Method and apparatus for securely and dynamically modifying security policy configurations in a distributed system
First Claim
1. A method for managing security policies in a distributed computing system, wherein security policies determine access rights to a computer application, the method comprising:
- creating a plurality of security policies, wherein each security policy specifies a level of security for the distributed computing system;
distributing the plurality of security policies to each computer in the distributed computing system;
selecting a specific security policy from the plurality of security policies for use across the distributed computing system; and
informing each computer in the distributed computing system to use the specific security policy.
14 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing security policies in a distributed computing system. Security policies include, but are not limited to, a firewall policy, a policy for file access, a policy for application access, a policy for an encryption algorithm, a policy for audit trails, and a policy for activity logging. These security policies determine access rights to a computer application. The system operates by creating multiple security policies with individual security policies specifying a differing level of security for the distributed computing system. These security policies are then distributed to each computer in the distributed computing system. Next, a specific security policy is selected for use across the distributed computing system, and each computer in the distributed computing system is directed to use the specified security policy enforcing a selected security posture.
-
Citations
24 Claims
-
1. A method for managing security policies in a distributed computing system, wherein security policies determine access rights to a computer application, the method comprising:
-
creating a plurality of security policies, wherein each security policy specifies a level of security for the distributed computing system;
distributing the plurality of security policies to each computer in the distributed computing system;
selecting a specific security policy from the plurality of security policies for use across the distributed computing system; and
informing each computer in the distributed computing system to use the specific security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing security policies in a distributed computing system, wherein security policies determine access rights to a computer application, the method comprising:
-
creating a plurality of security policies, wherein each security policy specifies a level of security for the distributed computing system;
distributing the plurality of security policies to each computer in the distributed computing system;
selecting a specific security policy from the plurality of security policies for use across the distributed computing system; and
informing each computer in the distributed computing system to use the specific security policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
-
-
17. An apparatus that facilitates managing security policies in a distributed computing system, wherein security policies determine access rights to a computer application, the apparatus comprising:
-
a creating mechanism configured to create a plurality of security policies, wherein each security policy specifies a level of security for the distributed computing system;
a distributing mechanism configured to distribute the plurality of security policies to each computer in the distributed computing system;
a selecting mechanism configured to select a specific security policy from the plurality of security policies for use across the distributed computing system; and
an informing mechanism configured to inform each computer in the distributed computing system to use the specific security policy.
-
Specification