Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: Methods and systems for validating security policy in a cloud computing environment are provided. An example method includes providing a graph database, the graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, receiving a security policy, the security policy logically describing rules for the relationships between the workloads, determining, based on the security policy and the graph database, a list of violations, the list of violations including at least one relationship from the relationships between the workloads in the graph database, the at least one relationship being not allowed by at least one of the rules in the security policy, and providing the list of violations to a user.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.

Abstract: Methods and systems for validating security policy in a cloud computing environment are provided. An example method includes providing a graph database, the graph database representing workloads of the cloud computing environment as nodes and relationships between the workloads as edges, receiving a security policy, the security policy logically describing rules for the relationships between the workloads, determining, based on the security policy and the graph database, a list of violations, the list of violations including at least one relationship from the relationships between the workloads in the graph database, the at least one relationship being not allowed by at least one of the rules in the security policy, and providing the list of violations to a user.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: receiving a target, the target specifying workloads of a plurality of workloads to be included in the security policy, the plurality of workloads being associated with the cloud computing environment; identifying nodes and edges in the graph database using the target, the graph database representing the plurality of workloads as nodes and relationships between the plurality of workloads as edges; getting a security intent, the security intent including a high-level security objective in a natural language; obtaining a security template associated with the security intent; and applying the security template to the identified nodes and edges to produce security rules for the security policy, the security rules at least one of allowing and denying communications between the target and other workloads of the plurality of workloads.

Abstract: Methods and systems for managing security in a cloud computing environment are provided. Exemplary methods include: gathering data about workloads and applications in the cloud computing environment; updating a graph database using the data, the graph database representing the workloads of the cloud computing environment as nodes and relationships between the workloads as edges; receiving a security template, the security template logically describing targets in the cloud computing environment to be protected and how to protect the targets; creating a security policy using the security template and information in the graph database; and deploying the security policy in the cloud computing environment.

Abstract: Methods and systems for deception using distributed threat detection are provided. Exemplary methods by an enforcement point, the enforcement point communicatively coupled to a first data network and a second data network, the enforcement point not providing services in the second data network, include: receiving, from a first workload in the second data network, a data packet addressed to a second workload in the second data network, the data packet requesting a service from the second workload; determining the data packet is for unauthorized access of the second workload, the determining using at least some of a 5-tuple of the data packet; identifying a deception point using the service, the deception point being in the first data network and including a decoy for the service; and redirecting the data packet to the deception point in the first data network.

Abstract: Methods and systems for autonomously forwarding unauthorized access of critical application infrastructure in a network to a deception point are provided. Exemplary methods include: receiving a high-level security policy including a specification of the critical application infrastructure, prohibited behaviors, and an identification associated with the deception point, the specification including at least one of an application and a protocol; classifying each workload in the network; identifying the critical application infrastructure using the classification and specification of the critical application infrastructure; generating a low-level firewall rule set using the identified critical application infrastructure and the high-level security policy; and providing the low-level firewall rule set to an enforcement point, such that the enforcement point forwards incoming data traffic including prohibited behaviors directed to the critical application infrastructure to the deception point.

Abstract: Methods and systems for deception using distributed threat detection are provided. Exemplary methods by an enforcement point, the enforcement point communicatively coupled to a first data network and a second data network, the enforcement point not providing services in the second data network, include: receiving, from a first workload in the second data network, a data packet addressed to a second workload in the second data network, the data packet requesting a service from the second workload; determining the data packet is for unauthorized access of the second workload, the determining using at least some of a 5-tuple of the data packet; identifying a deception point using the service, the deception point being in the first data network and including a decoy for the service; and redirecting the data packet to the deception point in the first data network.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: In accordance with various embodiments, a user-guidable robot appendage provides haptic feedback to the user.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: Robots may manipulate objects based on sensor input about the objects and/or the environment in conjunction with data structures representing primitive tasks and, in some embodiments, objects and/or locations associated therewith. The data structures may be created by instantiating respective prototypes during training by a human trainer.

Abstract: In accordance with various embodiments, a user-guidable robot appendage provides haptic feedback to the user.

Abstract: The invention provides an elastic actuator consisting of a motor and a motor drive transmission connected at an output of the motor. An elastic element is connected in series with the motor drive transmission, and this elastic element is positioned to alone support the full weight of any load connected at an output of the actuator. A single force transducer is positioned at a point between a mount for the motor and an output of the actuator. This force transducer generates a force signal, based on deflection of the elastic element, that indicates force applied by the elastic element to an output of the actuator. An active feedback force control loop is connected between the force transducer and the motor for controlling the motor. This motor control is based on the force signal to deflect the elastic element an amount that produces a desired actuator output force. The produced output force is substantially independent of load motion.

Abstract: The invention provides an elastic actuator consisting of a motor and a motor drive transmission connected at an output of the motor. An elastic element is connected in series with the motor drive transmission, and this elastic element is positioned to alone support the full weight of any load connected at an output of the actuator. A single force transducer is positioned at a point between a mount for the motor and an output of the actuator. This force transducer generates a force signal, based on deflection of the elastic element, that indicates force applied by the elastic element to an output of the actuator. An active feedback force control loop is connected between the force transducer and the motor for controlling the motor. This motor control is based on the force signal to deflect the elastic element an amount that produces a desired actuator output force. The produced output force is substantially independent of load motion.