WO2012100092A3 - System and method for a cloud computing abstraction layer with security zone facilities - Google Patents

System and method for a cloud computing abstraction layer with security zone facilities Download PDF

Info

Publication number
WO2012100092A3
WO2012100092A3 PCT/US2012/021921 US2012021921W WO2012100092A3 WO 2012100092 A3 WO2012100092 A3 WO 2012100092A3 US 2012021921 W US2012021921 W US 2012021921W WO 2012100092 A3 WO2012100092 A3 WO 2012100092A3
Authority
WO
WIPO (PCT)
Prior art keywords
security zone
policy
software workload
workload
security
Prior art date
Application number
PCT/US2012/021921
Other languages
French (fr)
Other versions
WO2012100092A2 (en
Inventor
Frank R MARTINEZ
Eric Pulier
Original Assignee
Servicemesh, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/009,774 external-priority patent/US8931038B2/en
Application filed by Servicemesh, Inc. filed Critical Servicemesh, Inc.
Publication of WO2012100092A2 publication Critical patent/WO2012100092A2/en
Publication of WO2012100092A3 publication Critical patent/WO2012100092A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

In embodiments of the present invention improved capabilities are described for a virtualization environment adapted for development and deployment of at least one software workload, the virtualization environment having a metamodel framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. This allows a developer to define a security zone and to apply at least one type of security policy with respect to the security zone including the type of security zone policy in the metamodel framework such that the type of security zone policy can be associated with the software workload upon development of the software workload, and if the type of security zone policy is associated with the software workload, automatically applying the security policy to the software workload when the software workload is deployed within the security zone.
PCT/US2012/021921 2011-01-19 2012-01-19 System and method for a cloud computing abstraction layer with security zone facilities WO2012100092A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201161434396P 2011-01-19 2011-01-19
US61/434,396 2011-01-19
US13/009,774 2011-01-19
US13/009,774 US8931038B2 (en) 2009-06-19 2011-01-19 System and method for a cloud computing abstraction layer

Publications (2)

Publication Number Publication Date
WO2012100092A2 WO2012100092A2 (en) 2012-07-26
WO2012100092A3 true WO2012100092A3 (en) 2012-09-27

Family

ID=46516385

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2012/021921 WO2012100092A2 (en) 2011-01-19 2012-01-19 System and method for a cloud computing abstraction layer with security zone facilities

Country Status (1)

Country Link
WO (1) WO2012100092A2 (en)

Families Citing this family (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10235205B2 (en) 2012-05-24 2019-03-19 Citrix Systems, Inc. Remote management of distributed datacenters
EP2862313B9 (en) 2012-06-14 2020-05-06 Tekelec, Inc. System for providing policy and charging rules function (pcrf) with integrated openflow controller
US8935764B2 (en) * 2012-08-31 2015-01-13 Hewlett-Packard Development Company, L.P. Network system for implementing a cloud platform
US9571564B2 (en) 2012-08-31 2017-02-14 Hewlett Packard Enterprise Development Lp Network system for implementing a cloud platform
US9201639B2 (en) * 2012-09-07 2015-12-01 Oracle International Corporation System and method for service definition packages for use with a cloud computing environment
US9357034B2 (en) * 2012-09-07 2016-05-31 Oracle International Corporation System and method for orchestration of services for use with a cloud computing environment
US9424024B2 (en) * 2012-09-07 2016-08-23 Oracle International Corporation System and method for elasticity management of services with a cloud computing environment
US10122596B2 (en) 2012-09-07 2018-11-06 Oracle International Corporation System and method for providing a service management engine for use with a cloud computing environment
US9323517B2 (en) * 2012-09-07 2016-04-26 Oracle International Corporation System and method for dynamic modification of service definition packages with a cloud computing environment
CN103019938B (en) * 2012-12-26 2016-12-28 北京搜狐新媒体信息技术有限公司 A kind of method and device in the application of local test cloud platform
JP6096325B2 (en) 2013-02-18 2017-03-15 テケレック・インコーポレイテッドTekelec, Inc. Method, system, and computer-readable medium for providing a sinking Diameter network architecture
US9298515B2 (en) 2013-02-18 2016-03-29 Tekelec, Inc. Methods, systems, and computer readable media for providing a virtualized diameter network architecture and for routing traffic to dynamically instantiated diameter resource instances
US20140236745A1 (en) * 2013-02-20 2014-08-21 Airvm Inc. Virtualized distribution system offering virtual products or services
CN103152415A (en) * 2013-03-04 2013-06-12 浪潮电子信息产业股份有限公司 Resource approval process design method based on cloud data center
US10142173B2 (en) * 2013-04-29 2018-11-27 Amazon Technologies, Inc. Automated creation of private virtual networks in a service provider network
US9391897B2 (en) 2013-07-31 2016-07-12 Oracle International Corporation Methods, systems, and computer readable media for mitigating traffic storms
US9537775B2 (en) 2013-09-23 2017-01-03 Oracle International Corporation Methods, systems, and computer readable media for diameter load and overload information and virtualization
US9838483B2 (en) * 2013-11-21 2017-12-05 Oracle International Corporation Methods, systems, and computer readable media for a network function virtualization information concentrator
US11388082B2 (en) 2013-11-27 2022-07-12 Oracle International Corporation Methods, systems, and computer readable media for diameter routing using software defined network (SDN) functionality
WO2016053306A1 (en) * 2014-09-30 2016-04-07 Hewlett Packard Enterprise Development Lp Topology based management of second day operations
US9917729B2 (en) 2015-04-21 2018-03-13 Oracle International Corporation Methods, systems, and computer readable media for multi-layer orchestration in software defined networks (SDNs)
US10484460B2 (en) * 2016-07-22 2019-11-19 Microsoft Technology Licensing, Llc Access services in hybrid cloud computing systems
US11294701B2 (en) 2019-01-11 2022-04-05 Hewlett Packard Enterprise Development Lp Enhanced management of storage repository availability in a virtual environment
JP7598384B2 (en) * 2019-03-26 2024-12-11 ヒューマニタス ソリューションズ インコーポレイテッド SYSTEM AND METHOD FOR ENABLED PERFORMANCE OF MULTIPLE TASKS IN HETEROGENEOUS DYNAMIC ENVIRONMENTS - Patent application
WO2020217096A1 (en) * 2019-04-23 2020-10-29 Zebware Ab Method and devices for enabling portability of data and client between cloud service providers
CN112333003B (en) * 2020-10-13 2022-11-08 北京京东尚科信息技术有限公司 Method and device for acquiring proprietary cloud container cluster gene information
WO2022103882A1 (en) * 2020-11-11 2022-05-19 Tehama Inc. Virtual room directory service
CN113359625B (en) * 2021-05-19 2024-03-12 华电电力科学研究院有限公司 Heat supply management and control integrated platform system with network safety protection function and application

