Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
NZ769455B2 - Systems and method for automating workflows in a distributed system - Google Patents
[go: Go Back, main page]

NZ769455B2 - Systems and method for automating workflows in a distributed system - Google Patents

Systems and method for automating workflows in a distributed system

Info

Publication number
NZ769455B2
NZ769455B2 NZ769455A NZ76945519A NZ769455B2 NZ 769455 B2 NZ769455 B2 NZ 769455B2 NZ 769455 A NZ769455 A NZ 769455A NZ 76945519 A NZ76945519 A NZ 76945519A NZ 769455 B2 NZ769455 B2 NZ 769455B2
Authority
NZ
New Zealand
Prior art keywords
task
worker
request
queue
plugin
Prior art date
Application number
NZ769455A
Other versions
NZ769455A (en
Inventor
Vishal Dilipkumar Parikh
William Stuart Ratner
Akshar Rawal
Original Assignee
Thomson Reuters Enterprise Centre Gmbh
Filing date
Publication date
Priority claimed from US16/405,742 external-priority patent/US11487573B2/en
Application filed by Thomson Reuters Enterprise Centre Gmbh filed Critical Thomson Reuters Enterprise Centre Gmbh
Publication of NZ769455A publication Critical patent/NZ769455A/en
Publication of NZ769455B2 publication Critical patent/NZ769455B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/503Resource availability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/508Monitor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • G06F9/4806Task transfer initiation or dispatching
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it

Abstract

Methods and systems for automating execution of a workflow by integrating security applications of a distributed system into the workflow are provided. In embodiments, a system includes an application server in a first cloud, configured to receive a trigger to execute the workflow. The workflow includes tasks to be executed in a device of a second cloud. The application server sends a request to process the task to a task queue module. The task queue module places the task request in a queue, and a worker hosted in the device of the second cloud retrieves the task request from the queue and processes the task request by invoking a plugin. The plugin interacts with a security application of the device of the second cloud to execute the task, which yields task results. The task results are provided to the application server, via the worker and the task queue module.

Claims (20)

