Patents Assigned to Suse LLC
-
Patent number: 11996994Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.Type: GrantFiled: May 31, 2023Date of Patent: May 28, 2024Assignee: SUSE LLCInventor: Sandhya Balakrishnan
-
Publication number: 20240169053Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.Type: ApplicationFiled: January 27, 2024Publication date: May 23, 2024Applicant: SUSE LLCInventors: Glen K. Kosaka, Gang Duan, Fei Huang
-
Patent number: 11966463Abstract: A policy interpreter detects that an application container has been added in a container system, and opens a stored manifest for the application container. The policy interpreter retrieves running services information regarding the application container, and generates a security policy for the application container. The security policy defines a set of actions for which the application container can perform, and the set of actions are determined using the manifest and the running service information associated with the application container. The policy interpreter loads the security policy at a security container. The security container blocks an action performed by the application container in response to determining that the action performed by the application container does not match any action in the set of actions defined in the security policy. The policy interpreter transmits the security policy to a graphical user interface container for presentation to a user via a display device.Type: GrantFiled: January 14, 2022Date of Patent: April 23, 2024Assignee: SUSE LLCInventors: Glen K. Kosaka, Gang Duan, Fei Huang
-
Publication number: 20240086521Abstract: A threat level analyzer probes for one or more threats within an application container in a container system. Each threat is a vulnerability or a non-conformance with a benchmark setting. The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.Type: ApplicationFiled: November 21, 2023Publication date: March 14, 2024Applicant: SUSE LLCInventors: Henrik Rosendahl, Fei Huang, Gang Duan
-
Patent number: 11915051Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.Type: GrantFiled: March 22, 2023Date of Patent: February 27, 2024Assignee: SUSE LLCInventors: Ignacio Aldama, Ruben Sevilla Giron, Javier Garcia-Lopez
-
Patent number: 11886573Abstract: A threat level analyzer probes for one or more threats within an application container in a container system. Each threat is a vulnerability or a non-conformance with a benchmark setting. The threat level analyzer further probes for one or more threats within a host of the container service. The threat level analyzer generates a threat level assessment score based on results from the probing of the one or more threats of the application container and the one or more threats of the host, and generates a report for presentation in a user interface including the threat level assessment score and a list of threats discovered from the probe of the application container and the host. A report is transmitted by the threat level analyzer to a client device of a user for presentation in the user interface.Type: GrantFiled: August 27, 2021Date of Patent: January 30, 2024Assignee: SUSE LLCInventors: Henrik Rosendahl, Fei Huang, Gang Duan
-
Publication number: 20230412628Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.Type: ApplicationFiled: August 20, 2023Publication date: December 21, 2023Applicant: SUSE LLCInventors: Fei Huang, Gang Duan, Zang Li
-
Patent number: 11792216Abstract: A container system monitors one or more activities of an application container in a container system by intercepting data from the one or more activities of the application container. The application container includes computer-readable instructions and initiated via a container service and isolated using operating system-level virtualization. The monitoring is performed at a layer between the app container and the container service. The container system also transmits a report of the intercepted one or more activities to a designated source. The container system inspects the intercepted one or more activities, and in response to the intercepted one or more activities violating a policy in a policy store, triggers an action specified in the policy.Type: GrantFiled: June 26, 2018Date of Patent: October 17, 2023Assignee: SUSE LLCInventors: Fei Huang, Gang Duan, Zang Li
-
Publication number: 20230318939Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.Type: ApplicationFiled: May 31, 2023Publication date: October 5, 2023Applicant: SUSE LLCInventor: Sandhya BALAKRISHNAN
-
Publication number: 20230297364Abstract: The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system.Type: ApplicationFiled: May 30, 2023Publication date: September 21, 2023Applicant: SUSE LLCInventor: Peter Bowen
-
Publication number: 20230229496Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.Type: ApplicationFiled: March 22, 2023Publication date: July 20, 2023Applicant: SUSE LLCInventors: Ignacio Aldama, Ruben Sevilla Giron, Javier Garcia-Lopez
-
Patent number: 11700188Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.Type: GrantFiled: February 1, 2022Date of Patent: July 11, 2023Assignee: SUSE LLCInventor: Sandhya Balakrishnan
-
Patent number: 11698781Abstract: The system and method described herein may upgrade kernels in cloud images deployed in cloud computing environments without having to rebuild a machine image that contains a root file system for the cloud image. For example, the cloud image may include a ramdisk that compares the kernel booted in the cloud image to the root file system to verify whether the machine image contains a directory hierarchy matching an operating system release for the kernel. In response to the machine image containing the matching directory hierarchy, the root file system may be mounted for execution in the cloud computing environment. Alternatively, in response to the machine image lacking the matching directory hierarchy, the ramdisk may dynamically create the matching directory hierarchy and inject modules that support the kernel into the root file system prior to mounting and delivering control to the root file system.Type: GrantFiled: March 21, 2016Date of Patent: July 11, 2023Assignee: Suse LLCInventor: Peter Bowen
