Abstract: A method and information processing system are provided for creating a virtual part and for composing and deploying a virtual solution with one or more virtual parts. The virtual part includes: a virtual image including a set of compatible software components; a set of configurability points, each configurability point defining at least one parameter of the virtual part that is configurable; a set of virtual ports, wherein each virtual port indicates at least one of a set of virtual parts required by the virtual part and a set of virtual parts that are compatible with the virtual part; and a set of configuration scripts adapted to reconfigure the virtual image.

Abstract: Deployment pattern matching is implemented by accessing a target computing environment model that captures environment modeling parameters relating to resources and resource-resource relationships of a corresponding computing environment and expressing the target computing environment model as a model graph defined by target resource elements and resource-to-resource relationship links. Deployment pattern matching is further implemented by accessing a realization pattern that captures deployment parameters relating to resources and resource-resource relationships of a deployment of interest and expressing the realization pattern as a pattern graph defined by conceptual resource elements and constraints arranged by resource-to-resource relationship links and constraint links.

Abstract: A deployment modeling platform enables a user to model application characteristics of target software and to associate application modeling parameters to the modeled application characteristics. A user may also model environment characteristics of a target deployment environment and to associate environment modeling parameters to the modeled deployment environment characteristics. Still further, a user may create a deployment model that associates and maps selected parameters of the modeled application characteristics of the target software to associated parameters of the modeled environment characteristics of the deployment environment, and to verify that each parameter that relates to a requirement is mapped to and is fulfilled by an associated parameter that relates to a corresponding capability to determine whether validation problems exist in order to deploy the target software in the associated deployment environment.

Abstract: The present invention can include a solution for handling abstract entities through the realization of conceptual objects within a modeling application. Such a system can include a semantic model and a modeling application. The semantic model can be configured to present relationships between entities. The entities can include both conceptual objects and concrete objects. A conceptual object can represent an abstract definition that can contain unfulfilled functional parameters. The conceptual object can be associated with another conceptual object or concrete object using a realization relationship. The modeling application can be configured to handle conceptual objects and realization relationships, while preserving the relational integrity of the semantic model.

Abstract: A system and method are provided to establish trust between a user and a policy system that generates recommended actions in accordance with specified policies. Trust is introduced into the policy-based system by assigning a value to each execution of each policy with respect to the policy-based system, called the instantaneous trust index. The instantaneous trust indices for each one of the policies, for the each execution of a given policy or for both are combined into the overall trust index for a given policy or for a given policy-based system. The recommended actions are processed in accordance with the level or trust associated with a given policy as expressed by the trust indices. Manual user input is provided to monitor or change the recommended actions. In addition, reinforcement learning algorithms are used to further enhance the level of trust between the user and the policy-based system.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides a method for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides methods for automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation.

Abstract: A mechanism to provide debugging and optimization in policy and knowledge controlled distributed computing system through the use of tagged policies is provided. An aspect of the mechanism tags one or more policies, for instance, at their creation time, execution time and/or at any other time an event that affects the policies occur. Decisions made according to policy execution or evaluation may be traced using the tags.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A system and a method are disclosed for dynamically analyzing software, some of whose potentially-important behaviors (such as worm-like behavior) may only be displayed when the software is executed in an environment where it has, or appears to have, access to a production network and/or to the global Internet. The software can be executed in a real or an emulated network environment that includes a monitoring component and an emulation component. The monitoring component serves to capture and/or record the behaviors displayed by the software and/or other components of the system, and the emulation component gives the software being analyzed the impression that it is executing with access to a production network and/or to the global Internet. The software being analyzed is effectively confined to the analysis network environment, and cannot in fact read information from, or alter any information on, any production network or the global Internet.

Abstract: System, apparatus and methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A searching method determines, given a specified encryption method (or set of encryption methods) and a specified pattern (or set of patterns), whether a given text contains an encryption, with any key, of anything fitting the pattern or patterns. The procedure detects and locates patterns that are present within data that has been encrypted, provided that the encryption method is one of a variety of simple methods that are often employed by computer programs such as computer viruses. The method includes:1. applying an invariance transformation to the chosen pattern (or set of patterns) to be matched, to obtain a "reduced pattern";2. applying the same reduction to the encrypted data to obtain "reduced data";3. using standard string searching techniques to detect the existence of a match between the reduced pattern and the reduced data, thereby signalling the likely existence of the pattern in encrypted form within the encrypted data;4.

Abstract: A method includes the following component steps, or some functional subset of these steps: (A) periodic monitoring of a data processing system (10) for anomalous behavior that may indicate the presence of an undesirable software entity such as a computer virus, worm, or Trojan Horse; (B) automatic scanning for occurrences of known types of undesirable software entities and taking remedial action if they are discovered; (C) deploying decoy programs to capture samples of unknown types of computer viruses; (D) identifying machine code portions of the captured samples which are unlikely to vary from one instance of the virus to another; (E) extracting an identifying signature from the executable code portion and adding the signature to a signature database; (F) informing neighboring data processing systems on a network of an occurrence of the undesirable software entity; and (G) generating a distress signal, if appropriate, so as to call upon an expert to resolve difficult cases.

Abstract: A personal computer system compatible with application programs and operating system software. The personal computer system includes a microprocessor electrically coupled to a data bus, non-volatile memory electrically coupled to the data bus, volatile memory electrically responsive to the data bus and a direct access storage device electrically responsive to the data bus, the direct access storage device storing a second portion of operating system microcode. The non-volatile memory stores a first portion of operating system microcode and the direct access storage device stores a second portion of operating system microcode. The second portion of operating system microcode includes a boot program. The first portion of operating system microcode verifies the integrity of the boot program prior to loading the boot program into the volatile memory.

Abstract: A method and apparatus are disclosed for use in a data processing system which executes a program which outputs cryptographic service requests for operations with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator to perform. The improved method and apparatus enable the use of control vectors having an arbitrary length. It includes a control vector register having an arbitrary length, for storing a control vector of arbitrary length associated with an N-bit cryptographic key. It further includes a control vector checking means having an input coupled to the control vector register, for checking that the control vector authorizes the cryptographic function which is requested by the cryptographic service request. It further includes a hash function generator having an input coupled to the control vector register and an N-bit output, for mapping the control vector output from the control vector register, into an N-bit hash value.