Abstract: Techniques are provided for validating sensor data using a blockchain. An exemplary method comprises: obtaining sensor data from a sensor; retrieving a transaction identifier from a blockchain; saving one or more public properties of the sensor and the transaction identifier in an output metadata stream; calculating a signature of the obtained sensor data, the one or more public properties of the sensor and the transaction identifier; saving the signature in the output metadata stream; and storing the signature encrypted with a private key of the sensor as a transaction in the blockchain. An exemplary validation of sensor data comprises decrypting the encrypted signature from the blockchain using a public key of the sensor and comparing the decrypted signature with a signature of the sensor data obtained from the output metadata stream.

Abstract: Embodiments for predicting large data flushes in a data replication system collecting usage data for assets in the system; analyzing the data using machine learning processes on the basis of each asset and the system as a whole to determine usage trends with respect to the data flush operations; predicting a next large data flush using a time-series model; obtaining a capacity of a journal storage space used for write operations to a storage device in the system; and determining if a size of the predicted next flush size is too large relative to this capacity, and if so, invoking a fast forward mode to not retain I/O history information for undo operations during a replication in order to save resources in the system.

Abstract: Embodiments for providing memory for continuous data protection in a data storage system by storing a first key-value map as a data structure wherein the key is an address of a volume and the value comprises timestamp and hash value pairs for each time the address had data written thereto, and corresponding hash values of the written data, and storing a second key-value map as a data structure wherein the key comprises the hash value and the value comprises the written data. The first key-value map and second key-value map are implemented as a driver component in a server computer of the data storage system. The driver exposes a block device protocol on the server computer and leverages the key-value data structures for use with a deduplication storage system.

Abstract: Embodiments for providing compare and swap (CAS) functionality to key value storage to allow multi-threaded applications to share storage devices and synchronize multiple concurrent threads or processes. A key-value application programming interface (API) is modified to include a CAS API in addition to the standard Put and Get APIs. The CAS function uses a key, expected old value, and new value to compare and swap an existing key value only if its current value equals the expected old value. Hash values of the key value and expected old value may be used by the CAS function to improve performance and reduce bandwidth.

Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: Embodiments for providing continuous data protection in a data processing and storage system with a storage server and storage devices, by providing a solid state disk (SSD) device having a processor and non-volatile memory and an interface to a host device, providing a resident continuous data protection program on the SSD and executed by the processor, recording, for each write command, a memory address offset and a timestamp for the write command, and maintaining one of: an undo journal storing data in a location that is to be overwritten by the write command with the timestamp, or a log-structured file exposing a single large file as a volume to an upper layer of a host software stack for storing periodic snapshot backups of data created by the write command.

Abstract: Systems, apparatus, and methods for any point in time replication to the cloud. Data is replicated by replicating data to a remote storage or a data bucket in the cloud. At the same time, a metadata stream is generated and stored. The metadata stream establishes a relationship between the data and offsets of the data in the production volume. This allows continuous replication without having to maintain a replica volume. The replica volume can be generated during a rehydration operation that uses the metadata stream to construct the production volume from the cloud data.

Abstract: Systems, apparatus and methods for managing an object's lifecycle in an object store. A distributed ledger is used to record transactions between a client and an object store. The distributed ledger records the transaction and also attests to the object authenticity. Thus, the transactions can be verified and may assist in resolving issues that arise with respect to the stored objects.

Abstract: Data provenance techniques are provided using distributed ledgers.

Abstract: One example method includes creating an empty reconstruction stream database, identifying a data time interval, identifying data sources in which data was stored during the data time interval, reading data from the data sources, where the data read out from the data sources are associated with respective timestamps that fall within the data time interval, inserting the read out data into the empty reconstruction stream database so as to create a high resolution data stream, where the data are ordered in the empty reconstruction stream database according to timestamp, processing the data in the high resolution data stream and, based on the processing of the data, identifying and resolving a problem relating to an operating environment in which the data was initially generated.

