Modelling network to assess security properties
First Claim
1. A method of using a data model of a network infrastructure, the model having nodes to represent parts of the network infrastructure, and having links to represent how the nodes influence each other, and the method having the steps of making a representation in the model of one or more alterations in the network infrastructure, and automatically deriving from the model either:
- changes in security properties of the network infrastructure resulting from the alteration;
or alterations in the network infrastructure which can enable a given change in the security properties.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of assessing a network uses a model (450) having nodes (100, 110) to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other. Dependencies or effects of the application services are found by determining paths through the nodes and links of the model (530). Such assessment can be useful for design, test, operations, and diagnosis, and for assessment of which parts of the infrastructure are critical to given services, or which services are dependent on, or could have an effect on a given part of the infrastructure. The dependencies or effects can encompass reachability information. The use of a model having links and nodes can enable more efficient processing, to enable larger or richer models. What changes in the dependencies or effects result from a given change in the network can be determined (830).
-
Citations
29 Claims
-
1. A method of using a data model of a network infrastructure, the model having nodes to represent parts of the network infrastructure, and having links to represent how the nodes influence each other, and the method having the steps of making a representation in the model of one or more alterations in the network infrastructure, and automatically deriving from the model either:
-
changes in security properties of the network infrastructure resulting from the alteration;
oralterations in the network infrastructure which can enable a given change in the security properties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
- 15. A method of using a data model of a network infrastructure and application services arranged to use the network infrastructure, the model having nodes to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other, and the method having the steps of finding paths through the nodes and links of the model, and automatically deriving security properties of at least the application services from the determined paths.
-
26. A network having a network infrastructure and application level services, and the computer program of claim 26.
-
27. A database having a model of at least some of a network, the model having nodes to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other, arranged such that dependencies or effects of the application services can be determined from paths through the nodes and links of the model.
-
28. A method of using a data model of a network infrastructure or application services, the model having nodes to represent parts of the network infrastructure and application services, and having links to represent how the nodes influence each other, at least the links being represented by object oriented elements and the method having the steps of determining paths through the nodes and links of the model, and deriving security properties of the network infrastructure or application services from the paths.
-
29. A network substantially as described herein with reference to the figures.
Specification