Patents by Inventor Uma M. Chandolu
Uma M. Chandolu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9189643Abstract: A method may comprise determining, in an operating system instance, that an access control is being attempted to control an object by a user from a first client of a plurality of clients. Domain and client identifiers associated with the user may be determined. Any domain identifiers from a set and any client identifiers from a set may be accessed that may be associated with the object, where the domain identifiers may uniquely identify one or more domains and the client identifiers may uniquely identify one or more clients. One or more domain and client isolation rules may be evaluated to determine whether access control is permitted on the object based on whether a domain identifier is associated with both the object and the user and whether a client identifier is associated with both the object and the client. A permit or deny indication may be returned based on whether or not access control is permitted on the object.Type: GrantFiled: November 26, 2012Date of Patent: November 17, 2015Assignee: International Business Machines CorporationInventors: Uma M Chandolu, Ranganathan Vidya
-
Patent number: 8819231Abstract: According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.Type: GrantFiled: December 13, 2011Date of Patent: August 26, 2014Assignee: International Business Machines CorporationInventors: Uma M. Chandolu, Vidya Ranganathan, Lakshmanan Velusamy
-
Publication number: 20140150066Abstract: A method may comprise determining, in an operating system instance, that an access control is being attempted to control an object by a user from a first client of a plurality of clients. Domain and client identifiers associated with the user may be determined. Any domain identifiers from a set and any client identifiers from a set may be accessed that may be associated with the object, where the domain identifiers may uniquely identify one or more domains and the client identifiers may uniquely identify one or more clients. One or more domain and client isolation rules may be evaluated to determine whether access control is permitted on the object based on whether a domain identifier is associated with both the object and the user and whether a client identifier is associated with both the object and the client. A permit or deny indication may be returned based on whether or not access control is permitted on the object.Type: ApplicationFiled: November 26, 2012Publication date: May 29, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Uma M. Chandolu, Ranganathan Vidya
-
Patent number: 8473965Abstract: User space applications can utilize custom network protocol timers. A registration request is received from an application to register a custom timer. Responsive to receiving the registration request, a handle is created. The handle is a pointer to be used by the application to reference the custom timer. The handle is forwarded to the application. When a custom timer is required, a request to use a custom timer is received from an application. The kernel is then requested to start the custom timer. A determination is then made as to whether a receipt confirmation is received from the kernel before expiration of the custom timer.Type: GrantFiled: April 21, 2010Date of Patent: June 25, 2013Assignee: International Business Machines CorporationInventors: Sivarami R. Chaganti, Uma M. Chandolu, Nikhil Hegde, Puneet Mahajan
-
Publication number: 20130151704Abstract: According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.Type: ApplicationFiled: December 13, 2011Publication date: June 13, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Uma M. Chandolu, Vidya Ranganathan, Lakshmanan Velusamy
-
Publication number: 20120131646Abstract: In a Role Based Access Control (RBAC) system, an additional layer of access control is provided on a per-client basis on a centralized directory or database server. Access to privileged commands that are otherwise accessible by a user under a given role may be restricted by the additional layer of access control, depending on the client under which access is attempted. Thus, a user otherwise authorized to access a privileged command under an assigned role using one client may be restricted from accessing that command from a particular client system, even if another user having the same role is allowed to access that command using another client.Type: ApplicationFiled: November 22, 2010Publication date: May 24, 2012Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Uma M. Chandolu, Jyoti B. Tenginakai, Ranganathan Vidya
-
Publication number: 20110265101Abstract: User space applications can utilize custom network protocol timers. A registration request is received from an application to register a custom timer. Responsive to receiving the registration request, a handle is created. The handle is a pointer to be used by the application to reference the custom timer. The handle is forwarded to the application. When a custom timer is required, a request to use a custom timer is received from an application. The kernel is then requested to start the custom timer. A determination is then made as to whether a receipt confirmation is received from the kernel before expiration of the custom timer.Type: ApplicationFiled: April 21, 2010Publication date: October 27, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Sivarami R. Chaganti, Uma M. Chandolu, Nikhil Hegde, Puneet Mahajan
-
Publication number: 20110113474Abstract: A network system loads operating system (OS) software that includes a switch role tool (SRT). The SRT provides the network system with security management capability that employs a hostname attribute within a user role definition. The user role definition provides for user restrictions to database information and other user actions within the network system. During a user login or switch role command, the security management method interrogates the login location or hostname of the login along with the user request. If that login meets the criteria that the network system stores as a user role attribute for that particular user, the network system allows the login request and action. If that login does not meet the criteria that the network system stores as a user role attribute for that user, the network system denies the login request. The network system grants the user an access privilege level that varies with the determined location or hostname from which the user attempts to login.Type: ApplicationFiled: November 11, 2009Publication date: May 12, 2011Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Uma M. Chandolu, Yantian T. Lu, Puneet Mahajan, Ashish Nainwal