Abstract: Trusted virtual process execution contexts using secure distributed ledger are disclosed herein. An example system can be configured to determine an allowable state for an IoT endpoint node of the IoT endpoint nodes, the allowable state having one or more trusted parameters for the IoT endpoint node; hashing the one or more trusted parameters of the allowable state for the IoT endpoint node into a parameter hash; store the hashed, trusted parameters along with the parameter hash; hashed, trusted and provision the one or more trusted elements with the one or more trusted parameters for the IoT endpoint node when the one or more trusted parameters are verified.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Systems and methods for security of industrial data streams are provided herein. Methods according to various embodiments include provisioning a fogNode that is communicatively coupled with a fog cloud manager through a forwarder of the fogNode and providing a fogLet within the fogNode, the fogLet communicating with a plurality of operational technology devices. Embodiments include providing fogLet identification information using hardware root of trust of the fogNode, the hardware root of trust of the fogNode being a Trusted Platform Module (TPM) of the fogNode. Embodiments further comprise communicating operational device authentication information with fogLet identification information to a third party tenant application, the third party tenant application validating industrial data streams from the operational technology devices by communicating the operational device authentication information with the fogLet identification information to a third party cloud application.

Abstract: According to some exemplary embodiments, the present disclosure is directed to a secure edge datastream processing and distribution system comprising a trusted datastream with metadata indicating ownership and access rights added at an edge. Further embodiments include sensors, machines or robots sending sensor data attributes to a fog operating system data pipeline, the fog operating system data pipeline sending dynamic data tags to secure containers and/or the fog operating system data pipeline sending role and org assignment data to secure containers. The secure containers may send correlated edge analytics to an authorization policy engine, and/or the secure containers may send datastream identification definition data to an authorization policy engine.

Abstract: According to some exemplary embodiments, the present disclosure is directed to a secure edge datastream processing and distribution system comprising a trusted datastream with metadata indicating ownership and access rights added at an edge. Further embodiments include sensors, machines or robots sending sensor data attributes to a fog operating system data pipeline, the fog operating system data pipeline sending dynamic data tags to secure containers and/or the fog operating system data pipeline sending role and org assignment data to secure containers. The secure containers may send correlated edge analytics to an authorization policy engine, and/or the secure containers may send datastream identification definition data to an authorization policy engine.

Abstract: Trusted virtual process execution contexts using secure distributed ledger are disclosed herein. An example system can be configured to determine an allowable state for an IoT endpoint node of the IoT endpoint nodes, the allowable state having one or more trusted parameters for the IoT endpoint node; hashing the one or more trusted parameters of the allowable state for the IoT endpoint node into a parameter hash; store the hashed, trusted parameters along with the parameter hash; hashed, trusted and provision the one or more trusted elements with the one or more trusted parameters for the IoT endpoint node when the one or more trusted parameters are verified.

Abstract: Systems and methods for security of industrial data streams are provided herein. Methods according to various embodiments include provisioning a fogNode that is communicatively coupled with a fog cloud manager through a forwarder of the fogNode and providing a fogLet within the fogNode, the fogLet communicating with a plurality of operational technology devices. Embodiments include providing fogLet identification information using hardware root of trust of the fogNode, the hardware root of trust of the fogNode being a Trusted Platform Module (TPM) of the fogNode. Embodiments further comprise communicating operational device authentication information with fogLet identification information to a third party tenant application, the third party tenant application validating industrial data streams from the operational technology devices by communicating the operational device authentication information with the fogLet identification information to a third party cloud application.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: A system and method for efficiently accessing replicas of a storage object. A first node may perform a find operation to determine a plurality of nodes that each store a replica of a first storage object. For each node in the plurality of nodes, the first node may establish a direct connection to the node. The first node may then access the replicas of the first storage object using the respective direct connections to the plurality of nodes. In one embodiment, the nodes may be nodes in a peer-to-peer network. Establishing a direct connection to each storage object replica may enable the first node to communicate with each node in a single hop without having to pass messages via intermediate nodes in the peer-to-peer network.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: A system and method for performing goal-oriented storage management for a distributed data storage network. Storage management software may execute on each node to cause the distributed data storage network to converge toward a system-wide storage goal. In various embodiments, the system-wide storage goal may be defined to accomplish any of various kinds of optimizations or performance improvements for the system, such as balancing storage utilization, achieving appropriate data replication, increasing performance, increasing fault tolerance, etc.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.

Abstract: Systems, methods and machine-readable media for providing a security service are disclosed. The methods include receiving a modification of the application object code to allow the software application to transmit a request for the security service; retrieving the modified application object code corresponding to the software application from memory; receiving, via a processor, the request for the security service from the modified application object code; and providing, via the processor, the security service. The systems and machine-readable media performing operations according to the methods disclosed.