Grid security intrusion detection configuration mechanism

US 8,863,278 B2
Filed: 05/28/2008
Issued: 10/14/2014
Est. Priority Date: 05/28/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system, comprising:

a grid cluster comprising hardware devices in the form of at least a root computer node in communication with a non-root computer node through a network connection;

a security agent local to the non-root node to monitor security for the non-root node and to respond to a detected security violation of the non-root node, wherein monitoring security for the non-root node by the security agent includes controlling access to resources associated with the non-root node;

a security controller local to the root node to monitor security for the non-root node through the security agent of the non-root node and a second security agent local to the root node, wherein the security agent of the non-root node communicates the detected security violation to the security controller, the security controller to determine a response to the security violation including removal of the non-root node from the grid cluster;

a component table local to the non-root node, the component table to identify an application and at least one characteristic of the application within the non-root node;

an agent environment table local to the non-root node, the agent environment table to reference all executable programs for all applications registered in the component table, with each application having a security level setting and identified services; and

a set of rules in said environment table to manage control of a security violation, the rules to dictate a first class of violations for management by a tool local to the non-root node subject to the violation and a second class of violations for management by the security controller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and article of manufacture are provided to support security in a distributed grid computer cluster. Each non-node root node in the cluster is configured with a local security agent, and the root node is configured with a security controller to manage each of the security agents of each non-root node. The security agent of each non-root node is in communication with an associated configuration file that contains data private to the respective non-root node, to allow the security agent to manage security local to the node. The security controller of the root node is in communication with a controller configuration file that contains data that applies to all security agents in the grid cluster, to allow the controller to manage the security agents.

Citations

11 Claims

1. A computer system, comprising:
- a grid cluster comprising hardware devices in the form of at least a root computer node in communication with a non-root computer node through a network connection;
  
  a security agent local to the non-root node to monitor security for the non-root node and to respond to a detected security violation of the non-root node, wherein monitoring security for the non-root node by the security agent includes controlling access to resources associated with the non-root node;
  
  a security controller local to the root node to monitor security for the non-root node through the security agent of the non-root node and a second security agent local to the root node, wherein the security agent of the non-root node communicates the detected security violation to the security controller, the security controller to determine a response to the security violation including removal of the non-root node from the grid cluster;
  
  a component table local to the non-root node, the component table to identify an application and at least one characteristic of the application within the non-root node;
  
  an agent environment table local to the non-root node, the agent environment table to reference all executable programs for all applications registered in the component table, with each application having a security level setting and identified services; and
  
  a set of rules in said environment table to manage control of a security violation, the rules to dictate a first class of violations for management by a tool local to the non-root node subject to the violation and a second class of violations for management by the security controller.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, further comprising the security controller to verify configuration across all security agents in the grid cluster.
  - 3. The system of claim 1, further comprising a backup security controller to manage the security agent of the non-root node in the event of failure of the security controller.
  - 4. The system of claim 1, further comprising a security controller configuration file in communication with the root node, the file to provide topology of the grid cluster and to identify each non-root node in the cluster.

5. A method for managing security in a grid cluster, comprising:
- configuring the grid cluster with at least a root node in communication with a non-root node through a network connection;
  
  monitoring security of the non-root node local to the non-root node through a local security agent, including responding to a detected security violation of the non-root node, wherein the security agent controls access to resources associated with the non-root node;
  
  monitoring security for the non-root node through a security controller of the root node and through the security agent of the non-root node and a second security agent local to the root node, wherein the security agent of the non-root node communicates the detected security violation to the security controller, the security controller determining a response to the security violation including removing the non-root node from the grid cluster;
  
  configuring a component table local to the non-root node for identifying an application and at least one characteristic of the application within the non-root node;
  
  providing an agent environment table local to the non-root node, the table referencing all executable programs for all application registered in the component table, with each application having a security level setting and identified services; and
  
  managing control of a security violation through a set of rules in said environment table, including dictating a first class of violations for management by a tool local to the non-root node subject to the violation and a second class of violations for management by the security controller.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, further comprising managing said security agent of the non-root node by the security controller local to the root node, including verifying configuration across all security agents in the grid cluster.
  - 7. The method of claim 5, further comprising managing the security agent of the non-root node in the event of failure of the security controller through a backup controller.

8. An article comprising:
- a computer-readable device including computer program instructions configured to manage security for a grid cluster, the instructions comprising;
  
  instructions to configure the grid cluster with at least a root node in communication with a first non-root node through a network connection;
  
  instructions to monitor security of the non-root node local to the non-root node through a local security agent, including responding to a detected security violation local to the non-root node, wherein the security agent controls access to resources associated with the non-root node;
  
  instructions to monitor security of the non-root node local to the root node through a security controller local to the root node, wherein the security agent of the non-root node communicates the detected security violations to the security controller, the security controller determining a response to the security violation including removing the non-root node from the grid cluster;
  
  instructions to configure a component table local to the non-root node, the component table to identify an application and at least one characteristic of the application within the non-root node;
  
  instructions to provide an agent environment table local to the non-root node, the table referencing all executable programs for all applications registered in the component table, with each component having a security level setting and identified services; and
  
  instructions in the environment table to manage control of a security violation, the instructions dictating a first class of violations for management by a tool local to the non-root node subject to the violation, and a second class of violations for management by the security controller.
- View Dependent Claims (9, 10, 11)
- - 9. The article of claim 8, further comprising instructions local to the root node to verify configuration across all security agents in the grid cluster.
  - 10. The article of claim 8, further comprising instructions to support the security controller with a backup controller to manage the security agent of the non-root node in the event of failure of the security controller.
  - 11. The article of claim 8, further comprising a security configuration file local to the root node, the security configuration file to provide topology of the grid cluster and to identify each non-root node in the grid cluster.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chitor, Ramesh V., Jaji, Sebnem, Keung, Nam S., Riviere, Michel P., Strauss, Christopher J.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US12/127,882
Publication Number

US 20090300760A1
Time in Patent Office

2,330 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 9/5072   Grid computing

Grid security intrusion detection configuration mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Grid security intrusion detection configuration mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links