METHOD AND SYSTEM FOR DISTRIBUTING SECURITY POLICIES

US 20090172774A1
Filed: 03/11/2009
Published: 07/02/2009
Est. Priority Date: 11/19/2004
Status: Active Grant

First Claim

Patent Images

1-30. -30. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

38 Citations

View as Search Results

50 Claims

1-30. -30. (canceled)

31. A computer-readable storage medium containing instructions for controlling a computing device to distribute rules of security policies to enforcement engines executing on the computing device for enforcing the security policies, by a method comprising:
- providing at the computing device enforcement engines that implement different layers of security enforcement;
  
  receiving and storing at the computing device security policies having rules, each rule having a rule type;
  
  under control of a firewall agent executing on the computing device,retrieving the stored security policies; and
  
  for rules of a retrieved security policy,identifying an enforcement engine to which a rule applies based on the rule type of the rule; and
  
  providing the rule to the identified enforcement engine; and
  
  under control of the enforcement engines executing on the computing device,storing the rules provided to the enforcement engine by the firewall agent;
  
  under control of a flow manager executing on the computing device,receiving a network event;
  
  identifying an enforcement engine that is responsible for enforcing its rules against the network event; and
  
  providing the network event to the identified enforcement engine;
  
  under control of the enforcement engines executing on the computing device,when a network event is provided to the enforcement engine, enforcing the rules provided to the enforcement engine by the firewall agent against the network event provided by the flow manager,wherein the firewall agent provides a mechanism for distributing the rules to multiple enforcement engines of the computing device, the flow manager distributes network events to enforcement engines, and each enforcement engine enforces its provided rules against the network events that it is provided.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 32. The computer-readable storage medium of claim 31 wherein the security policies are received from policy computer system that distributes the security policies for multiple computing devices.
  - 33. The computer-readable storage medium of claim 31 wherein the enforcement engines provide a layered firewall.
  - 34. The computer-readable storage medium of claim 31 wherein the enforcement engines include a behavior blocking security component.
  - 35. The computer-readable storage medium of claim 31 wherein an enforcement engine includes subcomponents and wherein upon being provided with a rule, the enforcement engine provides the rule to a subcomponent.
  - 36. The computer-readable storage medium of claim 31 wherein at least one enforcement engine executes in kernel mode and at least one enforcement engine executes in user mode.
  - 37. The computer-readable storage medium of claim 31 wherein the firewall agent includes a user-mode subcomponent and a kernel-mode subcomponent, and the user-mode subcomponent distributes rules to the kernel-mode subcomponent for providing the rules to enforcement engines that execute in kernel mode.
  - 38. The computer-readable storage medium of claim 31 wherein a flow manager component intercepts network events at the various layers and invokes an enforcement engine associated with a layer to enforce the rules for that layer.
  - 39. The computer-readable storage medium of claim 38 wherein a single flow manager component handles network events from multiple layers.
  - 40. The computer-readable storage medium of claim 38 wherein a flow manager component handles network events from only one layer.
  - 41. The computer-readable storage medium of claim 31 wherein enforcement engines provide for security at various layers of a network protocol stack.

43. A computer-readable storage medium containing instructions for controlling a host computer system to distribute rules of security policies to enforcement engines for enforcing the security policies of the host computer system, comprising:
- multiple enforcement engines that implement different layers of firewall security enforcement at the host computer system by receiving and enforcing rules of security policies;
  
  a firewall agent component that receives at the host computer system security policies having rules, each rule having a rule type, that identifies enforcement engines to which a rule applies based on the rule type of the rule and that provides the rule to the identified enforcement engine; and
  
  a flow manager component that intercepts network events and invokes an appropriate enforcement engine to enforce its rules against the network eventwherein a mechanism is provided for distributing the rules to the layered enforcement engines of the host computer system.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50)
- - 44. The computer-readable storage medium of claim 43 wherein the security policies are received from a policy computer-readable storage medium that distributes the security policies for multiple host computer-readable storage mediums.
  - 45. The computer-readable storage medium of claim 43 wherein the enforcement engine includes a behavior blocking security component.
  - 46. The computer-readable storage medium of claim 43 wherein an enforcement engine includes subcomponents and wherein upon being provided with a rule, the enforcement engine provides the rule to a subcomponent.
  - 47. The computer-readable storage medium of claim 43 wherein at least one enforcement engine executes in kernel mode and at least one enforcement engine executes in user mode.
  - 48. The computer-readable storage medium of claim 43 wherein the component that provides the rules to the enforcement engines includes a user-mode subcomponent and a kernel-mode subcomponent, and the user-mode subcomponent distributes rules to the kernel-mode subcomponent for providing the rules to enforcement engine that execute in kernel mode.
  - 49. The computer-readable storage medium of claim 43 including a flow manager component that intercepts network events at the various layers and invokes an enforcement engine associated with a layer to enforce the rules for that layer.
  - 50. The computer-readable storage medium of claim 49 wherein a single flow manager component handles network events from multiple layers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nagampalli, Narasimha Rao S.S., Youngblut, Eric E., Lin, Yun, Sheth, Sachin C., Ivanov, Maxim A., Koti, Shirish R., Paleologu, Emanuel

Granted Patent

US 7,831,826 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/20   for managing network securi...

METHOD AND SYSTEM FOR DISTRIBUTING SECURITY POLICIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR DISTRIBUTING SECURITY POLICIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links