 Open Invention Network, Llc System for live-migration and automated recovery of applications in a distributed system
US9483542B2 (en) 2011-09-23 2016-11-01 Hybrid Logic Ltd System for live-migration and automated recovery of applications in a distributed system
US9501543B2 (en) 2011-09-23 2016-11-22 Hybrid Logic Ltd System for live-migration and automated recovery of applications in a distributed system
US10331801B2 (en) 2011-09-23 2019-06-25 Open Invention Network, Llc System for live-migration and automated recovery of applications in a distributed system
US9477739B2 (en) 2011-09-23 2016-10-25 Hybrid Logic Ltd System for live-migration and automated recovery of applications in a distributed system
US9547705B2 (en) * 2011-09-23 2017-01-17 Hybrid Logic Ltd System for live-migration and automated recovery of applications in a distributed system
TW201351194A (zh) * 2012-06-07 2013-12-16 Askey Computer Corp 可攜式電子裝置的資料保護方法及其電腦程式產品
US8635668B1 (en) * 2012-07-11 2014-01-21 International Business Machines Corporation Link analysis tool for security information handling system
US8806575B2 (en) 2012-07-11 2014-08-12 International Business Machines Corporation Network selection tool for information handling system
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9513803B2 (en) * 2012-12-21 2016-12-06 Intel Corporation Tagging in a storage device
US9699141B2 (en) * 2013-04-03 2017-07-04 Symantec Corporation Method and apparatus for integrating security context in network routing decisions
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
CN103905466B (zh) * 2014-04-22 2017-01-11 郭伟 一种存储系统数据访问控制系统及其方法
US9713006B2 (en) 2014-05-01 2017-07-18 At&T Intellectual Property I, Lp Apparatus and method for managing security domains for a universal integrated circuit card
US9628486B2 (en) 2014-10-23 2017-04-18 Vormetric, Inc. Access control for data blocks in a distributed filesystem
US10558818B2 (en) * 2017-02-22 2020-02-11 Red Hat, Inc. Supporting security access controls in an overlay filesystem
US11042641B2 (en) * 2018-09-11 2021-06-22 Amari.Ai Incorporated Deployment and communications gateway for deployment, trusted execution, and secure communications
EP4106290A1 (en) * 2021-06-17 2022-12-21 Deutsche Telekom AG A method for operating a distributed application

Family Cites Families (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6850252B1 (en) * 1999-10-05 2005-02-01 Steven M. Hoffberg Intelligent electronic appliance system and method
US5758334A (en) 1995-07-05 1998-05-26 International Business Machines Corporation File system remount operation with selectable access modes that saves knowledge of the volume path and does not interrupt an executing process upon changing modes
US6006018A (en) * 1995-10-03 1999-12-21 International Business Machines Corporation Distributed file system translator with extended attribute support
US6081610A (en) * 1995-12-29 2000-06-27 International Business Machines Corporation System and method for verifying signatures on documents
JPH09305682A (ja) 1996-05-13 1997-11-28 Sony Corp 通信装置
JPH10124427A (ja) 1996-06-19 1998-05-15 At & T Corp 自動的にネットワーク再構成を行なうためのシステムおよび方法
US5903732A (en) * 1996-07-03 1999-05-11 Hewlett-Packard Company Trusted gateway agent for web server programs
JPH10171879A (ja) 1996-12-06 1998-06-26 Purosupaa Kurieiteibu:Kk 商品販売システム、その情報通信方法およびその記録媒体
JPH10229459A (ja) 1996-12-09 1998-08-25 Nippon Telegr & Teleph Corp <Ntt> 有料情報の送出方法、その装置および記録媒体
CN1225186A (zh) * 1996-12-18 1999-08-04 亚历山大S·奥伦斯坦 用于从远程站访问应用服务程序的安全系统
US6405315B1 (en) * 1997-09-11 2002-06-11 International Business Machines Corporation Decentralized remotely encrypted file system
US5931947A (en) * 1997-09-11 1999-08-03 International Business Machines Corporation Secure array of remotely encrypted storage devices
US6490620B1 (en) * 1997-09-26 2002-12-03 Worldcom, Inc. Integrated proxy interface for web based broadband telecommunications management
US6058400A (en) * 1998-04-28 2000-05-02 Sun Microsystems, Inc. Highly available cluster coherent filesystem
JP2000010921A (ja) 1998-06-19 2000-01-14 Nec Corp 通信方法および通信システム、並びに記録媒体
JP2000067120A (ja) 1998-08-19 2000-03-03 Nec Corp プログラムダウンロードによるインターネット迂回ルートの自動確立装置および方法
JP2000076336A (ja) 1998-08-31 2000-03-14 Fujitsu Ltd 電子決済認証システム及び電子商取引サービスプロバイダ装置
AU6401999A (en) * 1998-09-28 2000-04-17 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6772333B1 (en) * 1999-09-01 2004-08-03 Dickens Coal Llc Atomic session-start operation combining clear-text and encrypted sessions to provide id visibility to middleware such as load-balancers
US6782418B1 (en) * 2000-01-24 2004-08-24 General Electric Company Method and apparatus for secure data file uploading
US6952780B2 (en) * 2000-01-28 2005-10-04 Safecom A/S System and method for ensuring secure transfer of a document from a client of a network to a printer
KR20010096814A (ko) * 2000-04-14 2001-11-08 홍기융 전자서명 인증기반 파일시스템 해킹방지용 보안커널 방법
US7010689B1 (en) * 2000-08-21 2006-03-07 International Business Machines Corporation Secure data storage and retrieval in a client-server environment
US6947556B1 (en) * 2000-08-21 2005-09-20 International Business Machines Corporation Secure data storage and retrieval with key management and user authentication
US7089585B1 (en) * 2000-08-29 2006-08-08 Microsoft Corporation Method and system for authorizing a client computer to access a server computer
US7003799B2 (en) * 2001-01-30 2006-02-21 Hewlett-Packard Development Company, L.P. Secure routable file upload/download across the internet
US7073055B1 (en) * 2001-02-22 2006-07-04 3Com Corporation System and method for providing distributed and dynamic network services for remote access server users
US6931530B2 (en) * 2002-07-22 2005-08-16 Vormetric, Inc. Secure network file access controller implementing access control and auditing
US6678828B1 (en) * 2002-07-22 2004-01-13 Vormetric, Inc. Secure network file access control system
US7143288B2 (en) * 2002-10-16 2006-11-28 Vormetric, Inc. Secure file system server architecture and methods
US7565533B2 (en) * 2002-11-05 2009-07-21 Sun Microsystems, Inc. Systems and methods for providing object integrity and dynamic permission grants
US8683031B2 (en) * 2004-10-29 2014-03-25 Trustwave Holdings, Inc. Methods and systems for scanning and monitoring content on a network

