Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC includes a standard cell. The standard cell includes a plurality of logic functions. The ASIC also includes at least one bus coupled to at least a portion of the logic functions and a plurality of internal signals from the plurality of logic functions. Finally, the ASIC includes a field programmable (FP) function coupled to the at least one bus and at least a portion of the plurality of internal signals. The FP function provides access to internal signals for observation and control. An ASIC using a field programmable gate array (FPGA) function within a standard cell design is utilized to create an internal-to-the-ASIC bridging of internal signals to observe and control of the internal signals of the ASIC. By the placement of logic, which expresses a test program, into the FPGA function that manipulates the I/O pins and/or other functional entities of interest, the ASIC function and/or surrounding logic can be easily verified.

Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC includes a standard cell, the standard cell including a plurality of logic functions. The ASIC also includes an input/output (I/O) configuration function coupled to at least a portion of the logic functions. The ASIC further includes a field programmable gate array (FPGA) function coupled to the I/O configuration function. The FPGA function controls the I/O configuration function based upon a configuration file. A system in accordance with the present invention reduces the cost and time associated with the timing analysis activities during development. An FPGA function within the ASIC is utilized to control the I/O characteristics such as delay, termination and/or slew rate for the I/O pin mapping. Different I/O configurations will be provided by the FPGA function depending on the environment the ASIC is used in.

Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC includes a standard cell. The standard cell includes a plurality of logic functions and at least one bus coupled to at least a portion of the logic functions. The standard cell also includes a plurality of internal signals from the plurality of logic functions and a field programmable gate array (FPGA) function coupled to the at least one bus and at least a portion of the plurality of internal signals. The FPGA function includes a debug client function that observes and manipulates the at least one bus and the plurality of internal signals. A system and method in accordance with the present invention utilizes a debug function within a standard cell design to create an internal-to-the-ASIC debugging (software, hardware or both) function. The system and method is provided by connection of internal buses and signals of interest to a debug client function within the FPGA function.

Abstract: A system on a chip (SOC) integrated circuit is disclosed. The SOC integrated circuit includes a plurality of logic functions. The logic functions include a plurality of base functions and a plurality of peripheral functions. The SOC integrated circuit includes at least one field programmable gate array (FPGA) cell that is coupled to the plurality of peripheral functions. The FPGA cell can then be configured to selectively enable the plurality of peripheral functions. Accordingly, one or more FPGA cells are provided on an SOC. The FPGA cells can then be selectively configured to enable one or more peripheral chip functions. Because FPGAs are customized “in the field”, i.e., in a specific customer application, one SOC part number containing all peripheral functions can be used to satisfy multiple customer markets.

Abstract: A network processor is disclosed. The network processor comprises a plurality of standard cells; and at least one field programmable gate array (FPGA) cell that can communicate with at least one of the standard cells. The at least one FPGA cell can provide a specified function based upon field programming techniques to allow for customization of the network processor. Utilizing a method and system in accordance with the present invention, a network processor can be customized to implement a variety of functions in hardware using embedded FPGA macros. The combined technology of ASIC standard cells plus FPGA cells enables fast time-to-market for new designs while optimizing cost and performance. In addition, the combined ASIC plus FPGA on a single die allows the chip developer to use proven standard cell macros for common logic and programmable cells for high-risk logic.

Abstract: A system and method for detecting a drone implanted by a vandal in a network connected host device such as a computer, and controlling the output of the drone. The system includes an inbound intrusion detection system (IDS), an outbound IDS, a blocker such as a firewall, an inbound trace log for storing a trace of inbound traffic to the protected device, an outbound trace log for storing a trace of outbound traffic from the protected device, and a correlator. When the outbound IDS detects outbound distributed denial of service (DDoS) traffic, the outbound IDS instructs the blocker to block the outbound DDoS traffic. The correlator then recalls the outbound trace log and the inbound trace log, correlates the logs, and deduces the source ID of a message responsible for triggering the drone. The correlator then instructs the blocker to block incoming messages that bear the source ID.

Abstract: An application specific integrated circuit (ASIC) is disclosed. The ASIC comprises a standard cell. The standard cell includes a plurality of logic functions. The ASIC further includes a field programmable (FP) logic function for coupling the plurality of logic functions together via a plurality of input and output stages. The FP logic function can be programmed for field repair of at least one of the plurality of the logic functions. A method and system in accordance with the present invention utilizes a distributed field programmable logic block in conjunction with standard cells to provide for field repair and improved redundancy. To describe the features of the present invention in more detail, refer now to the following description in conjunction with the accompanying drawings.

Abstract: Method and apparatus for protecting a data processing system such as an Internet server from attack by a vandal who uses an offensive vulnerability scanner to find an externally visible vulnerability of the data processing system. The method includes determining an externally visible vulnerability using a defensive vulnerability scanner, configuring an intrusion detection system to detect a network flow associated with the vulnerability, and blocking that flow by a firewall or a router. The apparatus includes a defensive vulnerability scanner that finds an externally visible vulnerability and provides a description of the vulnerability, an intrusion detection system that detects a network flow that satisfies the description, and a firewall or a router that blocks the flow responsive to detection of the flow by the intrusion detection system.

Abstract: An intrusion detection system is improved by altering its signatures and thresholds during a denial of service attack, in order to decrease the rate at which an intrusion detection sensor sends alerts to an intrusion detection server. A governor within the sensor is associated with each signature. The governor may include an alert log, a timer, an alert-generation-rate threshold, and rules that prescribe actions to be taken when the alert-generation-rate threshold is exceeded. The governor records the generation time of each alert by the sensor, and determines the rate at which the sensor is presently generating alerts. When the present alert-generation rate exceeds the alert-generation-rate threshold, the governor alters the associated signature threshold to decrease the alert generation rate of the intrusion detection sensor.

