APPARATUS AND METHOD FOR MANAGING ACCESS TO ONE OR MORE NETWORK RESOURCES
First Claim
1. An apparatus comprising:
- a processor configured to receive a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU,wherein the processor is configured to determine whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including one or more access permissions to a particular user for accessing the respective network service, or for accessing a device hosting the respective network service, andwherein the processor is configured to instruct a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus is provided that includes a processor configured to receive a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU. The processor is also configured to determine whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including permissions to a particular user. The processor is further configured to instruct a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination. In this regard, the processor is configured to perform the above functions under control of a security framework implemented in middleware between a user-level domain and a system-level domain.
-
Citations
25 Claims
-
1. An apparatus comprising:
-
a processor configured to receive a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU, wherein the processor is configured to determine whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including one or more access permissions to a particular user for accessing the respective network service, or for accessing a device hosting the respective network service, and wherein the processor is configured to instruct a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU; determining whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including one or more access permissions to a particular user for accessing the respective network service, or for accessing a device hosting the respective network service; and instructing a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
-
a first executable portion configured to receive a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU; a second executable portion configured to determine whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including one or more access permissions to a particular user for accessing the respective network service, or for accessing a device hosting the respective network service; and a third executable portion configured to instruct a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus comprising:
-
a first means for receiving a captured traffic unit (CTU) intended for a network service, the CTU being one into which incoming traffic has been assembled based on a filter describing which incoming traffic to capture and how to assemble the respective incoming traffic into the CTU; a second means for determining whether to allow the CTU to pass to one or more applications configured to implement the respective network service based on a passlet including one or more access permissions to a particular user for accessing the respective network service, or for accessing a device hosting the respective network service; and a third means for instructing a firewall to allow the CTU to pass to the respective one or more applications or to reject the CTU based on the determination.
-
Specification