Also Published As

Publication number Publication date
KR100906119B1 (ko) 2009-07-07
TW200507570A (en) 2005-02-16
JP2007503652A (ja) 2007-02-22
DE602004002401D1 (de) 2006-10-26
CA2525249C (en) 2011-03-29
CN1791878A (zh) 2006-06-21
BRPI0410569B1 (pt) 2016-08-23
US20040236745A1 (en) 2004-11-25
TWI282229B (en) 2007-06-01
CA2525249A1 (en) 2004-12-02
JP4602981B2 (ja) 2010-12-22
IL172054A0 (en) 2011-08-01
DE602004002401T2 (de) 2007-09-20
US7917751B2 (en) 2011-03-29
EP1625524B1 (en) 2006-09-13
EP1625524A1 (en) 2006-02-15
KR20060015714A (ko) 2006-02-20
IL172054A (en) 2012-09-24
CN100530207C (zh) 2009-08-19
ATE339733T1 (de) 2006-10-15
WO2004104902A1 (en) 2004-12-02

Similar Documents

Publication Publication Date Title
BRPI0410569A (pt) extensão de segurança de rede de sistemas de arquivos distribuìdos
Dornseif et al. Nosebreak-attacking honeynets
USH1944H1 (en) Firewall security method and apparatus
WO2001033320A3 (en) Public network access server having a user-configurable firewall
WO2005084252A3 (en) System, method and client user interface for a copy protection service
WO2007100388A3 (en) Techniques for network protection based on subscriber-aware application proxies
BRPI0509900A (pt) sistema e método para iniciar automaticamente e estabelecer de forma dinámica conexões seguras pela internet entre um servidor com barreira de proteção e um cliente com barreira de proteção
WO2007016478A3 (en) Network security systems and methods
MY135574A (en) Automatic discovery and configuration of external network devices
KR20050120875A (ko) 서버 보안 솔루션과 네트워크 보안 솔루션을 이용한시스템 보안 방법 및 이를 구현하는 보안시스템
WO2006108259A1 (en) Secure client operating system for connection to an unsecure network
GB0609099D0 (en) Methods and system for replicating and securing process control data
JP2000163283A (ja) リモートサイトコンピュータ監視システム
Rash Single packet authorization with fwknop
Hindocha Threats to instant messaging
CN107835151B (zh) 一种即插即用式多协议链路自主切换的无痕上网浏览方法及装置
TW200501658A (en) System and method for IP logging
FR2816417B1 (fr) Procede et systeme pour etendre le champ d&#39;adresses publiques attribuables a une connexion au reseau internet, et leur application a la lutte contre la diffusion illegale d&#39;oeuvres protegees
Ricciulli Anetd: Active networks daemon (v1. 0)
Huimin et al. A Study on Cyber Defence Honeynet Technology and Configuration Examples.
Brotzman Wrap a security blanket around your computer
Levine Firewall Configuration from a Risk Analysis Perspective
Leech Chinese lottery cryptanalysis revisited: The internet as a codebreaking tool
Daicos et al. Concerning Enterprise Network Vulnerability To Http Tunnelling
Scheidler syslog-ng reference manual

Legal Events

Date Code Title Description
B07A Application suspended after technical examination (opinion) [chapter 7.1 patent gazette]
B09A Decision: intention to grant [chapter 9.1 patent gazette]
B16A Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]

Free format text: PRAZO DE VALIDADE: 10 (DEZ) ANOS CONTADOS A PARTIR DE 23/08/2016, OBSERVADAS AS CONDICOES LEGAIS.

B24B Patent annual fee: requirement for complementing annual fee

Free format text: CONFORME RESOLUCAO 113/2013, O DEPOSITANTE DEVERA COMPLEMENTAR A RETRIBUICAO DA(S) 16O ANUIDADE(S), DE ACORDO COM TABELA VIGENTE, REFERENTE A(S) GUIA(S) DE RECOLHIMENTO 29409161904722341.

B24D Patent annual fee: restoration after fee payment