System and method of defining the security condition of a computer system
First Claim
Patent Images
1. A method of defining the security condition of a computer system, comprising:
- specifying an identity of an attack;
specifying at least one attribute of the specified attack;
specifying at least one policy definition with respect to the specified attack; and
specifying at least one attribute of the specified policy definition.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention comprises a method of defining security conditions of a computer system. The method comprises the steps of specifying an identity of attack, specifying at least one attribute of the specified attack, and specifying at least one policy definition with respect to the specified attack, specifying at least one attribute of the specified policy definition.
-
Citations
29 Claims
-
1. A method of defining the security condition of a computer system, comprising:
-
specifying an identity of an attack;
specifying at least one attribute of the specified attack;
specifying at least one policy definition with respect to the specified attack; and
specifying at least one attribute of the specified policy definition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of defining vulnerability conditions of a system coupled to a global network, comprising:
-
specifying a name of an attack associated with a vulnerability of the system;
specifying at least one attribute of the specified attack, and the severity of the specified attack associated with a breach of the computer system by the specified attack;
specifying a policy definition with respect to the specified attack;
specifying at least one attribute of the specified policy definition;
specifying a computing platform of the system. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A system of defining security conditions of a computer system, comprising:
-
a vulnerability description file containing a definition of at least one attack and a definition of at least one policy item for the attack;
an interpreter operable to parse the at least one attack and at least one policy item definition in the vulnerability description file and organize the parsed definitions pursuant to a predetermined format; and
a data storage operable to store the parsed and organized at least one attack and at least one policy item definition, wherein the data storage is accessible by at least one security application. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification