DE112012003977T8 - Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung - Google Patents

Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung Download PDF

Info

Publication number
DE112012003977T8
DE112012003977T8 DE112012003977.7T DE112012003977T DE112012003977T8 DE 112012003977 T8 DE112012003977 T8 DE 112012003977T8 DE 112012003977 T DE112012003977 T DE 112012003977T DE 112012003977 T8 DE112012003977 T8 DE 112012003977T8
Authority
DE
Germany
Prior art keywords
cloud environment
security rules
automatically distributing
intrusive method
distributing security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
DE112012003977.7T
Other languages
English (en)
Other versions
DE112012003977T5 (de
Inventor
Yu Zhang
Li Yi
Bo Gao
Ling Lan
Steven Dale Ims
Jason Robert McGee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GlobalFoundries Inc
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112012003977T5 publication Critical patent/DE112012003977T5/de
Application granted granted Critical
Publication of DE112012003977T8 publication Critical patent/DE112012003977T8/de
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)
DE112012003977.7T 2011-10-24 2012-09-12 Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung Expired - Fee Related DE112012003977T8 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201110324588.2 2011-10-24
CN201110324588.2A CN103067344B (zh) 2011-10-24 2011-10-24 在云环境中自动分发安全规则的非侵入性方法和设备
PCT/CN2012/081274 WO2013060203A1 (en) 2011-10-24 2012-09-12 Non-intrusive method and apparatus for automatically dispatching security rules in cloud environment

Publications (2)

Publication Number Publication Date
DE112012003977T5 DE112012003977T5 (de) 2014-09-11
DE112012003977T8 true DE112012003977T8 (de) 2014-10-30

Family

ID=48109810

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112012003977.7T Expired - Fee Related DE112012003977T8 (de) 2011-10-24 2012-09-12 Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung

Country Status (5)

Country Link
US (1) US9444787B2 (de)
CN (1) CN103067344B (de)
DE (1) DE112012003977T8 (de)
TW (1) TWI540457B (de)
WO (1) WO2013060203A1 (de)

