Abstract: A method, system and computer program product for distributing intermediate data of a multistage computer application to a plurality of computers. In one embodiment, a data manager calculates data usage demand of generated intermediate data. A computer manager calculates a computer usage, which is the sum of all data usage demand of each stored intermediate data at the computer. A scheduler selects a target computer from the plurality of computers for storage of the generated intermediate data at such that a variance of the computer usage demand across the plurality of computers is minimized.

Abstract: A system and method are provided to establish trust between a user and a policy system that generates recommended actions in accordance with specified policies. Trust is introduced into the policy-based system by assigning a value to each execution of each policy with respect to the policy-based system, called the instantaneous trust index. The instantaneous trust indices for each one of the policies, for the each execution of a given policy or for both are combined into the overall trust index for a given policy or for a given policy-based system. The recommended actions are processed in accordance with the level or trust associated with a given policy as expressed by the trust indices. Manual user input is provided to monitor or change the recommended actions. In addition, reinforcement learning algorithms are used to further enhance the level of trust between the user and the policy-based system.

Abstract: A method for use in a system in which computational entities are distributed across physical computing resources to place the entities on the resources includes estimating actual resource demand for each entity on each resource based on application resource usage data collected from a data source external from the entity, computing a best allocation of the resources to the entities from the estimated actual resource demand for each entity and distributing the resources to the entities in accordance with the computed best allocation.

Abstract: Techniques for placement of a virtual machine in a computing system. A first request is sent from a pool management subsystem to a placement subsystem. The first request includes specification of available storage capacities of storage systems in a computer network. The placement subsystem automatically determines a target storage system based, at least in part, on the available storage capacities. An identification of the target storage system is received at the pool management subsystem. At least one disk image of the virtual machine is written to the target storage system. Then, a second request is sent to the placement subsystem. The placement subsystem automatically determines a target computer. The latter determination is based, at least in part, on connectivity between the target computer and the target storage system. The virtual machine is installed at the target computer. The techniques facilitate live migration of virtual machines placed thereby.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A system and method are provided to establish trust between a user and a policy system that generates recommended actions in accordance with specified policies. Trust is introduced into the policy-based system by assigning a value to each execution of each policy with respect to the policy-based system, called the instantaneous trust index. The instantaneous trust indices for each one of the policies, for the each execution of a given policy or for both are combined into the overall trust index for a given policy or for a given policy-based system. The recommended actions are processed in accordance with the level or trust associated with a given policy as expressed by the trust indices. Manual user input is provided to monitor or change the recommended actions. In addition, reinforcement learning algorithms are used to further enhance the level of trust between the user and the policy-based system.

Abstract: A method for cloning a running component from a first machine to a second machine is provided. The method includes: iteratively coping a state of the running component from the first machine to the second machine to generate a copy of the running component on the second machine; assigning the copy of the running component on the second machine an external address that is distinct from an internal address; and mapping communications to and from the copy of the running component based on the distinct external address and the internal address.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides a method for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides methods for automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation.

Abstract: A method, information processing system, and computer readable medium for managing virtual machine imaging. The method includes receiving a request for an imaging operation associated with at least one virtual machine. A notification is sent to at least one operating system associated with the at least one virtual machine of the request for the imaging operation. The operating system is determined to be in a state for the virtual machine to be imaged. The request for the imaging operation is granting in response to determining.

Abstract: The present invention relates to a method for the customization of virtual machine images. The method comprises identifying and retrieving a virtual machine image template. A customized virtual machine image is created from the virtual machine image template. The customized virtual machine image template being created by identifying at least one file-system or memory image that is associated with the virtual machine image template, identifying within the at least one file-system or memory image at least one data set, wherein the at least one data set comprises metadata. The metadata contains information detailing the required execution context customization aspects for at least one specified image subset of the virtual machine. Execution context-specific information that is required to customize the image subset of the virtual machine is retrieved. Further, the image subset of the virtual machine is modified in accordance with the retrieved execution context-specific information.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: A method for carrying out multi-party transactions in which at least one party or user has information which he considers private, the method comprising: a first determining step, in which it is determined which parties will take part in the transaction; a second determining step, in which it is determined, for each party taking part in the transaction, what information about the user that party requires in order to complete the corresponding part of the transaction; a selecting step, which may occur before or after the determining steps, in which one or more nonces, GUIDs, or other tokens are selected, to represent the user in the course of the transaction; a providing step, in which each party determined in the first determining step is provided with information comprising the corresponding information about the user determined in the second determining step, and one or more of the nonces, GUIDs, or other tokens selected in the selecting step; an execution step, in which the parties to the transaction compl

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: An apparatus and a method for enabling the secure installation and use of an information system having a plurality of nodes, where the plurality of nodes include at least one information appliance (100) and at least one security console (200). The apparatus includes at least one data-carrying object, referred to as a “key” (301), that contains security-related data, and further includes at least one key receptacle (103, 203) that forms a portion of at least one of the nodes. The key is inserted into the receptacle for reading-out the security-related data for indicating to the information system a desired security configuration. The key is not intended to primarily establish the identity of a particular user or principal, but is instead intended to provide and be instrumental in defining, using a tangible medium, a security configuration that bestows a certain level of authorization or access to a particular user or principal.

Abstract: A system and a method are disclosed for dynamically analyzing software, some of whose potentially-important behaviors (such as worm-like behavior) may only be displayed when the software is executed in an environment where it has, or appears to have, access to a production network and/or to the global Internet. The software can be executed in a real or an emulated network environment that includes a monitoring component and an emulation component. The monitoring component serves to capture and/or record the behaviors displayed by the software and/or other components of the system, and the emulation component gives the software being analyzed the impression that it is executing with access to a production network and/or to the global Internet. The software being analyzed is effectively confined to the analysis network environment, and cannot in fact read information from, or alter any information on, any production network or the global Internet.

Abstract: System, apparatus and methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.