Patents by Inventor Vidya Ranganathan

Vidya Ranganathan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9329952
    Abstract: Reducing application downtime during failover including identifying a critical line in the startup of an application, the critical line comprising the point in the startup of the application in which the application begins to use dependent resources; checkpointing the application at the critical line of startup; identifying a failure in the application; and restarting the application from the checkpointed application at the critical line.
    Type: Grant
    Filed: December 7, 2010
    Date of Patent: May 3, 2016
    Assignee: International Business Machines Corporation
    Inventors: Manohar R. Bodke, Ravikiran Moningi, Ravi A. Shankar, Vidya Ranganathan
  • Patent number: 9122889
    Abstract: According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user.
    Type: Grant
    Filed: November 12, 2013
    Date of Patent: September 1, 2015
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Saurabh Desai, Vidya Ranganathan
  • Patent number: 8955057
    Abstract: According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user.
    Type: Grant
    Filed: October 17, 2012
    Date of Patent: February 10, 2015
    Assignee: International Business Machines Corporation
    Inventors: Saurabh Desai, Vidya Ranganathan
  • Patent number: 8949566
    Abstract: Methods, apparatuses, and computer program products are provided for locking access to data storage shared by a plurality of compute nodes. Embodiments include maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; and conveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage.
    Type: Grant
    Filed: December 2, 2010
    Date of Patent: February 3, 2015
    Assignee: International Business Machines Corporation
    Inventors: Madhusudanan Kandasamy, Vidya Ranganathan, Murali Vaddagiri
  • Patent number: 8903096
    Abstract: Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: December 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Jes Kiran Chittigala, Ravi A. Shankar, Vidya Ranganathan
  • Patent number: 8838644
    Abstract: Methods, systems, and products for governing access to objects on a filesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, thereby enabling governing of access to objects on a filesystem according to an associated definition of an ACL type; and accepting definitions of ACL types. The associated definition may comprise a kernel extension.
    Type: Grant
    Filed: November 25, 2009
    Date of Patent: September 16, 2014
    Assignee: International Business Machines Corporation
    Inventors: Madhusudanan Kandasamy, Vidya Ranganathan, Murali Vaddagiri
  • Patent number: 8832389
    Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: September 9, 2014
    Assignee: International Business Machines Corporation
    Inventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
  • Patent number: 8826244
    Abstract: Method for providing programming support to a debugger are disclosed. The method includes defining at least one debugger programming statement, and instructing the debugger to execute the at least one debugger programming statement which modifies a least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.
    Type: Grant
    Filed: March 27, 2012
    Date of Patent: September 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Madhusudanan Kandasamy, Vidya Ranganathan
  • Patent number: 8819231
    Abstract: According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: August 26, 2014
    Assignee: International Business Machines Corporation
    Inventors: Uma M. Chandolu, Vidya Ranganathan, Lakshmanan Velusamy
  • Patent number: 8745597
    Abstract: System, and computer program product for providing programming support to a debugger are disclosed. The debugger executes at least one debugger programming statement which modifies at least a portion of the computer program during execution of the computer program without recompiling the computer program. The debugger may be instructed to execute the at least one debugger programming statement at a specified position of the computer program. The at least one debugger programming statement may include a delete instruction that instructs the debugger to prevent one or more programming statements at a specified position in the computer program from being executed. The debugger may be instructed to execute the at least one debugger programming statement instead of one or more programming statements at a specified position in the computer program without recompiling the computer program.
    Type: Grant
    Filed: November 25, 2009
    Date of Patent: June 3, 2014
    Assignee: International Business Machines Corporation
    Inventors: Madhusudanan Kandasamy, Vidya Ranganathan
  • Publication number: 20140109189
    Abstract: According to one aspect of the present disclosure a system and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The system includes a memory and a processor coupled to the memory, wherein the processor is configured to: determine, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; create a privilege shell for a user running the application; set the determined privilege on the privilege shell; associate an authorization to the privilege shell; and invoke the privilege shell to run the application by the user.
    Type: Application
    Filed: October 17, 2012
    Publication date: April 17, 2014
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Saurabh Desai, Vidya Ranganathan
  • Publication number: 20140109193
    Abstract: According to one aspect of the present disclosure, a method and technique for managing access to application-based objects in a system utilizing a role-based access control framework is disclosed. The method includes: determining, for each object class of an application, a privilege needed for invoking a privileged operation associated with the object class; creating a privilege shell for a user running the application; setting the determined privilege on the privilege shell; associating an authorization to the privilege shell; and invoking the privilege shell to run the application by the user.