Abstract: To prevent system crashs, as by denial-of-service attacks, of TCP/IP (Transmission Control Protocol/Internet Protocol) networks, this invention regulates the volume of TCP connection requests that await service at a TCP/IP connection control table. For this purpose, the usage of the system is monitored on a dynamic basis, the time-out value Tho is dynamically computed, and requests that that have been awaiting service for a period of time that exceeds Tho are removed from the TCP/IP connection control table.

Abstract: A method for enabling the recipient of electronic mail (e-mail) to authenticate the originator of the e-mail without opening the e-mail, so that e-mail that carries a computer virus which activates upon opening the e-mail may be rejected. The originator and the recipient agree beforehand on a privately held authentication code, which is carried in an open field of the e-mail, i.e., carried in a field that is visible to an agent of the recipient without opening the e-mail.

Abstract: A system comprising a network resource server or a server farm formed by a plurality of computer systems and a network processor which transfers data exchanged with an external network supported by the server farm at a data rate substantially the same as the data flow rate of the network and related method. The network processor protects the network resource server against attacks such as a denial of service attack by monitoring data flow, computing a derivative of the data flow over time to determine the rate of change of data flow, and modifying instructions for the discarding of packets in response to rates of change which are outside predetermined boundaries.

Abstract: A method for determining the entry point of an attack by a vandal such as a hacker upon a device such as a computer or a server such as a web server that operates under the protection of an intrusion detection system. Intrusion detection information regarding the attack and network information regarding the attack are correlated, and the entry point of the attack thereby deduced. In one embodiment, a source address of a message representative of the attack is found in a router table of a router that provides a connection supporting the attack. Logical ports of the connection are determined, and the corresponding physical ports found, thereby identifying the attack's entry point into the protected device.

Abstract: An intrusion detection system monitors for signature events, which are part of base intrusion sets that include signature event counters, signature thresholds, and base actions. Associated with each base intrusion set is an action set including an action counter, an action threshold, and an action variable. The associated action counter is updated when the base action of the base intrusion set is invoked responsive to the count of associated signature events meeting the associated signature threshold. The action counter is compared with an action threshold. If the action counter meets the threshold, the associated action variable is updated. The action variable is then passed to an analysis engine comprising a set of rules, which analyses the action variable either in isolation or together with other action variables associated with other base intrusion sets. According to the analysis, an element of a base intrusion set or an action set may be changed.

Abstract: An intrusion detection system checks a list of business rules at predetermined update times, and determines whether any provision of the business rules has become newly operative since the last update time. Provisions of the business rules prescribe alterations to intrusion signatures, thresholds, actions, or weights that are appropriate to broader circumstances evident at the update time. Whenever a new provision is found to be operative, the effected signatures, thresholds, actions, or weights are altered accordingly.

Abstract: A defense against spoofing vandals is provided, where the defense enlists the network-addressable device whose identity is used by the vandal. A network-addressable device checks incoming messages for communication protocol violations that indicate that a spoofer is using the identity of the network-addressable device. When such a protocol violation is detected, the network-addressable device records attributes of the incoming message in a spoofing logbook database. Further, the network-addressable device increments a counter associated with the identity of the spoofer's target. The value of the counter is compared with a predetermined threshold, in order to determine if the supposed spoofing is an isolated incident or part of a persistent attack. When the value of the counter exceeds the threshold, the network-addressable device constructs a spoofing alert, and sends the spoofing alert to a network administrator. The network-addressable device then rejects the message associated with the protocol violation.

Abstract: An intrusion detection security system (IDSS) guards a server against vandals' attacks such as denial of service, distributed denial of service, and common gateway interface attacks. An incoming source address is compared with the contents of a database of privileged addresses. If the incoming address is present in the database, the IDSS instructs protective equipment such as a firewall or router to allow the incoming message to pass to the web server despite any ongoing attack, thus allowing messages from customers or suppliers, for example, through. Otherwise, the IDSS checks a database of blocked addresses. When the incoming address is absent, the IDSS writes the address to the database of blocked addresses and instructs the protective equipment to block subsequent messages from the incoming address.

Abstract: A device that enables a card to be hot-plugged into a socket on a processor-base machine includes a signal bus arbitrator, a signal bus switch, a power bus switch, a cover plate switch, status signals and a controller. The controller monitors the status signals and other signals from the cover plate switch and the signal bus arbitrator to generate control signals that activate the power bus switch and the signal bus switch to control power and signal transmitting facilities at the socket.

Abstract: A frame for inserting and/or removing circuit cards from the housing of a machine includes a circuit card carrier connected to a locking CAM slide that is disposed to move within the channel of an actuator bar. A slot with a locking feature is fabricated on the locking CAM slide. A pin extending from a surface of the actuator bar into the channel coacts with the locking mechanism to lock the actuator bar relative to the locking CAM.

Abstract: A device that enables a card to be hot-plugged into a socket on a processor-base machine includes a signal bus arbitrator, a signal bus switch, a power bus switch, a cover plate switch, status signals and a controller. The controller monitors the status signals and other signals from the cover plate switch and the signal bus arbitrator to generate control signals that activate the power bus switch and the signal bus switch to control power and signal transmitting facilities at the socket.