Method and system for dynamic refinement of security policies

US 20030226038A1
Filed: 12/31/2002
Published: 12/04/2003
Est. Priority Date: 12/31/2001
Status: Abandoned Application

First Claim

Patent Images

1. A computerized method for dynamically refining a security policy rule set, the method comprising:

aggregating a plurality of log entries from one or more log files to a create a single set of log entries;

grouping the log entries in the single set according to common characteristics; and

analyzing the groups of log entries to amend the security policy rule set.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method is described for dynamically refining a security policy rule set. The security policy rule set is used to define legal and illegal actions to be taken on an application running a server from clients. The method involves aggregating a plurality of log entries from one or more log files to create a single set of log entries, grouping the log entries in the single set according to common characteristics and analyzing the groups of log entries to amend the security policy rule set. The method helps reduce the instances in which legal actions are rejected by the security policy rule set.

86 Citations

View as Search Results

22 Claims

1. A computerized method for dynamically refining a security policy rule set, the method comprising:
- aggregating a plurality of log entries from one or more log files to a create a single set of log entries;
  
  grouping the log entries in the single set according to common characteristics; and
  
  analyzing the groups of log entries to amend the security policy rule set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more error log entries.
  - 3. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more illegal requests as defined by the security policy rule set.
  - 4. The method of claim 1, wherein aggregating a plurality of log entries comprises aggregating one or more legal requests as defined by the security policy rule set.
  - 5. The method of claim 1, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more error log files.
  - 6. The method of claim 1, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more log files generated by an application server.
  - 7. The method of claim 1, wherein grouping the log entries comprises grouping the log entries according to the one or more of the characteristics of the group consisting of:
    - a mutation, a base, and a field.
  - 8. The method of claim 1, wherein amending the security policy rule set comprises creating a new rule in the security policy rule set.
  - 9. The method of claim 1, wherein amending the security policy rule set comprises amending an existing rule in the security policy rule set.
  - 10. The method of claim 9, wherein amending an existing rule comprises expanding a range of field properties associated with the existing rule.
  - 11. The method of claim 10, wherein expanding the range of field properties comprises expanding the range one or more fields properties from the group comprising:
    - a default field length, a default field value, a field value generalization to alpha numeric, a field value generalization to integer, a field value generalization to letter, a field value generalization to integer range, and a field value generalization to specific values.

12. An article of manufacture comprising a computer readable medium containing a program which when executed on a computer causes the computer to perform a method for dynamically refining a security policy rule set, the method comprising:
- aggregating a plurality of log entries from one or more log files to a create a single set of log entries;
  
  grouping the log entries in the single set according to common characteristics; and
  
  analyzing the groups of log entries to amend the security policy rule set.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more error log entries.
  - 14. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more illegal requests as defined by the security policy rule set.
  - 15. The article of manufacture of claim 12, wherein aggregating a plurality of log entries comprises aggregating one or more legal requests as defined by the security policy rule set.
  - 16. The article of manufacture of claim 12, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more error log files.
  - 17. The article of manufacture of claim 12, wherein aggregating a plurality of log entries from one or more log files comprises aggregating a plurality of log entries from one or more log files generated by an application server.
  - 18. The article of manufacture of claim 12, wherein grouping the log entries comprises grouping the log entries according to the one or more of the characteristics of the group consisting of:
    - a mutation, a base, and a field.
  - 19. The article of manufacture of claim 12, wherein amending the security policy rule set comprises creating a new rule in the security policy rule set.
  - 20. The article of manufacture of claim 12, wherein amending the security policy rule set comprises amending an existing rule in the security policy rule set.
  - 21. The article of manufacture of claim 20, wherein amending an existing rule comprises expanding a range of field properties associated with the existing rule.
  - 22. The article of manufacture of claim 21, wherein expanding the range of field properties comprises expanding the range one or more fields properties from the group comprising:
    - a default field length, a default field value, a field value generalization to alpha numeric, a field value generalization to integer, a field value generalization to letter, a field value generalization to integer range, and a field value generalization to specific values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Watchfire Corp. (Ontario) (International Business Machines Corporation)
Original Assignee
Watchfire Corp. (Ontario) (International Business Machines Corporation)
Inventors
Linhart, Chaim, Raanan, Gil

Application Number

US10/335,224
Publication Number

US 20030226038A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0263   Rule management

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Method and system for dynamic refinement of security policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

86 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for dynamic refinement of security policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

86 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links