Method for the automatic setting and updating of a security policy

US 20050038881A1
Filed: 11/20/2003
Published: 02/17/2005
Est. Priority Date: 05/09/2002
Status: Active Grant

First Claim

Patent Images

1. A method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising:

a. Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system;

b. Periodically operating said at least one trusted source in order to periodically issue said report;

c. Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports;

d. Importing into said security correcting unit the attributes files of all the security packages;

e. Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and

f. Separately exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising: (a) Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system; (b) Periodically operating said at least one trusted source in order to periodically issue said report; (c) Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports; (d) Importing into said security correcting unit the attributes files of all the security packages; (e) Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and (f) Separately exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy.

Citations

18 Claims

1. A method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising:
- a. Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system;
  
  b. Periodically operating said at least one trusted source in order to periodically issue said report;
  
  c. Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports;
  
  d. Importing into said security correcting unit the attributes files of all the security packages;
  
  e. Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and
  
  f. Separately exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein:
    - a. The step of importing each trusted source report further comprises the step of transforming each report into a common format, and forming said consolidated file in said common format;
      
      b. The step of importing into said security correcting unit the attributes files of all the security packages further comprises the step of transforming each attributes file into said common format; and
      
      c. The step of separately exporting each of said updated attributes files and effecting the same as the active attributes file of the corresponding security package further comprises the step of transforming said attributes file from a common format into a package specific format, prior to said exporting.
  - 3. A method according to claim 1, wherein said updating is performed by further using a predefined set of logical rules, for deciding which update to effect and which to ignore.
  - 4. A method according to claim 1, wherein each of said reports comprises at least one attribute component.
  - 5. A method according to claim 2 wherein each of said issued reports is arranged in the corresponding trusted source specific format.
  - 6. A method according to claim 2 wherein each of said attributes files is arranged in the corresponding package specific format.
  - 7. A method according to claim 1, wherein each security package effects a security policy within its predefined range of responsibility, according to the content of its attributes file.
  - 8. A method according to claim 1, wherein one or more of the trusted sources is a security scanner.
  - 9. A method according to claim 1, wherein some or all of the steps involved in the updating are carried out in a semi-automatic manner, requiring the operator'"'"'s approval.
  - 10. A method according to claim 1, wherein some of the trusted sources are human, issuing a manual report.
  - 11. A method according to claim 1, wherein some of the attribute components included in the reports are attributes intended to eliminate known flaw cases, and some of the attribute components are attributes intended to eliminate unpredicted cases.
  - 12. A method according to claim 11, wherein the attributes in the reports intended to eliminate unexpected cases are attributes relating to the current structure of the system, which when recorded within an updated attributes files enforce a security policy bounded to said structure, rejecting activity deviated from said structure.

13. A system for creating and/or updating a security policy, comprising:
- a. At least one security package enforcing a security policy within a predefined range of responsibility, said policy being defined by means of a specific attributes file associated with each of said packages;
  
  b. At least one trusted source capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system;
  
  c. A security correcting unit for;
  
  importing said reports from all the trusted sources, and producing a consolidated file including information from all said reports; and
  
  importing the attributes files from all the security packages, separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, which is missing from the said attributes file, and is relevant to said attributes file, and exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A system according to claim 13 wherein the security correcting unit comprises:
    - At least one first importing modules for importing reports from each trusted source;
      
      A consolidation module for receiving each of said reports and forming one consolidated file containing information included in all said reports;
      
      At least one second importing modules for importing into the correcting unit from each security package its corresponding attributes file;
      
      A security policy creation module for comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and
      
      At least one exporting module for exporting each updated attributes file into its corresponding security package, thereby effecting an updated security policy.
  - 15. A system according to claim 14, further comprising at least one first transform modules for transforming each report from its trusted source specific format into a common format, at least one second transform modules for transforming each imported attributes security package from its package specific format into a common format, and at least one third transform modules for transforming each updated attributes file from a common format into its package specific format before its exportation into the corresponding package, and wherein the consolidated file is also arranged in said common format.
  - 16. A system according to claim 14 wherein the security policy creation module further comprises a set of predefined logical decision rules, for use while updating the attributes files.
  - 17. System according to claim 13, wherein one of the security packages is an Intrusion Detection System, whose set of signatures is stored within a file, said file being treated as the attributes file of a security package, and is therefore updated accordingly.
  - 18. System according to claim 13, wherein one of the security packages is an application switch, whose set of attributes that is used for direction being stored within a file, said file being treated by the system as an attributes file of a security package, and is therefore updated accordingly.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity US Holding LLC
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Ben-Itzhak, Yuval

Granted Patent

US 7,614,085 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Method for the automatic setting and updating of a security policy

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for the automatic setting and updating of a security policy

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links