Presented herein are systems and methods for an access control system deployable in an IT Infrastructure System (enterprise) to automatically discover an unmanaged IT asset or resource based on registration metadata stored in a CMDB; in response to discovery of the unmanaged IT resource, generating based on the registration metadata, in an LDAP server of the enterprise, an entitlement for one or more groups of enterprise users, wherein, for each of the one or more users or groups, the entitlement is embodied in an LDAP group name, wherein the LDAP group name is determined based on IT resource application metadata and/or on a pre-defined LDAP group naming convention; and mapping, based on the LDAP group name, the entitlement for each of the one or more users or groups to one or more specified target IT assets of the enterprise already registered, including software applications, or hardware including databases or servers.

One embodiment of the present invention provides a system for automatic configuration of a computing device in a content-centric network (CCN). During operation, the system sends, by the computing device on at least one of the computing device's faces, an interest in configuration information. The interest has a predetermined name prefix. The system then receives a content object in response to the interest. The content object includes at least a default name prefix, to which the computing device can send other interests. The system further configures the computing device based on the received content object.

Systems and methods for optimizing data communication in a network of moving things. As non-limiting examples, various aspects of this disclosure provide systems and methods for communicating delay tolerant information in a network of moving things, for example comprising any of a variety of types of vehicles (e.g., autonomous vehicles, vehicles controlled by local operators, vehicles controlled by remote operators, etc.).

Techniques are presented to identify malware communication with domain generation algorithm (DGA) generated domains. Sample domain names are obtained and labeled as DGA domains, non-DGA domains or suspicious domains. A classifier is trained in a first stage based on the sample domain names. Sample proxy logs including proxy logs of DGA domains and proxy logs of non-DGA domains are obtained to train the classifier in a second stage based on the plurality of sample domain names and the plurality of sample proxy logs. Live traffic proxy logs are obtained and the classifier is tested by classifying the live traffic proxy logs as DGA proxy logs, and the classifier is forwarded to a second computing device to identify network communication of a third computing device as malware network communication with DGA domains via a network interface unit of the third computing device based on the trained and tested classifier.

A tool that allows a CDN customer, partner, or other authorized entity to create a DNS canonical name (CNAME) on the content delivery network without having to contact the content delivery network service provider directly.

One embodiment of the present invention provides a system for automatic configuration of a computing device in a content-centric network (CCN). During operation, the system sends, by the computing device on at least one of the computing device's faces, an interest in configuration information. The interest has a predetermined name prefix. The system then receives a content object in response to the interest. The content object includes at least a default name prefix, to which the computing device can send other interests. The system further configures the computing device based on the received content object.

The Specific service instances are requested by a client via a client application. The request is received by a Domain Name System (DNS). The request is resolved by the DNS by determining from information recorded in a DNS system memory and conveyed in the request, a first type T1 of service and a first list L1 of service instances associated with the first type T1. The DNS then searches for a linked structure in a TXT resource record for the first type T1. The linked structure identifies another list L2 of service instances associated with a subtype T2 of service. Then iteratively, for i=2, . . . , N+1, N being a number of the subtypes of service associated with the first type T1 of service, searching a TXT resource record for a linked structure identifying a corresponding subtype Ti of service and identifying a list Li+1 of service instances associated with the subtype Ti+1.

Examples disclosed herein relate to naming of cloud components. The examples enable generating, for a first node of a cloud infrastructure comprising a plurality of nodes, a first node name associated with a first fixed Internet Protocol (IP) address that is assigned to the first node, the first node name identifying the cloud infrastructure and a first control plane to which the first node belongs; generating, for a second node of the cloud infrastructure, a second node name associated with a second fixed IP address that is assigned to the second node, the second node name identifying the cloud infrastructure and a second control plane to which the second node belongs; and causing information related to the cloud infrastructure to be published to the plurality of nodes of the cloud infrastructure, the information related to the cloud infrastructure comprising the first node name and the second node name.

Systems and methods for optimizing data communication in a network of moving things. As non-limiting examples, various aspects of this disclosure provide systems and methods for communicating delay tolerant information in a network of moving things, for example comprising any of a variety of types of vehicles (e.g., autonomous vehicles, vehicles controlled by local operators, vehicles controlled by remote operators, etc.).

One embodiment provides a system that facilitates forwarding of packets with variable length names. During operation, the system receives a packet with a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The system performs a longest prefix match lookup by selecting an entry from a first data structure of entries. The entries indicate a name component, forwarding information for the name component, and a plurality of entry identifiers that chain an entry to another entry. If a size of the name component is less than or equal to a predetermined threshold, the system selects an entry based on the name component. If the size is greater, the system selects an entry based on a compressed key which can be a hash of the name component. The system also resolves collisions associated with the selected entry.