Access authorization with anomaly detection
First Claim
Patent Images
1. A computer-readable storage medium whose contents cause a computer to:
- monitor a computer to detect an anomalous state in the computer; and
responsive to detecting an anomalous state in the computer, activate an application of a policy within the computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A facility for providing access authorization is provided. The facility initially enforces a first, less restrictive policy when making its access control decisions. Subsequent to detecting an anomaly, the facility enforces a second, more restrictive policy when making its access control decisions. The facility returns to enforcing the first, less restrictive policy when the anomaly no longer exists. In another embodiment, the facility enforces a policy after detecting an anomaly and until the anomaly has ended.
103 Citations
30 Claims
-
1. A computer-readable storage medium whose contents cause a computer to:
-
monitor a computer to detect an anomalous state in the computer; and
responsive to detecting an anomalous state in the computer, activate an application of a policy within the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
-
-
8. A computer-readable storage medium whose contents cause a computer to:
-
apply a first policy within a computer;
monitor the computer to detect an anomalous state in the computer; and
responsive to detecting an anomalous state in the computer, apply a second policy within the computer. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 29)
-
-
17. A computer-readable storage medium whose contents cause a computer to:
-
receive a first authorization query for a resource access by an application program;
return either an allow or a deny decision for the first authorization query by applying a first policy applicable to the application program;
detect an anomalous state;
subsequent to detecting the anomalous state, receive a second authorization query for a resource access by the application program; and
subsequent to detecting the anomalous state, return either an allow or a deny decision for the second authorization query by applying a second policy applicable to the application program. - View Dependent Claims (18)
-
-
19. A method in a computing system for applying a policy within a computer comprising:
-
receiving a first authorization query for a resource access by an application program;
providing a response to the first authorization query by applying a first policy appropriate for the application program;
detecting an anomalous state;
responsive to detecting an anomalous state, receiving a second authorization query for a resource access by the application program; and
providing a response to the second authorization query by applying a second policy appropriate for the application program. - View Dependent Claims (20, 21, 23)
-
-
22. One or more computer memories collectively containing a data structure suitable for a policy, the data structure comprising a first policy and a second policy, the first and second policies applicable to an application program, such that the first policy is applied to the application program in a first state, and the second policy is applied to the application program in a second state.
-
24. A system for applying a policy to determine authorization to access a resource, the system comprising:
-
a first policy applicable to a principal;
a second policy applicable to the principal; and
an authorization module operable to apply the first policy to the principal to determine whether the principal has authorization to perform a requested action on a computer in a non-anomalous state, the authorization module further operable to apply the second policy to the principal to determine whether the principal has authorization to perform the requested action on the computer in an anomalous state. - View Dependent Claims (25, 26, 27, 28)
-
-
30. A system for applying a policy to determine authorization to access a resource, the system comprising:
-
a first policy applicable to an application program running on a computer; and
an authorization module operable to not apply the first policy in determining whether the application program has authorization to perform a requested action on the computer in a non-anomalous state, the authorization module further operable to apply the first policy in determining whether the application program ahs authorization to perform the requested action on the computer in an anomalous state.
-
Specification