Abstract: Methods and systems for event detection include defining a plurality of conditions that represent one or more synthetic events. Data from a plurality of data sources is aggregated across a period of time, multiple attack surfaces, and geographically distinct locations. The aggregated data is matched to the conditions to determine whether a synthetic event has occurred. A response to the synthetic event is formed to resist an attack.

Abstract: Methods and a system are provided that, in turn, are for providing security between a user device and a computer related device. A method includes providing a distributed registry service that specifies a plurality of services available to support communications between the user device and the computer related device. The method further includes at least one of dynamically constructing and altering one or more multi-node transient processing pathways between the user device and the computer related device based on respective selected ones of the plurality of services. For at least one node in each of the one or more transient processing pathways, an address thereof and a time period the at least one node is active and capable of being used is set or changed, based on at least one of an application programming interface type and a data request type implicated by a received packet.

Abstract: Methods and systems for event detection include defining a plurality of conditions that represent one or more synthetic events. Data from a plurality of data sources is aggregated across a period of time, multiple attack surfaces, and geographically distinct locations. The aggregated data is matched to the conditions to determine whether a synthetic event has occurred. A response to the synthetic event is formed to resist an attack.

Abstract: Methods and a system are provided that, in turn, are for providing security between a user device and a computer related device. A method includes providing a distributed registry service that specifies a plurality of services available to support communications between the user device and the computer related device. The method further includes at least one of dynamically constructing and altering one or more multi-node transient processing pathways between the user device and the computer related device based on respective selected ones of the plurality of services. For at least one node in each of the one or more transient processing pathways, an address thereof and a time period the at least one node is active and capable of being used is set or changed, based on at least one of an application programming interface type and a data request type implicated by a received packet.

Abstract: An approach for virtual machine migration between hypervisor virtual machines and containers is provided. The approach performs, by one or more computer processors, an initial inspection of an image. The approach assigns, by one or more computer processors, an initial status to the image, wherein the initial status identifies a type of virtualization realization compatible with the image. The approach performs, by one or more computer processors, a series of checks for container incompatibilities. The approach determines, by one or more computer processors, whether the image can be realized as a container. Responsive to a determination that the image can be realized as a container, the approach realizes, by one or more computer processors, the image in a container based virtualization.

Abstract: A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.

Abstract: An approach for virtual machine migration between hypervisor virtual machines and containers is provided. The approach performs, by one or more computer processors, an initial inspection of an image. The approach assigns, by one or more computer processors, an initial status to the image, wherein the initial status identifies a type of virtualization realization compatible with the image. The approach performs, by one or more computer processors, a series of checks for container incompatibilities. The approach determines, by one or more computer processors, whether the image can be realized as a container. Responsive to a determination that the image can be realized as a container, the approach realizes, by one or more computer processors, the image in a container based virtualization.

Abstract: A method, in a multi-temporal widely distributed hardware and software transaction state and data state memory system, the steps comprising: creating an entry within the metadata layer for a first access to a data item within the data structure at a time-equals-zero state to create a time-equals-zero version branch of the data item in a graph structure of the data structure at a time-equals-zero time; updating the graph structure within the metadata layer when a copy-on-write overlay is generated by creating an additional branch connected to a same node as the time-equals-zero branch, storing a set of characteristics regarding the copy-on-write overlay within the metadata layer; updating the graph structure to reflect a status of propagated changes from the copy-on-write overlay to the plurality of computers; and storing a set of characteristics regarding the propagated changes to the plurality of computers.

Abstract: A method, computer program product and system of detecting changes in hardware, software, or programming of a device in a computer system by a computer in the system coupled to the device through a network, without generating alerts or alerting unauthorized users of the detection of the changes.

Abstract: A method to enable access to resources hosted in a compute cloud begins upon receiving a registration request to initiate a user's registration to use resources hosted in the compute cloud. During a registration process initiated by receipt of the registration request, a federated single sign-on (F-SSO) request is received. The F-SSO request includes an assertion (e.g., an HTTP-based SAML assertion) having authentication data (e.g., an SSH public key, a CIFS username, etc.) for use to enable direct user access to a resource hosted in the compute cloud. Upon validation of the assertion, the authentication data is deployed within the cloud to enable direct user access to the compute cloud resource using the authentication data. In this manner, the cloud provider provides authentication, single sign-on and lifecycle management for the user, despite the “air gap” between the HTTP protocol used for F-SSO and the non-HTTP protocol used for the user's direct access to the cloud resource.