Method to automatically map business function level policies to it management policies

US 8,255,972 B2
Filed: 06/06/2008
Issued: 08/28/2012
Est. Priority Date: 06/06/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for classifying network traffic comprising:

finding a list of pairs ((a₁, p₁), . . . , (a_n, p_n)) as a high-level policy, where a_iis an application name and a corresponding p_iis a priority of the application a_i;

mapping the application a_ito an IP address and a port number by finding a list of triples ((IPa₁, pa₁, in₁), . . . , (IPa_n, pa, in_n)) of low-level objects, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, and in_iis an indicator associated with the application a_i; and

obtaining a low-level policy as (((IPa₁, pa₁, in₁), p₁), . . . , ((IPa_n, pa, in_n), p_n)) from the mapping and the high-level policy, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, in_iis an indicator associated with the application a_i, and p_iis a priority of the application a_i,wherein a computing system including a processor and a memory device connected to the processor performs the finding the list of pairs ((a₁, p₁), . . . , (a_n, p_n)), the mapping and the obtaining.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, computer program product, and computer program storage device for transforming a high-level policy associated with a high layer to a low-level policy associated with a low layer. Mapping between high-level objects in a high layer and low-level objects in a low layer is derived by an automated discovery tool. The high-level policy is mapped to the low-level policy according to the mapping (e.g., by substituting the high-level objects with the low-level objects and by performing a syntax transformation). In one embodiment, a low-level policy is transformed to a high-level policy according to the mapping. As exemplary embodiments, policy transformations in traffic shaping and data retention are disclosed.

Citations

6 Claims

1. A computer-implemented method for classifying network traffic comprising:
- finding a list of pairs ((a₁, p₁), . . . , (a_n, p_n)) as a high-level policy, where a_iis an application name and a corresponding p_iis a priority of the application a_i;
  
  mapping the application a_ito an IP address and a port number by finding a list of triples ((IPa₁, pa₁, in₁), . . . , (IPa_n, pa, in_n)) of low-level objects, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, and in_iis an indicator associated with the application a_i; and
  
  obtaining a low-level policy as (((IPa₁, pa₁, in₁), p₁), . . . , ((IPa_n, pa, in_n), p_n)) from the mapping and the high-level policy, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, in_iis an indicator associated with the application a_i, and p_iis a priority of the application a_i,wherein a computing system including a processor and a memory device connected to the processor performs the finding the list of pairs ((a₁, p₁), . . . , (a_n, p_n)), the mapping and the obtaining.
- View Dependent Claims (2)
- - 2. The computer-implemented method according to claim 1, further comprising:
    - finding a multi-tier dependency in a middle-level objects through which the application a_iare transmitted from a business layer to an IT (Information Technology) layer, the multi-tier dependency being expressed by a set {m₁, m₂, m₃, . . . , m_k}, where m_iindicating a middle-level object between the business layer and the IT layer;
      
      constructing a mapping from the high-level policy to a low-level policy by combining the multi-tier dependency and the list of pairs of low-level objects as M(a_i)={(IPm₁, pm_i, inm₁), (IPm₂, pm₂, inm₂), (IPm₃, pm₃, inm₃), . . . , (IPm_k, pm_k, inm_k)}, where M(a_i) indicating mapping associated with the application a_ifrom the high-level policy to the low-level policy, IPm₁indicating a range of IP address at a middle-level object m₁, pm₁indicating a range of port numbers at a middle-level object m₁, inm₁indicating an indicator at a middle-level object m₁, IPm₂indicating a range of IP address at a middle-level object m₂, pm₂indicating a range of port numbers at a middle-level object m₂, inm₂indicating an indicator at a middle-level object m₂, IPm₃indicating a range of IP address at a middle-level object m₃, pm₃indicating a range of port numbers at a middle-level object m₃, inm₃indicating an indicator at a middle-level object m₃, IPm_kindicating a range of IP address at a middle-level object m_k, an pm_kindicating a range of port numbers at a middle-level object m_k, inm_kindicating an indicator at a middle-level object m_n; and
      
      deriving the low-level policy from the mapping M(a_i) and the high-level policy, the low-level policy stating ((M(a₁), p₁), . . . , (M(a_n), a_n)), where M(a₁) indicating mapping associated with the application a₁, p₁is a priority of the application a₁, M(a_n) indicating mapping associated with the application a_n, and p_nis a priority of the application a_n,wherein a computing system including a processor and a memory device connected to the processor performs the finding the multi-tier dependency, the constructing the mapping, and the deriving.

3. A computer-implemented system for classifying network traffic comprising:
- a computing system including at least one processor and at least one memory device connected to the at least one processor,wherein the computing system is configured to;
  
  find a list of pairs ((a₁, p₁), . . . , (a_n, p_n)) as a high-level policy, where a_iis an application name and a corresponding p_iis a priority of the application a_i;
  
  map the application a_ito an IP address and a port number by finding a list of triples ((IPa₁, pa₁, in₁), . . . , (IPa_n, pa_n, in_n)) of low-level objects, where IPa₁is a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, in_iis an indicator associated with the application a_i; and
  