-
Patent number: 11455160Abstract: Performing at least one of transmitting a request for an update responsive to at least one of at least two applications executing on a network device via at least one available network connection, wherein the network device utilizes at least two network adapters and the first network adapter is configured for transmitting the request for the update, via a first network connection, and the second network adapter is configured for transmitting a confirmation request requesting the update, via a second network connection, wherein the second network connection is a faster data connection than the first network connection, and downloading the update for the at least two applications via the second network connection.Type: GrantFiled: December 31, 2020Date of Patent: September 27, 2022Assignee: SUSE LLCInventor: Kevin V. Nguyen
-
Patent number: 11240124Abstract: Some examples described herein relate to providing a customized cloud service. In an example, Key Service Indicators (KSI) may be received for a cloud service. The Key Service Indicators may be associated with a cloud service template for providing the cloud service. The resources required for providing the cloud service may be identified based on the Key Service Indicators.Type: GrantFiled: November 13, 2014Date of Patent: February 1, 2022Assignee: Suse LLCInventor: Sandhya Balakrishnan
-
Patent number: 10951637Abstract: Examples relate to distributed detection of malicious cloud actors. In some examples, outgoing cloud packets from the cloud server are intercepted and processed to determine if a preliminary threshold is exceeded, where the outgoing cloud packets are used to identify a customer. At this stage, a potential outgoing intrusion event of a number of potential outgoing intrusion events is generated when the preliminary threshold is exceeded. The potential outgoing intrusions events are used to update an aggregate log, where the aggregate log tracks a customer subset of the cloud servers that is associated with the customer. In response to analyzing the aggregate log to determine that cloud traffic by the customer to the destination address exceeds an intrusion threshold, a notification of malicious activity by the customer is provided, wherein the intrusion threshold is satisfied at a higher cloud activity level than the preliminary threshold.Type: GrantFiled: August 28, 2014Date of Patent: March 16, 2021Assignee: Suse LLCInventor: Robert Graham Clark
-
Patent number: 10915357Abstract: The system and method for structuring self-provisioning workloads deployed in virtualized data centers described herein may provide a scalable architecture that can inject intelligence and embed policies into managed workloads to provision and tune resources allocated to the managed workloads, thereby enhancing workload portability across various cloud and virtualized data centers. In particular, the self-provisioning workloads may have a packaged software stack that includes resource utilization instrumentation to collect utilization metrics from physical resources that a virtualization host allocates to the workload, a resource management policy engine to communicate with the virtualization host to effect tuning the physical resources allocated to the workload, and a mapping that the resource management policy engine references to request tuning the physical resources allocated to the workload from a management domain associated with the virtualization host.Type: GrantFiled: June 12, 2018Date of Patent: February 9, 2021Assignee: Suse LLCInventor: K. Y. Srinivasan
-
Patent number: 10701213Abstract: Example implementations relate to dynamically generating an aggregation routine. For example, a computing device may include a processor. The processor may receive a data record from a particular service source of a plurality of service sources in communication with the computing device. The data record may relate to usage of the particular service source. The processor may identify at least one field associated with the data record and convert the data record to a standardized record associated with metadata based on the at least one field. The standardized record may have a standardized record format. The processor may dynamically generate an aggregation routine based on the standardized record and the metadata associated with the standardized record. The aggregation routine may be used to calculate usage data associated with the usage of the particular service source.Type: GrantFiled: September 5, 2014Date of Patent: June 30, 2020Assignee: Suse LLCInventors: Daniel Dyer, Atul Aggarwal, Ashwin Arvind Agate
-
Patent number: 10360150Abstract: Techniques for managing memory in a multiprocessor architecture are presented. Each processor of the multiprocessor architecture includes its own local memory. When data is to be removed from a particular local memory or written to storage that data is transitioned to another local memory associated with a different processor of the multiprocessor architecture. If the data is then requested from the processor, which originally had the data, then the data is acquired from a local memory of the particular processor that received and now has the data.Type: GrantFiled: February 14, 2011Date of Patent: July 23, 2019Assignee: Suse LLCInventor: Nikanth Karthikesan
-
Patent number: 10356155Abstract: Service onboarding can include registering an artifact of a service with a control service. Service onboarding can include assigning a credential to a service account associated with a service, wherein the credentials include a limited authorization. Service onboarding can include managing, according to the authorization, a service based on a node attribute definition maintained by an infrastructure automation framework, the framework including a component to call a representational state transfer (REST) application program interface (API) of the control service.Type: GrantFiled: April 30, 2014Date of Patent: July 16, 2019Assignee: Suse LLCInventors: Arvind Tiwari, Jason Rouault, Venkateswaran Tharuvai Sundaram