1. A system comprising: a task queue module; an application server hosted in a first cloud, the ation server configured to: receive a trigger to execute an information security (IS) ow, the IS workflow including at least one task to be executed in a device hosted in a second cloud; and send a task request to process the at least one task to a task queue ; the task queue module configured to place the task request in at least one request queue of a plurality of task request queues of the task queue module; and at least one worker hosted in the device hosted in the second cloud, the at least one worker configured to: monitor each task request queue of the plurality of task t queues for the task request; in response to a determination, by the at least one worker, that the at least one worker possesses sufficient resources to perform the at least one task corresponding to the task request, retrieve the task request from the at least one request queue of the task queue module; and process the task request, wherein the at least one worker configured to s the task request comprises the at least one worker further configured to: select at least one plugin from among a plurality of plugins based on a match between the at least one plugin and a task corresponding to the task request, wherein the ity of plugins are hosted in the second cloud, andinvoke the at least one plugin to execute the at least one task, wherein the at least one plugin is configured to interact with a security application by communicating with an application programming interface (API) of the security application, wherein execution of the at least one task yields task results, the at least one worker further configured to e the task results and push the task results into a result queue of the task queue module, the security application being an external ty application or a security application to which the device hosted in the second cloud has access, and the task queue module further configured to send the task results from the result queue to the application server.
2. The system of claim 1, wherein the application server is further configured to: receive at least one user input specifying configuration of the IS workflow, the configuration defining tasks to be executed to te execution of the IS workflow, the tasks including the at least one task; and configure, by a e learning module, the IS ow, defining the tasks to be executed to complete execution of the IS workflow, the tasks including the at least one task, the tasks determined by the machine learning module based on correlation of historical IS workflowrelated data.
3. The system of claim 1, wherein the at least one worker is further ured to: r the at least one request queue to identify tasks placed in the at least one t queue that the at least one worker is able to process.
4. The system of claim 3, wherein the at least one worker identifies tasks placed in the at least one request queue that the at least one worker is able to process based on one of: resources available at the at least one worker; and a type of task of the tasks placed in the at least one request queue.
5. The system of claim 3, wherein the at least one request queue includes a plurality of requests queues, and wherein the at least one worker is configured to monitor multiple requests queues of the plurality of requests queues.
6. The system of claim 3, wherein the at least one worker includes a plurality of workers, and n the at least one request queue is monitored by multiple workers of the plurality of workers.
7. The system of claim 1, n the at least one worker includes a plurality of workers, each worker of the ity of workers running in a different device.
8. The system of claim 1, wherein the configuration of the at least one worker to invoke the at least one plugin includes uration of the at least one worker to: determine whether the at least one plugin is running; in response to a first determination that the at least one plugin is not running: download the at least one plugin to a resource associated with the second device hosted in the second cloud; cause the at least one plugin to be executed; provide the task request to the at least one ; or in response to a second determination that the at least one plugin is running, provide the task request to the at least one plugin.
9. The system of claim 8, wherein the at least one plugin is cached for a subsequent task, such that the at least one plugin is running when the subsequent task is processed by the at least one worker.
10. The system of claim 1, wherein the configuration of the application server to send the task request to the task queue module includes uration of the application server to: encrypt the task request using a symmetric encryption key; encrypt the symmetric encryption key using a first asymmetric tion key associated with the task queue module; and send the encrypted task request and the encrypted symmetric encryption key to the task queue module.
11. The system of claim 10, wherein the task queue module is further configured to: decrypt the encrypted symmetric encryption key using a second asymmetric tion key associated with the task queue module; re-encrypt the symmetric tion key using a first asymmetric tion key associated with the at least one worker; and send the encrypted task request and the encrypted symmetric encryption key to the at least one worker.
12. The system of claim 1, wherein the configuration of the application server to send the task request to the task queue module includes configuration of the application server to generate an encrypted task request by encrypting the task request using a symmetric encryption key and the at least one worker is further configured to: decrypt the symmetric encryption key using a second asymmetric encryption key associated with the at least one worker; decrypt the encrypted task request using the ted symmetric encryption key; and process the decrypted task request.
13. The system of claim 11, wherein the symmetric encryption key is an advance encryption standard (AES) key, the first asymmetric encryption key associated with the task queue module is a public key of the task queue , the second asymmetric encryption key ated with the task queue module is a private key of the task queue , the first asymmetric encryption key associated with the at least one worker is a public key of the at least one worker, and the second asymmetric encryption key associated with the at least one worker is a private key of the at least one .
14. A method comprising: receiving, by an application server hosted in a first cloud, a trigger to execute an ation security (IS) workflow, the IS workflow including at least one task to be executed in a device hosted in a second cloud, wherein the application server is a component of a system; sending a task request to process the at least one task to a task queue module of the system; placing the task t in at least one request queue of a plurality of task request queues of the task queue module; monitoring each task request queue of the plurality of task request queues for the task request; in response to a determination, by at least one worker, that the at least one worker possesses sufficient resources to perform the at least one task ponding to the task request, retrieving, by the at least one worker hosted in the device hosted in the second cloud, the task request from the at least one request queue of the plurality of task request queues of the task queue module, wherein the at least one worker is an onal component of the system; processing the task request, wherein processing the task request comprises: selecting, by the at least one worker, at least one plugin from among a plurality of plugins based on a match between the at least one plugin and a task corresponding to the task request, wherein the plurality of plugins are hosted in the second cloud; and invoking, by the at least one worker, the at least one plugin to execute the at least one task; interacting, by the at least one plugin, with a ty application, via an application programming interface (API) of the security application, to execute the at least one task, the security application being an external security application or a security application that the device hosted in the second cloud has access to, n executing the at least one task yields task results; receiving, by the at least one worker, the task results; pushing the task results into a result queue of the task queue module; and sending, by the task queue , the task results from the result queue to the application server.
15. The method of claim 14, wherein the invoking the at least one plugin to execute the at least one task es: determining whether the at least one plugin is running; when the at least one plugin is ined not to be running: ading the at least one plugin to a resource associated with the second device hosted in the second cloud; causing the at least one plugin to be executed; providing the task request to the at least one plugin; and when the at least one plugin is determined to be running, providing the task request to the at least one plugin.
16. The method of claim 14, wherein the sending the task request to the task queue module includes: encrypting, by the application server, the task request using a ric encryption key; encrypting, by the application server, the symmetric encryption key using a first asymmetric encryption key associated with the task queue module to generate an ted symmetric encryption key; and sending, by the application server, the encrypted task request and the ted ric encryption key to the task queue module.
17. The method of claim 16, wherein the placing the task request in the at least one request queue includes: decrypting, by the task queue module, the encrypted symmetric encryption key using a second asymmetric encryption key associated with the task queue ; re-encrypting, by the task queue module, the symmetric tion key using a first asymmetric encryption key associated with the at least one worker; and sending, by the task queue module, the encrypted task request and the ted symmetric encryption key to the at least one worker.
18. The method of claim 17, n the retrieving the task request from the at least one request queue includes: decrypting, by the at least one worker, the encrypted symmetric encryption key using a second asymmetric encryption key associated with the at least one worker to generate a decrypted symmetric encryption key; decrypting, by the at least one worker, the encrypted task request using the decrypted symmetric encryption key; and processing, by the at least one worker, the ted task request.
19. The method of claim 18, wherein the symmetric encryption key is an advance encryption rd (AES) key, the first asymmetric encryption key associated with the task queue module is a public key of the task queue module, the second asymmetric encryption key associated with the task queue module is a private key of the task queue module, the first asymmetric encryption key associated with the at least one worker is a public key of the at least one worker, and the second tric encryption key associated with the at least one worker is a private key of the at least one worker.
20. A computer-based tool including non-transitory computer readable media having stored n er code which, when executed by a processor, causes a computing device to perform operations comprising: receiving, by an ation server hosted in a first cloud, a r to execute an information security (IS) workflow, the IS workflow including at least one task to be ed in a device hosted in a second cloud, wherein the application server is a component of a system; sending a task request to process the at least one task to a task queue module; placing the task request in at least one request queue of a plurality of task request queues of the task queue module; monitoring each task request queue of the plurality of task request queues for the task t; and in response to a determination, by at least one worker, that the at least one worker possesses sufficient resources to perform the at least one task corresponding to the task request, retrieving, by the at least one worker hosted in the device hosted in the second cloud, the task request from the at least one request queue of the task queue module, wherein the at least one worker is an additional component of the system; and processing the task request, wherein processing the task request includes: selecting, by the at least one , at least one plugin from among a plurality of plugins based on a match between the at least one plugin and a task corresponding to the task request, wherein the plurality of plugins are hosted in the second cloud; and invoking, by the at least one worker, the at least one plugin to execute the at least one task; cting, by the at least one plugin, with a security application of the device hosted in the second cloud, via an application programming interface (API) of the security application, to execute the at least one task, wherein ing the at least one task yields task results; receiving, by the at least one worker, the task results; pushing the task results into a result queue of the task queue module; and sending, by the task queue module, the task results from the result queue to the application server. .®_n_ ”ES? _C) SUBSTITUTE SHEET (RULE 26) ,__________________________________________________ ...... so; $2 255 EEO 253 @830 :Hzmg F 5 Ema/:25; c§%%§ 5332 $528 0&on 828528 __Hzmo< z Co 5on 3on ...... \__________________ ....... E wwcawmm wasmgfvaé? géggé éégégé s g om? 829,2 Tam/SEE G/BN ngw/iaocw ....... H. H mgem .A; ”$788535mm” 203$ ; qué? wig/Eggs mam/T635 u "mT? 2:2 £55 E05 32:53 @ wow E mom 23$ mmmua“ Egg E23323 52% $5223? 55m In. .................. Q2 e $233;ng ; g Q o: 5%; mmmmm._ SUBSTITUTE SHEET (RULE 26) EH 528% EEOO Ego2E E E :352E :Ea Egg 2EE 2EEa EE EEgo m_ WEEEEQ m EEu. E EEEE .®_n_ EEgQEE @5093 EE 3522.? E05 Egg EggE3E; Ea E; E E02, WEE EE Em528% cawm5%: 828% memo; m_ zo_._. SUBSTITUTE SHEET (RULE 26)
NZ769455A 2019-05-08 Systems and method for automating workflows in a distributed system NZ769455B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201862668349P 2018-05-08 2018-05-08
US16/405,742 US11487573B2 (en) 2018-05-08 2019-05-07 Systems and method for automating security workflows in a distributed system using encrypted task requests
PCT/IB2019/053795 WO2019215647A1 (en) 2018-05-08 2019-05-08 Systems and method for automating workflows in a distributed system

