| 发明名称 | Method for discovering a security policy | ||
| 摘要 | Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies. | ||
| 申请公布号 | US8839345(B2) | 申请公布日期 | 2014.09.16 |
| 申请号 | US200812049629 | 申请日期 | 2008.03.17 |
| 申请人 | International Business Machines Corporation | 发明人 | Griffin John L.;Pendarakis Dimitrios;Perez Ronald;Sailer Reiner;Valdez Enriquillo |
| 分类号 | H04L21/00;H04L29/06;H04L29/08;G06F21/62;H04W12/08 | 主分类号 | H04L21/00 |
| 代理机构 | Ryan, Mason & Lewis, LLP | 代理人 | Ryan, Mason & Lewis, LLP |
| 主权项 | 1. A method for mapping at least one physical system and at least one virtual system into at least two separate execution environments, comprising the steps of: discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system; using the discovered policy to create an enforceable isolation policy; and using the isolation policy to modify a deployment of one or more workloads in the at least one physical system and at least one virtual system to create at least two separate execution environments, wherein one or more steps of said method are performed by a processor. | ||
| 地址 | Armonk NY US | ||