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7506357B1 (en) * 1998-10-28 2009-03-17 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US20090178108A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Enterprise security assessment sharing for off-premise users using globally distributed infrastructure
US20100071024A1 (en) * 2008-09-12 2010-03-18 Juniper Networks, Inc. Hierarchical application of security services within a computer network
US20100223385A1 (en) * 2007-02-02 2010-09-02 The Mathworks, Inc. Scalable architecture

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7506357B1 (en) * 1998-10-28 2009-03-17 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US20100223385A1 (en) * 2007-02-02 2010-09-02 The Mathworks, Inc. Scalable architecture
US20090178108A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Enterprise security assessment sharing for off-premise users using globally distributed infrastructure
US20100071024A1 (en) * 2008-09-12 2010-03-18 Juniper Networks, Inc. Hierarchical application of security services within a computer network

Also Published As

Publication number Publication date
WO2012100092A2 (en) 2012-07-26

Similar Documents

Publication Publication Date Title
WO2012100092A3 (en) System and method for a cloud computing abstraction layer with security zone facilities
WO2011112347A3 (en) System and method for malware detection
EP3332332A4 (en) System and method for network function virtualization resource management
GB2505804A8 (en) Multi-domain information sharing
WO2012027701A3 (en) Parallel processing development environment and associated methods
WO2014052934A3 (en) Tablet computer
BR102014015634A8 (en) COMPUTER-IMPLEMENTED METHOD TO PREVENT ATTACKS AGAINST AUTHORIZATION SYSTEMS, COMPUTER PROGRAM, AND COMPUTER PROGRAM PRODUCT
EP3198788A4 (en) Trusted execution environment and transport layer security key pair for e-commerce and card not present transactions
AU2014235181A8 (en) Certificate based profile confirmation
WO2014078585A3 (en) Methods, systems and computer readable media for detecting command injection attacks
EP3869332A3 (en) Roots-of-trust for measurement of virtual machines
EP3451594A4 (en) Network function virtualization management orchestration device, method, and program
EP3252607A4 (en) Network function virtualization management and orchestration device, system, management method, and program
WO2014046888A3 (en) Controlling distribution of resources on a network
WO2013033824A3 (en) System and methods for developing component-based computing applications
WO2012092113A3 (en) Policy-based access to virtualized applications
EP3249528A4 (en) Method, device, and program for management and orchestration of network functions virtualization
EP3074872A4 (en) System and method for a security asset manager
WO2008008765A3 (en) Role-based access in a multi-customer computing environment
WO2014093909A3 (en) Metadata driven real-time analytics framework
EP2994809A4 (en) System and method of packaging computing resources for space and fire-resistance
WO2014165538A3 (en) Update management for a distributed computing system
GB2507015A (en) Communication with a virtual trusted runtime bios
BR112013030584A2 (en) system and method for preserving sandbox references
EP3111593A4 (en) Techniques for computing resource discovery and management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12736238

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12736238

Country of ref document: EP

Kind code of ref document: A2