System and method to protect a resource using an active avatar
First Claim
1. A method for protecting a data source in a physical computing environment, the data source associated with an owner, comprising:
- associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier;
associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;
on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and
upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment.
1 Assignment
0 Petitions
Accused Products
Abstract
A data source owner in a computing system protects that source via a “virtual” or surrogate entity or “avatar.” The entity is an object whose presence in the system is human-like, and it is given the specific task of protecting the data source for the owner. The avatar is associated with (or defined by) a non-human userid that has the same accesses and privileges of all (or defined) users, user groups and other resources that have access to the data source to be protected. During an initial setup, one or more actions to be performed by the non-human userid upon an occurrence of an actionable event with respect to the data source are specified, and a “baseline” associated with the data source is determined. Following setup, a monitor process is executed under the non-human userid, and this process records one or more accesses to the data source. Periodically, or upon a given occurrence, the monitor process spawns one or more ancillary processes to determine whether an actionable event has been triggered. If the avatar'"'"'s monitoring efforts indicate an actionable event (such as an access violation), an action as defined in an action matrix is taken. The action typically includes reporting to the data source owner and, optionally, a security administrator, and restricting access to the data source.
-
Citations
23 Claims
-
1. A method for protecting a data source in a physical computing environment, the data source associated with an owner, comprising:
-
associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier; associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source; on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a set of operations to protect a data source in a physical computing environment, the data source associated with an owner, the operations comprising; associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier; associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source; on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a set of operations to protect a data source in a physical computing environment, the operations comprising:
-
associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier; associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source; on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A security server operative in a multi-component physical computing system that includes a mainframe operating system, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to protect a data source in the physical computing system according to the following operations; receiving a request to create a non-human userid associated with the data source, the non-human userid having an aggregate set of access rights and privileges in the physical computing system created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing system, the non-human userid being an actual human-like presence in the physical computing system with actual access rights and privileges with respect to the data source; associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source; generating a baseline of permissible events associated with the data source; on behalf of an owner of the data source, and in the physical computing system, using an avatar to monitor the data source in the physical computing system against the baseline, wherein monitoring of the data source is enabled by the non-human userid'"'"'s actual presence in the physical computing environment; and upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing system.
-
Specification