Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.

Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.

Abstract: This application is directed to an integrity monitoring method performed at a computational machine in a linear communication orbit. The computational machine receives a watch list through the linear communication orbit. The watch list identifies objects for which events are to be monitored at the computational machine. While a plurality of events are occurring locally at the computational machine, the computational machine identifies the plurality of events in real-time. The identified events include events for the objects identified by the watch list, and event information for these identified events is stored in a local database of the computational machine. In response to an integrity reporting request received through the linear communication orbit, the computational machine identifies event information for at least some of the objects identified by the watch list in the local database, and returns the identified event information to a server system through the linear communication orbit.

Abstract: A remote server dispatches an instruction packet to a node in a network through a linear communication orbit formed by a collection of nodes. The instruction packet propagates from node to node along the linear communication orbit until reaching the node. The instruction packet includes instructions for establishing a direct duplex connection between the node and the remote server. After dispatching the instruction packet to the node through the linear communication orbit, the remote server receives, from the node, a request for establishing the direct duplex connection. In response to receiving the request from the node, the remote server establishes the direct duplex connection. After establishing the direct duplex connection, the remote server issues instructions to the node to upload local data from the node to the remote server through the direct duplex connection.

Abstract: A method for evaluating indicators of compromise (IOCs) is performed at a device having one or more processors and memory. The method includes receiving respective specifications of a plurality of IOCs, wherein the respective specifications of each IOC of the plurality of IOCs includes a respective cost associated with evaluating the IOC. The method further includes dynamically determining an order for evaluating the plurality of IOCs based on the respective costs associated with the plurality of IOCs, and determining whether a threat is present based on results for evaluating one or more of the plurality of IOCs in accordance with the dynamically determined order, instead of an order by which the plurality of IOCs have been received at the device.

Abstract: A respective node in a linear communication orbit receives an instruction packet through the linear communication orbit, where the instruction packet has been propagated from a starting node to the respective node through one or more upstream nodes along the linear communication orbit, and the instruction packet includes an instruction for establishing a direct duplex connection between the respective node and a respective server. In response to receiving the instruction packet, the respective node sends an outbound connection request to the respective server to establish the direct duplex connection. The respective node then uploads local data to the respective server through the direct duplex connection (e.g., in response to one or more queries, instructions, and requests received from the respective server through the direct duplex connection), where the respective server performs analysis on the local data received from the respective node through the direct duplex connection.

Abstract: A method, system and computer program product for decoupling components of a software system at load/compile time to accelerate application startup times. In particular, a software components partitioning (SCP) utility pre-defines a number of (implementation) classes to initiate and facilitate the decoupling process. The SCP utility allows the method names and argument lists to be recorded from a remote interface into a local interface which emulates the remote interface. The local interface is augmented with an annotation to define the remote interface. Additionally, a pre-defined keyword is appended to the name of the local interface to enable the creation of a (pre-defined) classname. Furthermore, when the classname is loaded, an implementation (via a Java implementation class, for example) for the remote class is loaded, and the implementation is associated with a dynamic proxy that implements both the local and remote interfaces, on demand.

Abstract: A method for creating a buffer of a special class for accessing a specified memory space. The method includes the steps of: creating, by a processor of the computer system, a buffer of a special class, the buffer including a memory space that the processor is not permitted to access; and creating, by the processor, an accessible buffer of the class in access-permitted memory space by slicing off a portion of a created buffer of the class in response to a designation of the access-permitted memory space and size, where the processor includes: the special class for the buffer for accessing a memory space specified by an absolute address; and a function to create the class by slicing off the portion of the memory space specified by the class.

Abstract: A cache is configured as a hybrid disk-overflow system in which data sets generated by applications running in a distributed computing system are stored in a fast access memory portion of cache, e.g., in random access memory and are moved to a slower access memory portion of cache, e.g., persistent durable memory such as a solid state disk. Each data set includes application-defined key data and bulk data. The bulk data are moved to slab-allocated slower access memory while the key data are maintained in fast access memory. A pointer to the location within the slower access memory containing the bulk data is stored in the fast access memory in association with the key data. Applications call data sets within the cache using the key data, and the pointers facilitate access, management and manipulation of the associated bulk data. Access, management and manipulation occur asynchronously with the application calls.

Abstract: System for managing a life cycle of a virtual resource. One or more virtual resources are defined. The one or more defined virtual resources are created. The created virtual resources are instantiated. Then, a topology of a virtual resource is constructed using a plurality of virtual resources that are in at least one of a defined, a created, or an instantiated state.

Abstract: Modules which are running outside of a first application server virtual machine (VM) are enabled to introspect into modules running inside the first VM by notifying a manageable component factory by an application module being executed by a first application server VM of a need to allow a second VM to introspect into and to load class information regarding objects already running in the first VM, wherein the first and second virtual machines are separate virtual machines; registering the already-running object class information to a manageable component server using a descriptor; and loading the registered class information by the second VM from the manageable component server, wherein a tool object or administrative object running in the second VM introspects into and loads the objects already running in the first virtual machine without use of an application programming interface.

Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.

Abstract: A method of dynamic performance balancing in a distributed computer system including collecting average service time statistics for application requests distributed from multiple application servers and collecting application server CPU utilization statistics from multiple hosts where each host is associated with at least one of the application servers. In addition, the method includes periodically calculating scaled routing weights from the average service time and CPU utilization statistics and distributing server requests to the application servers in accordance with the scaled routing weights. Also provided is a distributed computer system configured to accomplish dynamic performance balancing as described above, and an article of manufacture for use in programming a distributed computer system containing instructions to accomplish dynamic performance balancing of server requests as described above.

Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.

Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.

Abstract: A method, system and computer program product for decoupling components of a software system at load/compile time to accelerate application startup times. In particular, a software components partitioning (SCP) utility pre-defines a number of (implementation) classes to initiate and facilitate the decoupling process. The SCP utility allows the method names and argument lists to be recorded from a remote interface into a local interface which emulates the remote interface. The local interface is augmented with an annotation to define the remote interface. Additionally, a pre-defined keyword is appended to the name of the local interface to enable the creation of a (pre-defined) classname. Furthermore, when the classname is loaded, an implementation (via a Java implementation class, for example) for the remote class is loaded, and the implementation is associated with a dynamic proxy that implements both the local and remote interfaces, on demand.

Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.

Abstract: In a method and system for monitoring events occurring at respective servers of a configuration of nodes, a first server located at a first node receives information from a messaging system pertaining to events at servers located at other nodes. The messaging system usefully comprises a highly available (HA) bulletin board or the like. When the first server receives a start event notification pertaining to a second server located at a second node, a direct communication path is established between the first and second servers. The first server identifies events in the second server that affect or are of interest to services of the first server. The first server then registers with the second server, to receive notification through the direct communication path when respective identified events occur.