Implementing Security Policies in Software Development Tools
First Claim
1. ) A computer-readable medium encoded with a information flow control framework computer program, wherein execution of said “
- computer program”
by one or more processors causes said “
one or more processors”
to perform the steps of;
a) receiving raw information flow requirements;
b) creating a information flow requirement representations from said “
raw information flow requirements”
using a language;
c) creating propagated information flow requirements by propagating said “
information flow requirement representations”
to a subject hierarchy;
d) creating enumerated information flow requirements by enumerating possible direct and indirect information flow requirements derived from said information flow requirement representations and propagated information flow requirements;
e) generating a filtered enumerated information flow requirements by filtering said “
enumerated information flow requirements”
;
f) ensuring that said “
filtered enumerated information flow requirements”
are consistent with an information flow policy.
0 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an access and information flow control framework that includes a series of phases. The first phase includes: receiving raw authorization requirement(s); creating authorization requirement representation(s) from the raw authorization requirement(s) using a language; and analyzing the authorization requirement representation(s) to ensure that they are consistent and conflict-free. The second phase includes: creating case authorization(s) from the authorization requirement representation(s) and validating consistency between the authorization requirement representation(s) and the use case authorization(s). The use case authorization may be created by propagating the authorization requirement representation(s) to a subject hierarchy; enumerating implicit authorization(s) derived from the authorization requirement representation(s); resolving inconsistencies in the use case authorization(s); and completing incomplete use case authorization(s). The third phase includes: receiving raw information flow requirement(s); creating information flow requirement representation(s) from the raw information flow requirement(s) using a language; creating propagated information flow requirement(s) by propagating the information flow requirement representation(s) to a subject hierarchy; creating at least one enumerated information flow requirement by enumerating possible direct and indirect information flow requirement(s) derived from the information flow requirement representation(s) and the propagated information flow requirement”; generating filtered enumerated information flow requirement(s) by filtering enumerated information flow requirement(s); and ensure that the filtered enumerated information flow requirement(s) are consistent with an information flow policy. The fourth phase includes: creating operation authorization(s); resolving inconsistencies in the operation authorization(s); and ensuring that the operation authorization(s) are conflict-free; and handling errors in any of the earlier phases.
-
Citations
3 Claims
-
1. ) A computer-readable medium encoded with a information flow control framework computer program, wherein execution of said “
- computer program”
by one or more processors causes said “
one or more processors”
to perform the steps of;a) receiving raw information flow requirements; b) creating a information flow requirement representations from said “
raw information flow requirements”
using a language;c) creating propagated information flow requirements by propagating said “
information flow requirement representations”
to a subject hierarchy;d) creating enumerated information flow requirements by enumerating possible direct and indirect information flow requirements derived from said information flow requirement representations and propagated information flow requirements; e) generating a filtered enumerated information flow requirements by filtering said “
enumerated information flow requirements”
;f) ensuring that said “
filtered enumerated information flow requirements”
are consistent with an information flow policy. - View Dependent Claims (2, 3)
- computer program”
Specification