Enhancing container security by performing container vulnerability reduction based on static analysis of dynamically loaded symbols and system call blocking
US-2024220632-A1 · Jul 4, 2024 · US
Policy enforcement in a topology abstraction system
US9507932B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9507932-B2 |
| Application number | US-201414484903-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 12, 2014 |
| Priority date | Sep 12, 2014 |
| Publication date | Nov 29, 2016 |
| Grant date | Nov 29, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A capability for providing policy enforcement in a topology abstraction system is presented. The capability for providing policy enforcement in a topology abstraction system may support use of topology abstraction policies to control abstraction of topology information of a topology (e.g., a network topology of a communication network or any other suitable type of topology). The capability for providing policy enforcement in a topology abstraction system providing an abstract representation of a topology may support use of topology abstraction policies to control selection (or acceptance) of topology elements for inclusion within the abstract representation of a topology and filtering (or rejection) of topology elements from being included within the abstract representation of a topology. The capability for providing policy enforcement in a topology abstraction system providing an abstract representation of a topology may support use of topology abstraction policies to control clustering of topology elements selected for inclusion within the abstract representation of the topology.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus, comprising: a processor and a memory communicatively connected to the processor, the processor configured to: receive topology information describing a set of topology elements of a topology; determine, based on a set of topology abstraction policies configured to control abstraction of the topology information describing the set of topology elements of the topology, topology element abstraction information, wherein, to determine the topology element abstraction information, the processor is configured to assign respective classifications to the topology elements in the set of topology elements based on the set of topology abstraction policies; determine, based on the topology element abstraction information, abstracted topology information configured to provide an abstract representation of the topology, wherein, to determine the abstracted topology information, the processor is configured to: determine, for each of the topology elements of the set of topology elements based on the respective classifications of the topology elements, whether to select the topology element for inclusion in the abstracted topology information; and determine based on the respective classifications of the topology elements selected for inclusion in the abstracted topology information, topology element clustering information indicative of clustering of the topology elements selected for inclusion in the abstracted topology information; and propagate the abstracted topology information toward a topology exposure element. 2. The apparatus of claim 1 , wherein the set of topology elements comprises at least one of a node, a group of nodes, a communication link, or a group of communication links. 3. The apparatus of claim 1 , wherein, for at least one of the topology elements, the topology information comprises at least one of an address of the topology element, a group of addresses with which the topology element is associated, Autonomous System (AS) description information associated with the topology element, identification of a source of topology information for the topology element, identification of a routing protocol providing topology information for the topology element, one or more protocol parameters of a routing protocol providing topology information for the topology element, or metadata. 4. The apparatus of claim 1 , wherein, to assign the respective classifications to the topology elements, the processor is configured to: iteratively evaluate the topology elements with respect to the topology abstraction policies. 5. The apparatus of claim 1 , wherein, to assign the respective classifications to the topology elements, the processor is configured to: select one of the topology elements from topology element information determined from the topology information; identify, from the set of topology abstraction policies, one of the topology abstraction policies with which the one of the topology elements is associated; and assign the respective classification to the one of the topology elements based on evaluation of one or more policy rules of the one of the topology abstraction policies with which the one of the topology elements is associated. 6. The apparatus of claim 5 , wherein, to identify the one of the topology abstraction policies with which the one of the topology elements is associated, the processor is configured to: compare topology element description information for the one of the topology elements with respective policy definition information of one or more of the topology abstraction policies. 7. The apparatus of claim 5 , wherein, to assign the respective classification to the one of the topology elements based on evaluation of one or more policy rules of the one of the topology abstraction policies with which the one of the topology elements is associated, the processor is configured to: identify one of the policy rules, of the one of the topology abstraction policies, having a condition satisfied by the one of the topology elements; and assign the respective classification to the one of the topology elements based on an action associated with the one of the policy rules, of the one of the topology abstraction policies, having the condition satisfied by the one of the topology elements. 8. The apparatus of claim 1 , wherein the processor is configured to: determine the abstract representation of the topology based on the abstracted topology information. 9. The apparatus of claim 1 , wherein the processor is configured to: determine the abstract representation of the topology based on the topology element clustering information indicative of the clustering of the topology elements selected for inclusion in the abstracted topology information. 10. The apparatus of claim 1 , wherein the clustering comprises at least one of anti-affinity clustering or affinity clustering. 11. The apparatus of claim 1 , wherein the processor is configured to: perform a first type of clustering for ones of the topology elements selected for inclusion in the abstracted topology information that have a first classification associated therewith; and perform a second type of clustering for ones of the topology elements selected for inclusion in the abstracted topology information that have a second classification associated therewith. 12. The apparatus of claim 11 , wherein the first type of clustering comprises anti-affinity clustering and the second type of clustering comprises affinity clustering. 13. The apparatus of claim 1 , wherein the processor is configured to: assign a label to one of the topology elements selected for inclusion in the abstracted topology information. 14. The apparatus of claim 13 , wherein the processor is configured to assign the label to the one of the topology elements based on one of the topology abstraction policies with which the one of the topology elements is associated. 15. The apparatus of claim 13 , wherein the processor is configured to: derive an identifier for the one of the topology elements, based on the label, for use in the abstract representation of the topology. 16. The apparatus of claim 1 , wherein the processor is configured to: determine the clustering of the topology elements selected for inclusion in the abstracted topology information. 17. The apparatus of claim 16 , wherein, to determine the clustering of the topology elements, the processor is configured to: apply anti-affinity clustering to portions of the topology elements selected for inclusion in the abstracted topology information; and apply affinity clustering to portions of the topology elements selected for inclusion in the abstracted topology information. 18. A method, comprising: receiving, by a processor, topology information describing a set of topology elements of a topology; determining, by the processor based on a set of topology abstraction policies configured to control abstraction of the topology information describing the set of topology elements of the topology, topology element abstraction information, wherein determining the topology element abstraction information comprises assigning respective classifications to the topology elements in the set of topology elements based on the set of topology abstraction policies; determining, by the processor based on the topology element abstraction information, abstracted topology information configured to provide an abstract representation of the topology, wherein determining the abstracted topology information comprises determining, for each o
Assignees
Inventors
Classifications
to features or functions of an application · CPC title
Assignment of logical groups to network elements · CPC title
- G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Discovery or management of network topologies · CPC title
Network analysis or design · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9507932B2 cover?
- A capability for providing policy enforcement in a topology abstraction system is presented. The capability for providing policy enforcement in a topology abstraction system may support use of topology abstraction policies to control abstraction of topology information of a topology (e.g., a network topology of a communication network or any other suitable type of topology). The capability for …
- Who is the assignee on this patent?
- Scharf Michael, Voith Thomas, Stein Manuel, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).