Determining a merged security policy for a computer system
First Claim
1. At least one computer-readable medium having encoded thereon computer-executable instructions which, when executed, perform a method, the method comprising:
- (A) retrieving a plurality of security policies;
(B) merging the plurality of security policies into a merged security policy; and
(C) determining whether at least one operation will be effective in view of the merged security policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.
71 Citations
20 Claims
-
1. At least one computer-readable medium having encoded thereon computer-executable instructions which, when executed, perform a method, the method comprising:
-
(A) retrieving a plurality of security policies; (B) merging the plurality of security policies into a merged security policy; and (C) determining whether at least one operation will be effective in view of the merged security policy. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for use in a computer environment comprising at least one computer system and a plurality of security facilities that each implements at least one security policy applicable to the computer system, the apparatus comprising:
at least one processor programmed to; receive at least one input regarding at least one operation, retrieve at least two security policies from the plurality of security facilities, determine a merged security policy by aggregating the at least two security policies, and determine whether the at least one operation will be effective in view of the merged security policy. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A method for use in a computer environment comprising at least one computer system and a plurality of security facilities that each implements at least one security policy for the computer system, wherein the plurality of security facilities comprises a first security facility, the method comprising acts of:
(A) determining whether a merging of a plurality of security policies specified for the computer system permits at least one first security policy specified to be implemented via the first security facility to be effective in the computer system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
Specification