  obtain a low-level policy as (((IPa₁, pa₁, in₁), p₁), . . . , (IPa_n, pa, in_n), p_n)) from the mapping and the high-level policy, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, in_iis an indicator associated with the application a_i, and p_iis a priority of the application a_i.
- View Dependent Claims (4)
- - 4. The computer-implemented system according to claim 3, wherein the computing system is further configured to:
    - find a multi-tier dependency in a middle-level objects through which the application a_iare transmitted from a business layer to an IT (Information Technology) layer, the multi-tier dependency being expressed by a set {m₁, m₂, m₃, . . . , m_k}, where m_iindicating a middle-level object between the business layer and the IT layer;
      
      construct a mapping from the high-level policy to a low-level policy by combining the multi-tier dependency and the list of pairs of low-level objects as M(a_i)={(IPm₁, pm_i, inm₁), (IPm₂, pm₂, inm₂), (IPm₃, pm₃, inm₃), . . . , (IPm_k, pm_k, inm_k)}, where M(a_i) indicating mapping associated with the application a_ifrom the high-level policy to the low-level policy, IPm₁indicating a range of IP address at a middle-level object m₁, pm₁indicating a range of port numbers at a middle-level object m₁, inm₁indicating an indicator at a middle-level object m₁, IPm₂indicating a range of IP address at a middle-level object m₂, pm₂indicating a range of port numbers at a middle-level object m₂, inm₂indicating an indicator at a middle-level object m₂, IPm₃indicating a range of IP address at a middle-level object m₃, pm₃indicating a range of port numbers at a middle-level object m₃, inm₃indicating an indicator at a middle-level object m₃, IPm_kindicating a range of IP address at a middle-level object m_k, an pm_kindicating a range of port numbers at a middle-level object m_k, inm_kindicating an indicator at a middle-level object m_n; and
      
      derive the low-level policy from the mapping M(a_i) and the high-level policy, the low-level policy stating ((M(a₁), p₁), (M(a_n), p_n)), where M(a₁) indicating mapping associated with the application a₁, p₁is a priority of the application a₁, M(a_n) indicating mapping associated with the application a_n, and p_nis a priority of the application a_n.

5. A computer program product comprising a non-transitory computer usable medium having computer readable program code means embodied therein for classifying network traffic, the computer program code means in said computer program product comprising computer readable program code means for causing a computer to effect steps of:
- finding a list of pairs ((a₁, p₁), . . . , (a_n, p_n)) as a high-level policy, where a_iis an application name and a corresponding p_iis a priority of the application a_i;
  
  mapping the application a_ito an IP address and a port number by finding a list of triples ((IPa₁, pa₁,in₁), . . . , (IPa_n, pa, in_n)) of low-level objects, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, and in_iis an indicator associated with the application a_i; and
  
  obtaining a low-level policy as (((IPa₁, pa₁, in₁), p₁), . . . , ((IPa_n, pa, in_n), p_n)) from the mapping and the high-level policy, where IPa_iis a range of IP address associated with the application a_i, pa_iis a range of port numbers associated with the application a_i, in_iis an indicator associated with the application a_i, and p_iis a priority of the application a_i.
- View Dependent Claims (6)
- - 6. The computer program product according to claim 5, wherein the steps further comprise:
    - finding a multi-tier dependency in a middle-level objects through which the application a_iare transmitted from a business layer to an IT (Information Technology) layer, the multi-tier dependency being expressed by a set {m₁, m₂, m₃, . . . , m_k}, where m_iindicating a middle-level object between the business layer and the IT layer;
      
      constructing a mapping from the high-level policy to a low-level policy by combining the multi-tier dependency and the list of pairs of low-level objects as M(a_i)={(IPm₁, pm_i, inm₁), (IPm₂, pm₂, inm₂), (IPm₃, pm₃, inm₃), . . . , (IPm_k, pm_k, inm_k)}, where M(a_i) indicating mapping associated with the application a_ifrom the high-level policy to the low-level policy, IPm₁indicating a range of IP address at a middle-level object m₁, pm₁indicating a range of port numbers at a middle-level object m₁, inm₁indicating an indicator at a middle-level object m₁, IPm₂indicating a range of IP address at a middle-level object m₂, pm₂indicating a range of port numbers at a middle-level object m₂, inm₂indicating an indicator at a middle-level object m₂, IPm₃indicating a range of IP address at a middle-level object m₃, pm₃indicating a range of port numbers at a middle-level object m₃, inm₃indicating an indicator at a middle-level object m₃, IPm_kindicating a range of IP address at a middle-level object m_k, an pm_kindicating a range of port numbers at a middle-level object m_k, inm_kindicating an indicator at a middle-level object m_n; and
      
      deriving the low-level policy from the mapping M(a_i) and the high-level policy, the low-level policy stating ((M(a₁), p₁), . . . , (M(a_n), p_n)), where M(a₁) indicating mapping associated with the application a₁, p₁is a priority of the application a₁, M(a_n) indicating mapping associated with the application a_n, and p_nis a priority of the application a_n.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Azagury, Alain C., Devarakonda, Murthy V., Joukov, Nikolai, Kumar, Manoj, Magoutis, Konstantinos, Pfitzmann, Birgit M., Vogl, Norbert G.
Primary Examiner(s)
Poltorak, Peter

Application Number

US12/134,933
Publication Number

US 20090307743A1
Time in Patent Office

1,544 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 2221/2101 Auditing as a secondary aspect

Method to automatically map business function level policies to it management policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Method to automatically map business function level policies to it management policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links