Behavior model generator system for facilitating confirmation of intention of security policy creator
First Claim
1. An behavior model generator system comprising:
- policy storing means for storing a security policy including at least a transmission permission condition or a transmission prohibition condition for communicated data;
topology storing means for storing topology information which describes information on a device connected to a communication network to which a network access controller is connected, said network access controller performing at least an operation for permitting the communicated data to transmit or an operation for prohibiting the communicate data from transmitting; and
behavior model generating means for generating an behavior model based on the security policy stored in said policy storing means, said behavior model including data representative of the operation of said network access controller for each device described in the topology information.
1 Assignment
0 Petitions
Accused Products
Abstract
A policy normalizing means normalizes an entered security policy. Specifically, if the security policy does not include necessary items, the policy normalizing means compensates the security policy for the missing items by predefined values so that the security policy includes the necessary items. An behavior model generating means generates an behavior model representative of the operation of a network access controller based on the normalized security policy. In this event, the behavior model generating means generates an behavior model which is represented by a data structure that is not dependent on the type of the network access controller. A modifying means modifies the behavior model in accordance with a modification principle desired by an operator, and a configuration generating means generates configuration for the network access controller from the modified behavior model.
69 Citations
25 Claims
-
1. An behavior model generator system comprising:
-
policy storing means for storing a security policy including at least a transmission permission condition or a transmission prohibition condition for communicated data;
topology storing means for storing topology information which describes information on a device connected to a communication network to which a network access controller is connected, said network access controller performing at least an operation for permitting the communicated data to transmit or an operation for prohibiting the communicate data from transmitting; and
behavior model generating means for generating an behavior model based on the security policy stored in said policy storing means, said behavior model including data representative of the operation of said network access controller for each device described in the topology information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An behavior model generating method comprising the steps of:
-
policy storing means storing a security policy including at least a transmission permission condition or a transmission prohibition condition for communicated data;
topology storing means storing topology information which describes information on a device connected to a communication network to which a network access controller is connected, said network access controller performing at least an operation for permitting the communicated data to transmit or an operation for prohibiting the communicate data from transmitting; and
behavior model generating means generating an behavior model based on the security policy stored in said policy storing means, said behavior model including data representative of the operation of said network access controller for each device described in the topology information. - View Dependent Claims (22, 23, 24)
-
-
25. An behavior model generating program, when run on a computer comprising policy storing means for storing a security policy including at least a transmission permission condition or a transmission prohibition condition for communicated data, and topology storing means for storing topology information which describes information on a device connected to a communication network to which a network access controller is connected, said network access controller performing at least an operation for permitting the communicated data to transmit or an operation for prohibiting the communicate data from transmitting, causing said computer to execute processing for generating an behavior model based on the security policy stored in said policy storing means, said behavior model including data representative of the operation of said network access controller for each device described in the topology information.
Specification