Abstract: A method for enforcing policy compliance of a smart contract in a blockchain network includes a blockchain node receiving a transaction and a transaction policy associated with the transaction, where the transaction includes the smart contract and a first state. The blockchain also determines a second state of the transaction based upon executing the transaction according to the smart contract and the first state, and determines whether the transaction complies with the transaction policy. If the transaction complies with the transaction policy, the second state is incorporated by the blockchain node into a new block of blockchain of the blockchain network. If the transaction does not comply with the transaction policy, the first state is incorporated by the blockchain node into the new block.

Abstract: A method for forwarding data flows in a network, which has a forwarding element for forwarding the data flows, includes: receiving a data flow of the data flows, the data flow corresponding to a present forwarding rule of the forwarding element; forwarding the data flow with an added time delay. The added time delay includes a first forwarding time delay and second forwarding time delay. A first number of packets of the data flow, which are first packets, are forwarded by the first forwarding element with the first forwarding time delay. A second number of the packets of the data flow, which are second packets, are forwarded with the second forwarding time delay. The first forwarding time delay and the second forwarding time delay have a time difference from each other.

Abstract: A method of providing access control for a software defined network (SDN) controller includes triggering, by the SDN controller upon receiving a trigger event from a data plane of the software defined network, one or more applications that are installed to run at a control plane of the software defined network atop the SDN controller to react to the trigger event, applying, by the SDN controller before triggering applications due to a trigger event, a conflict resolution scheme. The conflict resolution scheme includes determining all flow spaces that are affected by the trigger event and selecting from these flow spaces a single selected flow space that complies with a predetermined policy, determining, a single master application according to predefined criteria, and triggering, in addition to the master application, only those applications whose reactions to the trigger event do not conflict with the master application.

Abstract: A method for determining incorrect behavior of components in a distributed information technology (IT) system includes receiving a pattern useable to indicate an incorrect behavior of a component. An automaton and a complement automaton are constructed based on the pattern, the automaton and complement automaton comprising one or more states. One or more logged events are received, each event in the one or more logged events including a timestamp. Gaps are determined in the one or more logged events. Event matrices are precomputed for the gaps and for each event in the one or more logged events based on the states of the automaton and the complement automaton. The pattern is matched to the one or more logged events by iteratively processing the one or more logged events and the gaps and maintaining a combination matrix. The incorrect behavior is determined based on an output of the pattern matching.

Abstract: A method for providing encrypted information by an information entity to one or more operating entities, the information entity having a database for storing encrypted information and the one or more operating entities being configured to operate on the encrypted information, wherein the encrypted information is stored encrypted with an encryption key known to the one or more operating entities includes performing, by an operating entity, a request on the encrypted information, wherein plaintext information to be stored encrypted is provided in tuples, each having ID information, one or more fields with field information specifying the fields, and values, wherein at least the values are encrypted with non-deterministic order preserving encryption with at least one encryption key such that each plaintext value is encrypted into a set of encrypted values, and wherein the set of encrypted values is partitioned into a left set and a right set.

Abstract: A method for forwarding data in form of flows in a software-defined network includes forwarding, if the data matches a present forwarding rule on a first forwarding element, the data with a time delay according to a time delay policy and generated by a delay entity such that a first number of first packets of the data is forwarded by the first forwarding element with a first forwarding time delay, and a second number of second packets of the data with a second forwarding time delay. The first forwarding time delay and the second forwarding time delay have a certain time difference from each other.

Abstract: A method for providing encrypted information by an information entity to one or more operating entities, the information entity having a database for storing encrypted information and the one or more operating entities being configured to operate on the encrypted information, wherein the encrypted information is stored encrypted with an encryption key known to the one or more operating entities includes performing, by an operating entity, a request on the encrypted information, wherein plaintext information to be stored encrypted is provided in tuples, each having ID information, one or more fields with field information specifying the fields, and values, wherein at least the values are encrypted with non-deterministic order preserving encryption with at least one encryption key such that each plaintext value is encrypted into a set of encrypted values, and wherein the set of encrypted values is partitioned into a left set and a right set.

Abstract: A method of providing access control for a software defined network (SDN) controller includes establishing a cascaded flow of flow table entries by linking together flow table entries of flow tables that are installed at network resources and that apply to the same packets or network flows, analyzing the impact of configuration requests from one or more applications regarding the installation and/or removal of flow table entries on existing cascaded flows, and rejecting configuration requests if the installation and/or removal of flow table entries according to the configuration requests would destroy an existing cascaded flow. The SDN controller includes an interface for interacting with one or more applications that are installed to run at the control plane of the SDN atop the SDN controller.

Abstract: A method of providing access control for a software defined network (SDN) controller includes triggering, by the SDN controller upon receiving a trigger event from a data plane of the software defined network, one or more applications that are installed to run at a control plane of the software defined network atop the SDN controller to react to the trigger event, applying, by the SDN controller before triggering applications due to a trigger event, a conflict resolution scheme. The conflict resolution scheme includes defining flow spaces and assigning each flow space a priority, selecting from these flow spaces a single selected flow space that complies with a predetermined policy, determining, a single master application according to predefined criteria, and triggering, in addition to the master application, only those applications whose reactions to the trigger event do not conflict with the master application.