Use of artificial intelligence techniques to identify possible inadvertent data disclosures in emails
US-2024422114-A1 · Dec 19, 2024 · US
Dynamically defining network access rules
US9253156B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9253156-B2 |
| Application number | US-201113157199-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 9, 2011 |
| Priority date | Jun 9, 2011 |
| Publication date | Feb 2, 2016 |
| Grant date | Feb 2, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and computer program products are provided for dynamically defining network access control rules. A placeholder for a parameter of an interface to an endpoint such as a data processing system or virtual machine may be provided in a network access control rule, instead of a static parameter. The parameter may be dynamically determined, by a firewall or a hypervisor for example, and the placeholder may be replaced with the dynamically determined parameter.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for filtering packets sent to and received from a virtual machine, comprising: a processor; a memory; a bus operably coupling the processor and memory; a network access control rule stored in the memory, the network access control rule including a placeholder for an identifier for the virtual machine, the placeholder comprising a first parameter for a network address of the virtual machine and a second parameter for a network port of the virtual machine, the placeholder having the format “first_parameter@second_parameter”; and a hypervisor computer program including instructions stored in the memory that are executed by the processor to: determine the network address and the network port for the virtual machine during runtime of the hypervisor computer program, the hypervisor computer program determining the network address and the network port for the virtual machine by polling the virtual machine at predetermined intervals; and replace the placeholder with the determined network address and the determined network port during runtime of the hypervisor computer program, the “first_parameter” portion of the placeholder being replaced with the determined network address and the “second_parameter” portion of the placeholder being replaced with the determined network port. 2. The system of claim 1 , further comprising a kernel interface for detecting the network address and the network port for the virtual machine during runtime. 3. The system of claim 1 , wherein the network address and the network port for the virtual machine is one of a virtual MAC address, an IP address and a VLAN. 4. A computer program product for filtering network packets sent to and received from a virtual machine, comprising: a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising: computer readable program code configured to define a network access control rule, the network access control rule comprising a placeholder for an interface identifier for the virtual machine, the placeholder comprising a first parameter for a network address of the virtual machine and a second parameter for a network port of the virtual machine, the placeholder having the format “first_parameter@second_parameter”; computer readable program code configured to determine the network address and the network port for the virtual machine during runtime of a hypervisor computer program, the hypervisor computer program determining the network address and the network port for the virtual machine by polling the endpoint at predetermined intervals; and computer readable program code configured to dynamically replace the first and second parameters of the placeholder in the network access control rule with the determined network address and the determined network port of the virtual machine during runtime of the hypervisor computer program, the “first_parameter” portion of the placeholder being replaced with the determined network address and the “second_parameter” portion of the placeholder being replaced with the determined network port. 5. The computer program product of claim 4 , wherein the computer readable program code further comprises: computer readable program code configured to determine the network address and the network port for the virtual machine when a packet targeted at the virtual machine is received. 6. The computer program product of claim 4 , wherein the network address for the virtual machine is one of a MAC address and a VLAN. 7. The computer program product of claim 4 , wherein the network address for the virtual machine is an IP address. 8. The computer program product of claim 7 , wherein the computer readable program code configured to determine the interface identifier for the virtual machine includes computer readable program code configured to monitor network traffic to detect the IP address. 9. The computer program product of claim 4 , wherein the computer readable program code is configured to automatically determine, at a point in time after the definition of the network access control rule, the interface identifier for the virtual machine, the computer readable program code further configured to automatically determine at a kernel interface the interface identifier for the virtual machine.
Assignees
Inventors
Classifications
Routing in software-defined topologies, e.g. routing between virtual machines · CPC title
Electricity · mapped topic
- H04L63/0263Primary
Rule management · CPC title
Tools and structures for managing or administering access control systems · CPC title
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9253156B2 cover?
- Systems and computer program products are provided for dynamically defining network access control rules. A placeholder for a parameter of an interface to an endpoint such as a data processing system or virtual machine may be provided in a network access control rule, instead of a static parameter. The parameter may be dynamically determined, by a firewall or a hypervisor for example, and the p…
- Who is the assignee on this patent?
- Kashyap Vivek, IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0263. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 02 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).