Abstract: A verification operating system (VOS) is an intermediary operating system that verifies data of a primary operating system before the primary operating system controls of the computing device. When the computing device is initialized, initial boot processes load the VOS instead of the primary operating system. The VOS performs verification processes on data storing the primary operating system to verify that the primary operating system has not been manipulated or corrupted before passing control of the computing device to the primary operating system. A VOS also may be used to verify an operating system used by a virtual machine (VM). The VOS verifies data storing a VM operating system to be used for requested VMs. If the VOS verifies that the VM OS data is accurate, the VOS provides the VM OS data to a hypervisor for use in a VM.

Abstract: A verification operating system (VOS) is an intermediary operating system that verifies data of a primary operating system before the primary operating system controls of the computing device. When the computing device is initialized, initial boot processes load the VOS instead of the primary operating system. The VOS performs verification processes on data storing the primary operating system to verify that the primary operating system has not been manipulated or corrupted before passing control of the computing device to the primary operating system. A VOS also may be used to verify an operating system used by a virtual machine (VM). The VOS verifies data storing a VM operating system to be used for requested VMs. If the VOS verifies that the VM OS data is accurate, the VOS provides the VM OS data to a hypervisor for use in a VM.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A method for real-time detection of malware in a Kernel mode includes detecting a file operation request initiated by a process running in user mode. Malware detection analytics is performed on a file buffer associated with the detected file operation request to detect behavior indicating presence of malware. Responsive to detecting the behavior indicating the presence of the malware, the process responsible for initiating the detected file operation request is identified. A search for the identified process is performed on one or more of a blacklist of programs and a whitelist of programs to determine whether the identified process is a trusted process. Responsive to determining that the identified process is not a trusted process, a malware remediation action is executed against the identified process. Information describing the malware is transmitted to a client device.

Abstract: A method for real-time detection of and protection from steganography in a kernel mode comprises detecting transmission of a file via a firewall, an operating system, or an e-mail system. A size of the file is determined. From a file system, a stored filesize of the file is retrieved. The determined size of the file is compared to the stored filesize of the file. Responsive to the determined size of the file being larger than the stored filesize of the file, steganography detection analytics are executed on the file. Responsive to the steganography detection analytics indicating presence of steganography in the file, a steganography remediation action is executed, and information is transmitted describing the steganography to a client device.

Abstract: A method for real-time detection of malware in a Kernel mode includes detecting a file operation request initiated by a process running in user mode. Malware detection analytics is performed on a file buffer associated with the detected file operation request to detect behavior indicating presence of malware. Responsive to detecting the behavior indicating the presence of the malware, the process responsible for initiating the detected file operation request is identified. A search for the identified process is performed on one or more of a blacklist of programs and a whitelist of programs to determine whether the identified process is a trusted process. Responsive to determining that the identified process is not a trusted process, a malware remediation action is executed against the identified process. Information describing the malware is transmitted to a client device.

Abstract: Method and system for collecting network device information is provided. A meta-meta model structure is used by a plurality of collectors that collect information from a plurality of network devices. The meta-meta model identifies a network protocol that is used for data collection, identifies the type of information that is to be collected and also identifies how collected data is to be stored in a database. A plurality of collectors is configured to interface with the database. When data needs to be collected, an inventory engine reads the meta-meta model and instantiates a collector to collect and store information in the database as specified by the meta-meta model.

Abstract: Method and system for collecting network device information is provided. A meta-meta model structure is used by a plurality of collectors that collect information from a plurality of network devices. The meta-meta model identifies a network protocol that is used for data collection, identifies the type of information that is to be collected and also identifies how collected data is to be stored in a database. A plurality of collectors is configured to interface with the database. When data needs to be collected, an inventory engine reads the meta-meta model and instantiates a collector to collect and store information in the database as specified by the meta-meta model.

Abstract: Dynamically generating a schema representing multiple hierarchies of inter-object relationships is described. In one aspect, a data polyarchy is created. Responsive to creation of the data polyarchy, a schema is automatically generated to represent multiple hierarchies of inter-object relationships between multiple objects in the data polyarchy. The schema is generated based on values of attributes of the objects.

Abstract: Systems and methods for extending a directory schema independent of schema modification are described. In one aspect, a directory schema data structure includes a flexible attribute data field. The flexible attribute data field identifies a complex data type. The complex data type is used to express one or more operational or data providing properties of a flexible attribute. The one or more operational or data providing properties are independent of the complex data type and independent of directory schema modification. The directory schema data structure also includes a flexible structural object content class to encapsulate the flexible attribute.

