Applying Security Policies to Multiple Systems and Controlling Policy Propagation

US 20090187964A1
Filed: 01/18/2008
Published: 07/23/2009
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of attaching security policies to secured computing systems, the method comprising:

attaching a security policy to a parent domain, wherein;

the parent domain includes a first secured computing system; and

the security policy is a natural language description for controlling access to the secured computing system; and

upon determining that the parent domain propagates the security policy;

identifying a first generation child domain, wherein;

the first generation child domain includes a second secured computing system; and

the first generation child domain is associated with the parent domain in a hierarchical relationship;

determining that the first generation child domain inherits the security policy based on an inheritance rule; and

attaching the security policy to the first generation child domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for attaching security policies to secured computing systems is provided. A security policy is attached to a parent domain. The parent domain includes a first secured computing system. The security policy is a natural language description for controlling access to the secured computing system. Upon determining that the parent domain propagates the security policy, a first generation child domain is identified. The first generation child domain includes a second secured computing system. The first generation child domain is associated with the parent domain in a hierarchical relationship. It is determined that the first generation child domain inherits the security policy based on an inheritance rule. The security policy is attached to the first generation child domain.

61 Citations

View as Search Results

21 Claims

1. A computer-implemented method of attaching security policies to secured computing systems, the method comprising:
- attaching a security policy to a parent domain, wherein;
  
  the parent domain includes a first secured computing system; and
  
  the security policy is a natural language description for controlling access to the secured computing system; and
  
  upon determining that the parent domain propagates the security policy;
  
  identifying a first generation child domain, wherein;
  
  the first generation child domain includes a second secured computing system; and
  
  the first generation child domain is associated with the parent domain in a hierarchical relationship;
  
  determining that the first generation child domain inherits the security policy based on an inheritance rule; and
  
  attaching the security policy to the first generation child domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least:
    - the parent domain; and
      
      the first generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.
  - 3. The method of claim 1, further comprising:
    - determining that the security policy is attached to the first generation child domain based on the domain hierarchy, wherein the first generation child domain includes a secured system;
      
      translating the security policy such that the first secured system enforces the security policy, and the second secured system enforces the security policy.
  - 4. The method of claim 1, further comprising:
    - identifying a plurality of first generation child domains;
      
      determining whether each of the plurality of first generation child domains inherits the security policy based on a plurality of inheritance rules respectively associated with the plurality of first generation child domains; and
      
      if the respective first generation child domain inherits the security policy, attaching the security policy to the respective first generation child domain.
  - 5. The method of claim 1, further comprising:
    - attaching a second security policy to the parent domain;
      
      attaching the second security policy to the first generation child domain.
  - 6. The method of claim 1, further comprising:
    - upon determining that the inheritance rule specifies that the first generation child domain is bypassed, attaching the security policy to a second generation child domain, wherein the second generation child domain is associated with the first generation child domain in a hierarchical relationship.
  - 7. The method of claim 6, wherein:
    - a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least;
      
      the parent domain;
      
      the first generation child domain; and
      
      the second generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.

8. A computer readable medium containing a program which, when executed, performs an operation, comprising:
- attaching a security policy to a parent domain, wherein;
  
  the parent domain includes a first secured computing system; and
  
  the security policy is a natural language description for controlling access to the secured computing system; and
  
  upon determining that the parent domain propagates the security policy;
  
  identifying a first generation child domain, wherein;
  
  the first generation child domain includes a second secured computing system; and
  
  the first generation child domain is associated with the parent domain in a hierarchical relationship;
  
  determining that the first generation child domain inherits the security policy based on an inheritance rule; and
  
  attaching the security policy to the first generation child domain.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least:
    - the parent domain; and
      
      the first generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.
  - 10. The computer-readable storage medium of claim 8, further comprising:
    - determining that the security policy is attached to the first generation child domain based on the domain hierarchy, wherein the first generation child domain includes a secured system;
      
      translating the security policy such that the first secured system enforces the security policy, and the second secured system enforces the security policy.
  - 11. The computer-readable storage medium of claim 8, further comprising:
    - identifying a plurality of first generation child domains;
      
      determining whether each of the plurality of first generation child domains inherits the security policy based on a plurality of inheritance rules respectively associated with the plurality of first generation child domains; and
      
      if the respective first generation child domain inherits the security policy, attaching the security policy to the respective first generation child domain.
  - 12. The computer-readable storage medium of claim 8, further comprising:
    - attaching a second security policy to the parent domain;
      
      attaching the second security policy to the first generation child domain.
  - 13. The computer-readable storage medium of claim 8, further comprising:
    - upon determining that the inheritance rule specifies that the first generation child domain is bypassed, attaching the security policy to a second generation child domain, wherein the second generation child domain is associated with the first generation child domain in a hierarchical relationship.
  - 14. The computer-readable storage medium of claim 13, wherein:
    - a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least;
      
      the parent domain;
      
      the first generation child domain; and
      
      the second generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.

15. A system, comprising:
- a processor; and
  
  a memory, containing a program which, when executed by the processor;
  
  attaches a security policy to a parent domain, wherein;
  
  the parent domain includes a first secured computing system; and
  
  the security policy is a natural language description for controlling access to the secured computing system; and
  
  upon determining that the parent domain propagates the security policy;
  
  identifies a first generation child domain, wherein;
  
  the first generation child domain includes a second secured computing system; and
  
  the first generation child domain is associated with the parent domain in a hierarchical relationship;
  
  determines that the first generation child domain inherits the security policy based on an inheritance rule; and
  
  attaches the security policy to the first generation child domain.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least:
    - the parent domain; and
      
      the first generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.
  - 17. The system of claim 15, wherein the processor further:
    - determines that the security policy is attached to the first generation child domain based on the domain hierarchy, wherein the first generation child domain includes a secured system;
      
      translating the security policy such that the first secured system enforces the security policy, and the second secured system enforces the security policy.
  - 18. The system of claim 15, wherein the processor further:
    - identifies a plurality of first generation child domains;
      
      determines whether each of the plurality of first generation child domains inherits the security policy based on a plurality of inheritance rules respectively associated with the plurality of first generation child domains; and
      
      if the respective first generation child domain inherits the security policy, attaches the security policy to the respective first generation child domain.
  - 19. The system of claim 15, wherein the processor further:
    - attaches a second security policy to the parent domain;
      
      attaches the second security policy to the first generation child domain.
  - 20. The system of claim 15, wherein the processor further:
    - upon determining that the inheritance rule specifies that the first generation child domain is bypassed, attaching the security policy to a second generation child domain, wherein the second generation child domain is associated with the first generation child domain in a hierarchical relationship.
  - 21. The system of claim 20, wherein:
    - a domain hierarchy comprises a plurality of domains in a hierarchical structure including at least;
      
      the parent domain;
      
      the first generation child domain; and
      
      the second generation child domain; and
      
      wherein each of the plurality of domains includes a plurality of secured systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kolz, Daniel Paul, Kao, I-Lung

Granted Patent

US 8,296,820 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/102 Entity profiles

Applying Security Policies to Multiple Systems and Controlling Policy Propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Applying Security Policies to Multiple Systems and Controlling Policy Propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links