Families Citing this family (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2884321C (en) * 2013-08-15 2015-06-30 Immun.io Inc. Method and system for protecting web applications against web attacks
US9692789B2 (en) * 2013-12-13 2017-06-27 Oracle International Corporation Techniques for cloud security monitoring and threat intelligence
US10063654B2 (en) 2013-12-13 2018-08-28 Oracle International Corporation Systems and methods for contextual and cross application threat detection and prediction in cloud applications
WO2015094196A1 (en) * 2013-12-17 2015-06-25 Hewlett-Packard Development Company, L.P. A generic model to implement a cloud computing service
CN103731430A (zh) * 2014-01-09 2014-04-16 北京哈工大计算机网络与信息安全技术研究中心 一种基于struts2架构文件上传安全控制方法
CN103812693B (zh) * 2014-01-23 2017-12-12 汉柏科技有限公司 一种基于不同类型服务的云计算防护处理方法及系统
WO2015137978A1 (en) 2014-03-14 2015-09-17 Hewlett Packard Development Company, L.P. Semantic restriction
US10193892B2 (en) 2014-03-14 2019-01-29 Hewlett Packard Enterprise Development Lp Resource restriction
CN103916399B (zh) * 2014-04-15 2018-09-25 浪潮电子信息产业股份有限公司 一种计算机信息安全防御系统
CN104158910B (zh) * 2014-08-29 2017-12-15 金石易诚(北京)科技有限公司 一种云端Web应用自动化部署系统
CN105471821B (zh) * 2014-08-29 2019-09-17 腾讯科技(深圳)有限公司 一种基于浏览器的信息处理方法及装置
US9838431B2 (en) * 2014-11-28 2017-12-05 International Business Machines Corporation Context-based cloud security assurance system
US9894100B2 (en) * 2014-12-30 2018-02-13 Fortinet, Inc. Dynamically optimized security policy management
AU2016226956B2 (en) * 2015-03-04 2019-04-18 Nippon Telegraph And Telephone Corporation Security measure invalidation prevention device, security measure invalidation prevention method, and security measure invalidation prevention program
CN104796743B (zh) * 2015-04-03 2020-04-24 腾讯科技(北京)有限公司 内容项显示系统、方法及设备
CN105049440B (zh) * 2015-08-06 2018-04-10 福建天晴数码有限公司 检测跨站脚本攻击注入的方法及系统
US9900285B2 (en) 2015-08-10 2018-02-20 International Business Machines Corporation Passport-controlled firewall
TWI569165B (zh) * 2015-09-14 2017-02-01 Chunghwa Telecom Co Ltd The method of grouping external sites through proxy logs
CN106603473B (zh) * 2015-10-19 2021-01-01 华为技术有限公司 网络安全信息的处理方法及网络安全信息的处理系统
US10536478B2 (en) 2016-02-26 2020-01-14 Oracle International Corporation Techniques for discovering and managing security of applications
CN105791289A (zh) * 2016-03-02 2016-07-20 夏杰 一种基于大数据计算的网络保护的方法及系统
CN107205006A (zh) * 2016-03-18 2017-09-26 上海有云信息技术有限公司 一种面向网站集约化建设的统一Web安全防护方法
CN106341400B (zh) * 2016-08-29 2019-06-18 联动优势科技有限公司 一种处理业务请求的方法及装置
CN106603535B (zh) * 2016-12-17 2019-08-20 苏州亿阳值通科技发展股份有限公司 基于SaaS平台的安全系统构架
US20180307472A1 (en) * 2017-04-20 2018-10-25 Sap Se Simultaneous deployment on cloud devices and on on-premise devices
WO2019047030A1 (en) * 2017-09-05 2019-03-14 Nokia Solutions And Networks Oy METHOD AND APPARATUS FOR MANAGING ALS IN CLOUD-DISTRIBUTED ENVIRONMENTS
JP6375047B1 (ja) * 2017-12-05 2018-08-15 株式会社サイバーセキュリティクラウド ファイアウォール装置
US10645121B1 (en) * 2017-12-11 2020-05-05 Juniper Networks, Inc. Network traffic management based on network entity attributes
CN108092979B (zh) * 2017-12-20 2021-05-28 国家电网公司 一种防火墙策略处理方法及装置
CN108540453B (zh) * 2018-03-15 2021-06-18 新智数字科技有限公司 一种应用于PaaS的网络隔离方法、装置以及设备
CN110505190A (zh) * 2018-05-18 2019-11-26 深信服科技股份有限公司 微分段的部署方法、安全设备、存储介质及装置
CN109286617B (zh) * 2018-09-13 2021-06-29 郑州云海信息技术有限公司 一种数据处理方法及相关设备
CN112805687A (zh) * 2018-10-11 2021-05-14 日本电信电话株式会社 信息处理装置、异常分析方法以及程序
CN109660548B (zh) * 2018-12-28 2022-07-05 奇安信科技集团股份有限公司 基于全局网络拓扑结构的防火墙规则生成方法及服务器
CN110941681B (zh) * 2019-12-11 2021-02-23 南方电网数字电网研究院有限公司 电力系统的多租户数据处理系统、方法和装置
CN111343016B (zh) * 2020-02-21 2021-01-26 北京京东尚科信息技术有限公司 云服务器集群管理方法和装置
US11716311B2 (en) * 2020-11-24 2023-08-01 Google Llc Inferring firewall rules from network traffic
TWI773200B (zh) * 2021-03-18 2022-08-01 中華電信股份有限公司 容器服務基礎設施供裝管理系統、方法及電腦可讀媒介

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6119230A (en) 1997-10-01 2000-09-12 Novell, Inc. Distributed dynamic security capabilities
US7673323B1 (en) 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US6950825B2 (en) 2002-05-30 2005-09-27 International Business Machines Corporation Fine grained role-based access to system resources
US8418222B2 (en) 2008-03-05 2013-04-09 Microsoft Corporation Flexible scalable application authorization for cloud computing environments
US9069599B2 (en) * 2008-06-19 2015-06-30 Servicemesh, Inc. System and method for a cloud computing abstraction layer with security zone facilities
US8490150B2 (en) * 2009-09-23 2013-07-16 Ca, Inc. System, method, and software for enforcing access control policy rules on utility computing virtualization in cloud computing systems
US8640195B2 (en) * 2009-09-30 2014-01-28 International Business Machines Corporation Method and system for automating security policy definition based on recorded transactions
CN201717894U (zh) 2010-04-30 2011-01-19 上海联启网络科技有限公司 模块式云计算智能建站系统
CN102045353B (zh) * 2010-12-13 2013-06-19 北京交通大学 一种公有云服务的分布式网络安全控制方法
CN102111420A (zh) * 2011-03-16 2011-06-29 上海电机学院 基于动态云火墙联动的智能nips架构

Also Published As

Publication number Publication date
US9444787B2 (en) 2016-09-13
US20150033285A1 (en) 2015-01-29
TWI540457B (zh) 2016-07-01
WO2013060203A1 (en) 2013-05-02
DE112012003977T5 (de) 2014-09-11
CN103067344B (zh) 2016-03-30
CN103067344A (zh) 2013-04-24
TW201337626A (zh) 2013-09-16