Abstract: A computer network may be modeled using a declarative definition that includes classes and relationships between classes. A discovery tool may populate a database with instances of the classes and enable an analysis tool to apply a constraint model so that a subset of possible alternatives may be defined. In some cases, further analysis may be performed on items contained in the subset.

Abstract: The described arrangements and procedures use a directory, with its integrated view of resource identity across a distributed system to dynamically execute and manage workflow solutions responsive to changes in the directory. Specifically, a state change to an object in a directory is detected. Responsive to detecting the state change, the state change is mapped to a corresponding workflow, which includes sequences of tasks. The identified sequences of tasks are then executed to achieve a desired state in the directory. The desired state is based on the detected state change.

Abstract: Systems and methods for extending a directory schema independent of schema modification are described. In one aspect, a directory schema data structure includes a flexible attribute data field. The flexible attribute data field identifies a complex data type. The complex data type is used to express one or more operational or data providing properties of a flexible attribute. The one or more operational or data providing properties are independent of the complex data type and independent of directory schema modification. The directory schema data structure also includes a flexible structural object content class to encapsulate the flexible attribute.

Abstract: The claimed subject matter provides a system and/or a method that facilitates deploying software in a distributed network efficiently and accurately. An inventory collection component can collect data specific to the distributed network. An automatic software deployment component can automatically deploy software in the distributed network based at least in part upon the collected data, while the deployment of such software is in parallel to increase resource utilization.

Abstract: Described is a method, system and data structures to logically separate the notations from the semantics of model element objects into separate code components, and to enable subsequent re-association of a selected notation with a selected semantic. Various notations and semantics from different providers may be combined. The invention may be implemented in a Visual Modeling Framework which defines the API set and/or interfaces to which the semantic and notation objects conform, and allows a notation and a semantic to be plugged into each other to create a model element, thereby allowing pluggable notations and pluggable semantics. A paradigm server may load a selected semantic and notation component, combine them, and present the combination to the framework as a model element. The paradigm server may be a pluggable component, having specialized knowledge for validating whether a semantic object can be used in a paradigm and combined with a notation.

Abstract: Systems and methods for dynamically generating a schema representing multiple hierarchies of inter-object relationships are described. In one aspect, a polyarchical query language data structure includes first, second, and third data fields. The first data field is used to specify a particular schema for presenting or managing a plurality of objects in a data polyarchy based on values of attributes in the objects. The second data field is to indicate an attribute of interest. The third data field indicates how one or more objects that include the attribute of interest are to be presented or managed with respect to one or more participating dimensions of inter-object relationships based on the schema.

Abstract: Described is a method and system providing a dynamic, live (active) surface and/or model elements to complement and enhance what is being modeled or visualized, enabling the addition of new features and functionality to visualization and modeling tools. A dynamic surface is accomplished by extending traditional HTML, rendering APIs and/or components to enable visualization and modeling functionality. The surface background and model elements may comprise HTML elements, and the surface can include a Web site. The model elements are HTML elements layered dynamically atop the surface, as the user interacts with them, and completed designs may be saved in a non-proprietary format, (e.g., HTML). The live surface bases its services on HTML rendering engine services, and further provides a visualization and modeling engine that wraps and extends the rendering engine through multiple interfaces.

Abstract: Described is a method and system that enables open, non-proprietary and extensible visualization and modeling tools by providing multiple-way negotiations between model element end points (nodes) and a connecting model element (arc). Based on these negotiations, a user is guided to make appropriate interconnections between model elements. A protocol is provided for intelligent model elements (objects) to communicate their information to one another, e.g., an arc communicates its capabilities and requirements to a node, and vice-versa, whereby the model element objects themselves decide whether they can interconnect, and if so, how they need to interconnect. The objects themselves enforce semantics and rules. According to the protocol, either object can reject the interconnection (break off the negotiation) with the other object if it determines it is not compatible with the other object, or is otherwise unable to connect to it.

Abstract: Systems and methods for dynamically generating a schema representing multiple hierarchies of inter-object relationships are described. In one aspect, a polyarchical query language data structure includes first, second, and third data fields. The first data field is used to specify a particular schema for presenting or managing a plurality of objects in a data polyarchy based on values of attributes in the objects. The second data field is to indicate an attribute of interest. The third data field indicates how one or more objects that include the attribute of interest are to be presented or managed with respect to one or more participating dimensions of inter-object relationships based on the schema.