Abstract: One example method includes performing a machine learning process that involves performing an assessment of a state of a computing system, and the assessment includes analyzing information generated by an IoT edge sensor in response to a sensed physical condition in the computing system, and identifying an entity in the computing system potentially impacted by an event associated with the physical condition.

Abstract: Embodiments for providing continuous data protection in a data processing and storage system with a storage server and storage devices, by providing a solid state disk (SSD) device having a processor and non-volatile memory and an interface to a host device, providing a resident continuous data protection program on the SSD and executed by the processor, recording, for each write command, a memory address offset and a timestamp for the write command, and maintaining one of: an undo journal storing data in a location that is to be overwritten by the write command with the timestamp, or a log-structured file exposing a single large file as a volume to an upper layer of a host software stack for storing periodic snapshot backups of data created by the write command.

Abstract: Network level Moving Target Defense techniques are provided with substantially continuous access to protected applications. An exemplary method comprises identifying a first application listening to a first port or a first network address; notifying the first application to listen to a second port or a second network address; notifying at least one additional application that the first application is listening to the second port or the second network address; and notifying the first application to unlisten to the first port or the first network address, wherein the first application operates in a substantially continuous manner during a change from listening to one or more of the first port and the first network address and listening to one or more of the second port and the second network address. The first application can be a stateful application having persistent storage.

Abstract: An enterprise storage system and method detects the probability of encryption of data by comparing the level of randomness in the data to a set of increasing thresholds to determine the severity of encryption. Encryption exceeding a high predetermined threshold is determined to be due to ransomware. Upon determining the level of encryption, an appropriate action is taken based upon one or both of the policy of the enterprise or local governmental regulations as to encryption or non-encryption of data.

Abstract: Existing policies enforced at or above an operating system (OS) layer of a device are obtained. Translation rules are stored that include data structure descriptions of conditions, corresponding actions performed when the conditions are satisfied, and attributes specified in the existing policies, and attributes of one or more layers below the OS layer that are relevant to policy enforcement in the one or more layers below the OS layer. The existing policies are parsed using the data structure descriptions to identify the conditions, corresponding actions, and attributes specified in the existing policies. New policies are generated that are consistent with the existing policies. The new policies include the identified attributes specified in the existing policies and the attributes relevant to policy enforcement in the one or more layers below the OS layer. The new policies are enforced in the one or more layers below the OS layer.

Abstract: Encapsulated application templates are provided for containerized application software development. An exemplary method for managing a plurality of services in a containerized application program comprises: creating an application template of the containerized application program, the application template comprising an identifier of a current version of each of the plurality of services, dependencies of the given service with other services of the application, runtime parameters and configurations of the given service; generating a transferable platform independent self-contained machine-readable token comprising the application template; and providing the transferable platform independent self-contained machine-readable token comprising the application template to another device as a common entry point to instantiate the containerized application program.

Abstract: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.

Abstract: Image combination techniques are provided for a multi-sensor Internet of Things environment. An exemplary method comprises: dynamically determining an image resolution for at least a portion of an image to be collected by and/or transmitted by a plurality of image sensors within a distributed network based on one or more predefined image resolution rules with respect to an available bandwidth; and combining the image portions from the plurality of image sensors to generate at least one higher resolution image, such as a super-resolution image. The predefined image resolution rules specify, for example, that the portions of an image that have changed should be transmitted with a higher resolution relative to portions of the image that have not changed; and/or that multiple versions of a given image should be combined when the given image is degraded by noise.

Abstract: A data protection system configured to backup a time series database is provided. The data protection system may be integrated with or have access to consolidation policies of the time series database. The backup policy and backup retention policy are set by monitoring the consolidation policy and adjusting the backup policy to ensure that the data in the time series database is protected prior to being downscaled, discarded or otherwise consolidated.

Abstract: One example method includes receiving information concerning a threat to stored data, correlating the information with a preemptive action which, when taken, prevents harm to the stored data by the threat, implementing the preemptive action before the threat causes harm to the stored data, and taking an action to at least partly return a system associated with the stored data to a pre-threat state. The threat may be a natural disaster, or a human-caused condition, for example.