    Type: Application
    Filed: November 12, 2013
    Publication date: April 17, 2014
    Applicant: International Business Machines Corporation
    Inventors: Saurabh Desai, Vidya Ranganathan
  • Patent number: 8631123
    Abstract: When an operating system process evaluates a rule for an operation being attempted on a logical network port, the operating system process determines whether the target logical port falls within a range of logical ports, and then determines whether the operation is associated with a permitted domain of the range of logical ports. If the operation is a bind operation, then the process attempting to bind to the target port will be allowed to bind if the target port falls within the range and the operation/process is associated with a permitted domain. Otherwise, the binding operation will not be allowed to proceed.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: January 14, 2014
    Assignee: International Business Machines Corporation
    Inventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
  • Patent number: 8595821
    Abstract: Domains can be used to secure resources of a cluster. An administrator can configure a node of a cluster as a member of a particular domain. Membership in a cluster can be restricted to nodes that are members of the particular domain. When a node generates a cluster message, a kernel process or operating system process of the node will indicate the domain(s) of the node in the cluster message. The cluster message can be a command message to read or write to a storage resource of the cluster. When the cluster storage resource node or node that controls the storage resource receives the command message, the node will examine the command message to ensure the message indicates a domain that aligns with the cluster. If the proper domain is indicated in the command message, then the command message is processed. Otherwise, the command message is denied.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: November 26, 2013
    Assignee: International Business Machines Corporation
    Inventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
  • Publication number: 20130151704
    Abstract: According to one aspect of the present disclosure, a method and technique for domain based partition and resource group management is disclosed. The method includes: responsive to determining that an operation is being attempted on an object, determining a partition identifier associated with the object; determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the partition based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on the partition based on partition identifiers and domain identifiers; and responsive to determining that the operation on the partition can proceed based on the domain isolation rules, permitting the operation.
    Type: Application
    Filed: December 13, 2011
    Publication date: June 13, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Uma M. Chandolu, Vidya Ranganathan, Lakshmanan Velusamy
  • Patent number: 8429191
    Abstract: Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed.
    Type: Grant
    Filed: January 14, 2011
    Date of Patent: April 23, 2013
    Assignee: International Business Machines Corporation
    Inventors: Saurabh Desai, George Mathew Koikara, Pruthvi Panyam Nataraj, Guha Prasad Venkataraman, Vidya Ranganathan
  • Publication number: 20130046720
    Abstract: According to one aspect of the present disclosure, a method and technique for domain based user mapping of objects is disclosed. The method includes: responsive to determining that an operation is being attempted on an object identified with an object identifier, determining a domain identifier associated with a user attempting the operation; determining whether the operation can proceed on the object based on domain isolation rules, the domain isolation rules indicating rules for allowing or disallowing operations to proceed on objects based on object identifiers and domain identifiers; responsive to determining that the operation on the object can proceed based on the domain isolation rules, accessing user mapping rules that map specified users allowed to perform a specified operation to a specified object; and determining whether the operation can proceed on the object by the user based on the user mapping rules.
    Type: Application
    Filed: August 17, 2011
    Publication date: February 21, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Natarajan Chellappan, Madhusudanan Kandasamy, Vidya Ranganathan, Lakshmanan Velusamy
  • Publication number: 20120288096
    Abstract: Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.
    Type: Application
    Filed: July 24, 2012
    Publication date: November 15, 2012
    Applicant: International Business Machines Corporation
    Inventors: Jes Kiran Chittigala, Ravi A. Shankar, Vidya Ranganathan
  • Publication number: 20120272051
    Abstract: Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.
    Type: Application
    Filed: April 22, 2011
    Publication date: October 25, 2012
    Applicant: International Business Machines Corporation
    Inventors: Jes Kiran Chittigala, Ravi A. Shankar, Vidya Ranganathan
  • Patent number: 8255431
    Abstract: Methods, systems, and products for managing memory. In one general embodiment, the method includes assigning an isolated virtual heap in a global kernel heap of a global operating system environment to each of a plurality of isolated virtual operating system environments operating in a global operating system environment; and in response to an invocation of kernel heap memory allocation from one of the isolated virtual operating system environments, dynamically allocating memory to the invoking isolated virtual operating system environment from the virtual kernel heap assigned to the invoking isolated virtual operating system environment. The method may also include running the plurality of isolated virtual operating system environments in the global operating system environment. The plurality of isolated virtual operating system environments may share a single common kernel. The isolated virtual operating system environments may run under the same operating system image.
    Type: Grant
    Filed: November 23, 2009
    Date of Patent: August 28, 2012
    Assignee: International Business Machines Corporation
    Inventors: Madhusudanan Kandasamy, Vidya Ranganathan, Murali Vaddagiri