Method and System for Generating Data for Security Assessment

US 20090126022A1
Filed: 11/25/2005
Published: 05/14/2009
Est. Priority Date: 11/25/2004
Status: Abandoned Application

First Claim

Patent Images

1. A security assessment data generation method of generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the method comprising the steps of:

collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system;

receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user;

generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and

generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for creating data to be inputted to a security assessment system is provided with: a system configuration information collection unit for collecting system configuration information from an assessment object system; an attribute information input unit for receiving attribute information added to the system configuration information; an access policy generation unit for generating an access policy using the attribute information; and an assessment policy generation unit for generating an assessment policy representing an improper data migration path based on the access policy, the system configuration information and the attribute information.

50 Citations

View as Search Results

20 Claims

1. A security assessment data generation method of generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the method comprising the steps of:
- collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system;
  
  receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user;
  
  generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and
  
  generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information.
- View Dependent Claims (2)
- - 2. The method according to claim 1, further comprising a step for assessing, using a data migration path that indicates data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.

3. A security assessment data generation system for generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting that indicates a composite error of security settings in an assessment object system, the system comprising:
- system configuration information collection means for collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of said assessment object system;
  
  attribute information inputting means for receiving input of attribute information which is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user;
  
  access policy generation means for generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and
  
  assessment policy generation means for generating an assessment policy representing an improper data migration path based on said access policy generated by said access policy generation means, said system configuration information and said attribute information.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 19, 20)
- - 4. The system according to claim 3, wherein said attribute information inputting means is arranged so as to display the system configuration information collected by said system configuration information collection means and prompt an operator to enter said attribute information.
  - 5. The system according to claim 3, wherein said access policy generation means is arranged so as to display said attribute information as options and prompt an operator to select said attribute information, and to specify said migration source, said migration destination or said migration path according to the selected attribute information.
  - 6. The system according to claim 4, wherein said access policy generation means is arranged so as to display said attribute information as options and prompt the operator to select said attribute information, and to specify said migration source, said migration destination or said migration path according to the selected attribute information.
  - 7. The system according to claim 3, wherein said assessment policy generation means is arranged so as to generate the assessment policy by replacing the information regarding the migration source, the migration destination or the migration path in the access policy specified using said attribute information with information included in said system configuration information or said attribute information.
  - 8. The system according to claim 4, wherein said assessment policy generation means is arranged so as to generate the assessment policy by replacing the information regarding the migration source, the migration destination or the migration path in the access policy specified using said attribute information with information included in said system configuration information or said attribute information.
  - 9. The system according to claim 5, wherein said assessment policy generation means is arranged so as to generate the assessment policy by replacing the information regarding the migration source, the migration destination or the migration path in the access policy specified using said attribute information with information included in said system configuration information or said attribute information.
  - 10. The system according to claim 6, wherein said assessment policy generation means is arranged so as to generate the assessment policy by replacing the information regarding the migration source, the migration destination or the migration path in the access policy specified using said attribute information with information included in said system configuration information or said attribute information.
  - 11. The system according to claim 3, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 14. The system according to claim 4, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 15. The system according to claim 5, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 16. The system according to claim 6, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 17. The system according to claim 7, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 18. The system according to claim 8, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 19. The system according to claim 9, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.
  - 20. The system according to claim 10, further comprising assessment means for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.

12. A security assessment data generation program to be installed in a computer that generates an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the program causing said computer to execute processing for:
- collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system;
  
  receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user;
  
  generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path with respect to an improper data migration path; and
  
  generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information.
- View Dependent Claims (13)
- - 13. The program according to claim 12, causing said computer to further execute processing for assessing, using a data migration path indicating data migration in said assessment object system and said assessment policy, whether the data migration path in said assessment object system is appropriate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
SAKAKI, Hiroshi

Application Number

US11/791,673
Publication Number

US 20090126022A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/12 Protecting executable software

Method and System for Generating Data for Security Assessment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Generating Data for Security Assessment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links