Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.

Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: computer-readable project information is stored in a computing system, such information being obtained from a user at a user computer in response to prompting the user to submit information addressing: (i) a need for a project; (ii) a goal of the project; (iii) a manner in which success of the project will be measured; and (iv) a need for collaboration on the project among participants drawn from outside customary organizational boundaries. To proceed with a project, computer-readable funding information is stored in the computing system which signifies approval of funding for the project. Then, a project definition is generated from at least the computer-readable project information inputted by the user and stored in a first database. Thereafter, information obtained from the stored project definition is displayed to users at user computers for recruiting participants to work on the project.

Abstract: A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling.

Abstract: A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion maybe automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.

Abstract: A system and method that includes the use of a knowledge delivery computer program stored in computer-readable form on a tangible storage medium for delivering concepts from a configuration data base to a user. An author can create the configuration data base using the knowledge delivery computer program so that the configuration includes a plurality of concepts and, optionally, a plurality of problems associated with the concepts. As the author creates the concepts within the configuration, the knowledge delivery software allows the author to create a taxonomy that defines the relationships between the concepts. The knowledge delivery software can then automatically generate a pedagogy for the configuration based on the configuration taxonomy that defines how the concepts will be delivered to the user. The knowledge delivery software can facilitate the delivery of the content within the configuration to a user according to the pedagogy.

Abstract: A training system for use in a wide variety of training tasks and environments comprising a user interface simulating the same information available to a trainee in the task environment which allows the trainee to assert actions to the system; a domain expert which can use the same information available to the trainee and carry out the same task; a training session manager for evaluating such trainee assertions and providing guidance to the trainee appropriate to his acquired skill level; a trainee model which contains a history and summary of the trainee actions; an intelligent training scenario generator for designing increasingly complex training exercises based on the current skill level and any weaknesses or deficiencies that the trainee has exhibited in previous interactions; and a blackboard that provides a common fact base for communication between the other components of the system. The domain expert contains a list of "mal-rules" which typifies errors usually made by novice trainees.

Abstract: In a parallel processing computer system with multiple processing units and shared memory, a method is disclosed for uniformly balancing the aggregate computational load in, and utilizing a minimal memory by, a network having identical computations to be executed at each connection therein. Read-only and read-write memory are subdivided into a plurality of partitions, and the computational load is subdivided into a plurality of process sets, which function like artificial processing units. Said plurality of process sets is iteratively merged and reduced to the number of processing units without exceeding the balance load. Merger is based upon the value of a partition threshold, which is a measure of the memory utilization. The turnaround time and memory savings of the instant method are functions of the number of processing units available and the number of partitions into which memory is subdivided.