Similar Documents

Publication Publication Date Title
DE112012003977T8 (de) Eingriffsfreies Verfahren und Vorrichtung zum automatischen Zuteilen von Sicherheitsregelnin einer Cloud-Umgebung
DE102014103531A8 (de) Verfahren und vorrichtung zum regeln eines workflows in einer verfahrenstechnischen anlage
GB201301020D0 (en) Method and apparatus for deploying industrial plant simulators using cloud computing technologies
DE112014000887A5 (de) Verfahren und Vorrichtung zur Bestimmung eines Fahrbahnzustands
DE112012003291A5 (de) Sicherheitsbehälter zur Handhabung einer elektrochemischen Vorrichtung und Verfahren zur Handhabung einer in einem Sicherheitsbehälter angeordneten elektrochemischen Vorrichtung
DE102013215025A8 (de) System zur Bestimmung der Position eines tragbaren Geräts, Verfahren zur Bestimmung der Position eines tragbaren Geräts, und Vorrichtung zur Bestimmung der Position eines tragbaren Geräts
DE102011105141A8 (de) Verfahren und system zur simulation eines arbeitsprozesses an einer werkzeugmaschine
DE112013001673A5 (de) Verfahren zur Handhabung eines Hydroschalldämpfers und Vorrichtung zur Minderung von Schall im Wasser
DE112011105262A5 (de) Optoelektronische Vorrichtung und Verfahren zur Herstellung von optoelektronischen Vorrichtungen
DE102012100553A8 (de) Verfahren und Vorrichtung zum Spleißen von Garn
DE102013210269B8 (de) Vorrichtung und Verfahren zur Untersuchung von Proben in einer Flüssigkeit
DE112014002704A5 (de) Vorrichtung und Verfahren zur Berechnung von Hologrammdaten
DE112013004449T8 (de) Vorrichtung und Verfahren zum Optimieren von halbaktiven Auslastungen
DE102011110978A8 (de) Verfahren zum Bedienen einer elektronischen Einrichtung oder einer Applikation und entsprechende Vorrichtung
DE102013114928A8 (de) Vorrichtung und Verfahren zum Verarbeiten von Straßendaten
DE102012108990A8 (de) Verfahren zum Lokalisieren eines Feldgerätes in einer Automatisierungsanlage
DE112014005669A5 (de) Vorrichtung und Verfahren zur Messung eines Rotorparameters
DE112013003948A5 (de) Verfahren und Vorrichtung zum Klassifizieren von Wasserfahrzeugen
EP2836906A4 (de) System und verfahren zur echtzeit-befehlsverfolgung
DE112013000239A5 (de) Verfahren und Vorrichtung zur Herstellung eines Seils
DE112012001960A5 (de) Verfahren und System zum Lokalisieren einer Person
DE112011105342A5 (de) Verfahren und Vorrichtung zu Kommissionierung von Waren: Pick-by-arrow
LU91878B1 (de) Verfahren und Vorrichtung zum Wurftraining
DE112011100370T8 (de) Verfahren und Vorrichtung zum Betreiben einer Speichereinheit
DE102013014393A8 (de) System und Verfahren zum Bereitstellen eines Spannungsversorgungsschutzes in einer Speichervorrichtung

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R081 Change of applicant/patentee

Owner name: GLOBALFOUNDRIES INC., KY

Free format text: FORMER OWNER: INTERNATIONAL BUSINESS MACHINES CORPORATION, ARMONK, N.Y., US

R082 Change of representative

Representative=s name: RICHARDT PATENTANWAELTE PARTG MBB, DE

Representative=s name: RICHARDT PATENTANWAELTE PART GMBB, DE

R079 Amendment of ipc main class

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0012260000

Effective date: 20140813

R081 Change of applicant/patentee

Owner name: GLOBALFOUNDRIES INC., KY

Free format text: FORMER OWNER: INTERNATIONAL BUSINESS MACHINES CORPORATION, ARMONK, N.Y., US

R082 Change of representative

Representative=s name: RICHARDT PATENTANWAELTE PARTG MBB, DE

R081 Change of applicant/patentee

Owner name: GLOBALFOUNDRIES INC., KY

Free format text: FORMER OWNER: GLOBALFOUNDRIES US 2 LLC (N.D.GES.DES STAATES DELAWARE), HOPEWELL JUNCTION, N.Y., US

R082 Change of representative

Representative=s name: RICHARDT PATENTANWAELTE PARTG MBB, DE

R119 Application deemed withdrawn, or ip right lapsed, due to non-payment of renewal fee