Publications (2)

Publication Number Publication Date
NZ769455A NZ769455A (en) 2025-02-28
NZ769455B2 true NZ769455B2 (en) 2025-06-04

Family

ID=

Similar Documents

Publication Publication Date Title
US11487573B2 (en) Systems and method for automating security workflows in a distributed system using encrypted task requests
Krämer et al. Implementing secure applications in smart city clouds using microservices
US8964990B1 (en) Automating key rotation in a distributed system
US9444819B2 (en) Providing context-based visibility of cloud resources in a multi-tenant environment
US10423449B2 (en) Allocating tasks in a computing environment
US8908868B1 (en) Key rotation with external workflows
US11283779B2 (en) System and method for securing sensitive information
US12321250B1 (en) Configurable telemetry data processing via observability pipelines
EP3777015A1 (en) Method, apparatus, and computer program product for encryption key management within a group-based communication system
US20120110330A1 (en) Automatic user credentials for remote support
US20200295923A1 (en) Detection and protection of data in api calls
US20210306327A1 (en) Securing sensitive historian configuration information
CN112954050B (en) Distributed management method and device, management equipment and computer storage medium
US20200134222A1 (en) Protecting Screenshots of Applications Executing in a Protected Workspace Container Provided in a Mobile Device
KR20200053286A (en) System and method for transmission of data in real time using multiple KAFKA
US20230421443A1 (en) Model and concept to automate processes across several it systems
CN114647868A (en) Secure computing method, apparatus, device, medium, and program product
US10469466B2 (en) Systems and methods for virtualization in distributed computing environment including a mobile monitor
NZ769455B2 (en) Systems and method for automating workflows in a distributed system
CN109711207B (en) Data encryption method and device
US12045662B2 (en) Data re-encryption for software applications
US20230102111A1 (en) Securing customer sensitive information on private cloud platforms
US11102187B2 (en) Systems and methods for managing workflow transactions including protected personal data in regulated computing environments
US10586034B2 (en) Network communication method and network communication system
CN115150293B (en) Interface data monitoring method and device