Testing cloud application integrations, data, and protocols

US 10,713,365 B2
Filed: 09/28/2018
Issued: 07/14/2020
Est. Priority Date: 09/28/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising, at a computer system of a security management system:

obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service;

parsing an action from the list of actions to determine a list of fields included in the action;

identifying a field from the list of fields, wherein an identity of the field describes data included in the field;

generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action;

generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario;

generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields;

generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and

inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are systems, methods, and computer-readable medium for a simulation platform that can generate simulated activity data for testing a security monitoring and control system. In various examples, the simulation platform can parse the activity data from a cloud service to determine the fields associated with each action in the activity data. The simulation platform can then generate a template, where each entry in the template describes an action and the fields associated with the action. The simulation platform can further generate a configuration that describes a test scenario. The simulation platform can use the configuration and the template to generate the particular action, including randomizing some or all of the fields of the action. When input into the security monitoring and control system, the system can operate on the simulated activity data in the same way as when the system ingests live activity data.

Citations

20 Claims

1. A computer-implemented method comprising, at a computer system of a security management system:
- obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service;
  
  parsing an action from the list of actions to determine a list of fields included in the action;
  
  identifying a field from the list of fields, wherein an identity of the field describes data included in the field;
  
  generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action;
  
  generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario;
  
  generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields;
  
  generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and
  
  inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein identifying the field includes matching contents of the field against a pattern from a plurality of patterns.
  - 3. The computer-implemented method of claim 1, wherein identifying the field includes inputting contents of the field into a machine learning model, wherein the machine learning model associates fields having different formats with a same identity.
  - 4. The computer-implemented method of claim 1, further comprising:
    - generating additional simulated actions, each additional simulated action having fields determined using the template and different randomized values for the fields, wherein the simulated activity data includes the additional simulated actions.
  - 5. The computer-implemented method of claim 1, wherein the template is associated with the cloud service, and further comprising:
    - generating a different template for a different cloud service; and
      
      generating different activity data using the different template and the configuration.
  - 6. The computer-implemented method of claim 1, further comprising:
    - generating a second configuration associated with a second test scenario; and
      
      generating different activity data using the second configuration and the template.
  - 7. The computer-implemented method of claim 1, further comprising:
    - inputting the activity data into the security management system concurrent with the simulated activity data.
  - 8. The computer-implemented method of claim 1, wherein the test scenario is a violation of a security policy, and wherein the security management system determines that the simulated action violates the security policy.
  - 9. The computer-implemented method of claim 1, wherein the test scenario is anomaly detection, and wherein the security management system determines that the simulated action is anomalous.

10. A computing system of a security management system, comprising:
- one or more processors; and
  
  a memory coupled to and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
  
  obtaining activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service;
  
  parsing an action from the list of actions to determine a list of fields included in the action;
  
  identifying a field from the list of fields, wherein an identity of the field describes data included in the field;
  
  generating a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action;
  
  generating a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario;
  
  generating a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields;
  
  generating simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and
  
  inputting the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computing system of claim 10, wherein identifying the field includes matching contents of the field against a pattern from a plurality of patterns.
  - 12. The computing system of claim 10, wherein identifying the field includes inputting contents of the field into a machine learning model, wherein the machine learning model associates fields having different formats with a same identity.
  - 13. The computing system of claim 10, wherein the memory further includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including:
    - generating additional simulated actions, each additional simulated action having fields determined using the template and different randomized values for the fields, wherein the simulated activity data includes the additional simulated actions.
  - 14. The computing system of claim 10, wherein the template is associated with the cloud service, and wherein the memory further includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including:
    - generating a different template for a different cloud service; and
      
      generating different activity data using the different template and the configuration.
  - 15. The computing system of claim 10, further comprising:
    - generating a second configuration associated with a second test scenario; and
      
      generating different activity data using the second configuration and the template.
  - 16. The computing system of claim 10, wherein the memory further includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including:
    - inputting the activity data into the security management system concurrent with the simulated activity data.

17. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors of a computing system of a security management system, cause the one or more processors to:
- obtain activity data from a service provider system, wherein the activity data includes a list of actions performed during use of a cloud service, wherein actions in the list of actions are performed by one or more users associated with a tenant, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to use the cloud service;
  
  parse an action from the list of actions to determine a list of fields included in the action;
  
  identify a field from the list of fields, wherein an identity of the field describes data included in the field;
  
  generate a template for the action, the template including a data structure storing the identity of the field, wherein the template further includes a data structure describing a format of the action;
  
  generate a configuration associated with a test scenario, the configuration including a reference to the template and a description of an action associated with the test scenario;
  
  generate a simulated action for the action described in the configuration, wherein generating the simulated action includes using the template to determine fields for the action and an output structure for the action, and wherein generating the simulated action includes using a test description to select values for the fields;
  
  generate simulated activity data that includes the simulated action, wherein the simulated activity data has a same format as the activity data; and
  
  input the simulated activity data into the security management system, wherein the security management system operates on the simulated activity data to determine whether actions included in the simulated activity data include use of the cloud service that constitutes a security risk, and wherein the simulated action causes the security management system to perform a particular operation, wherein the particular operation is associated with the test scenario.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium of claim 17, wherein identifying the field includes matching contents of the field against a pattern from a plurality of patterns.
  - 19. The non-transitory computer-readable medium of claim 17, wherein identifying the field includes inputting contents of the field into a machine learning model, wherein the machine learning model associates fields having different formats with a same identity.
  - 20. The non-transitory computer-readable medium of claim 17, further comprising instructions that, when executed by the one or more processors, cause the one or more processors to:
    - generate additional simulated actions, each additional simulated action having fields determined using the template and different randomized values for the fields, wherein the simulated activity data includes the additional simulated actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Biswas, Kamalendu, Bhatia, Gaurav, Prasad, Shachi, Doddi, Kiran Shriniwas
Primary Examiner(s)
Kudirka, Joseph R

Application Number

US16/147,157
Publication Number

US 20190095320A1
Time in Patent Office

655 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3457   Performance evaluation by s...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2201/86   Event-based monitoring

G06F 2221/034   Test or assess a computer o...

Testing cloud application integrations, data, and protocols

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Testing cloud application integrations, data, and protocols

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links