Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.

Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.

Abstract: The invention detects a denial of service attack at a node by monitoring the number of discarded packets in relationship to the number of inbound packets. When an attack is detected, relevant inbound packet information is collected during the attack to help characterize the attack and at least to pinpoint the source of the last hop to the attacked node.

Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.

Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.

Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.

Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.

Abstract: The invention provides a system and method for sharing (or “multiplexing”) of the same internet (IP) address/port by multiple instances of multiple level security and/or single level security (SLS) server applications (each of which is used for processing one or more client request(s) falling within a range of security labels or other security attribute(s)) where the client processing request is directed to the system server capable of processing the request using the identified security label.

Abstract: The invention provides a system and method for “partitioning” a “namespace” managed by a name (or “directory”) registration server according to “security label” or other security attributes to allow the same registered (e.g., “domain”) name to be used for processing resource(s)/service(s)/application(s) operating under different security labels.

Abstract: Techniques are disclosed for multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.

Abstract: Techniques are disclosed for improving multi-level security (“MLS”) in computing systems. Communication between MLS systems in the prior art requires explicitly tagging each packet with its security classification. The packet tags comprise variable-length bit patterns inserted into packet headers. This results in a number of drawbacks, including increased path length and code complexity, as well as reduced interoperability. An MLS system according to the present invention simulates a cluster or collection of single-level security systems, and thereby avoids packet tagging. For each security classification used by an MLS system, a distinct source address is defined. This source address is used for outbound packets having that security classification, such that the packet's source address implicitly identifies the packet's security classification.

Abstract: Improvements in intrusion detection are disclosed by providing intrusion event filtering and/or generic attack signature processing. These services may be integrated into a system or server that is the potential target of attack, or alternatively may be implemented in a network device. Filtering may be provided using sensitivity levels and suspicion levels. Generic attack signatures describe relatively broad classes of intrusions. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.

Abstract: Improvements in intrusion detection are disclosed by providing integrated intrusion detection services. Preferably, these services are integrated into a system or server that is the potential target of attack. Stack-based security processing is leveraged for access to cleartext data within the layers of the protocol stack. Layer-specific attacks may therefore be processed efficiently. Evaluation of incoming traffic for an intrusion is preferably performed only after an error condition of some type has been detected. This approach reduces the overhead of intrusion detection by reducing the number of packets to be inspected, and at the same time allows more efficient packet inspection through use of context-specific information that may be used to direct the inspection to particular candidate attacks. Generic attack class capability is also disclosed. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.

Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.

Abstract: Improvements in intrusion detection are disclosed by providing integrated intrusion detection services. Preferably, these services are integrated into a system or server that is the potential target of attack. Stack-based security processing is leveraged for access to cleartext data within the layers of the protocol stack. Layer-specific attacks may therefore be processed efficiently. Evaluation of incoming traffic for an intrusion is preferably performed only after an error condition of some type has been detected. This approach reduces the overhead of intrusion detection by reducing the number of packets to be inspected, and at the same time allows more efficient packet inspection through use of context-specific information that may be used to direct the inspection to particular candidate attacks. Generic attack class capability is also disclosed. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.

Abstract: Improvements in intrusion detection are disclosed by providing intrusion event filtering and/or generic attack signature processing. These services may be integrated into a system or server that is the potential target of attack, or alternatively may be implemented in a network device. Filtering may be provided using sensitivity levels and suspicion levels. Generic attack signatures describe relatively broad classes of intrusions. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.

Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.

Abstract: A system and method for processing a request utilizing a database management system in a computer system is disclosed. The database management system manages at least one database. At least one database subsystem corresponding to the database management system is available. The computer system includes a plurality of worker threads. The method and system include assigning the request to a worker thread of the plurality of worker threads. The worker thread is for aiding in execution of the request. The method and system also include providing a connection to a particular database subsystem for the worker thread and associating the connection with the worker thread if the worker thread has not previously used the particular database subsystem. The method and system further include reusing the connection to the particular database subsystem that is associated with the worker thread if the worker thread has previously used the particular database subsystem.

Abstract: A technique, system, and computer program for enhancing performance of a computer running a multithreaded server application. A scheduling heuristic is defined for optimizing the number of available threads. This heuristic alleviates over-scheduling of worker threads by defining a technique to wait to assign an incoming request to a currently-executing thread (upon completion of the thread's current work), instead of awakening a blocked thread for the incoming request. Provision is made to ensure no thread waits too long. Two stages are associated with a passive socket, so that a connection is only bound to a worker thread when work arrives for that connection. A new type of socket is defined, for merging input from more than one source and making that merged input available for scheduling. A giveback function is defined, for optimizing assignment of threads to incoming requests when persistent connections are used. Threads that go idle are put onto an idle queue, releasing them from a worker thread.

Abstract: A system and method for processing a request utilizing a database management system in a computer system is disclosed. The database management system manages at least one database. At least one database subsystem corresponding to the database management system is available. The computer system includes a plurality of worker threads. The method and system include assigning the request to a worker thread of the plurality of worker threads. The worker thread is for aiding in execution of the request. The method and system also include providing a connection to a particular database subsystem for the worker thread and associating the connection with the worker thread if the worker thread has not previously used the particular database subsystem. The method and system further include reusing the connection to the particular database subsystem that is associated with the worker thread if the worker thread has previously used the particular database subsystem.