SYSTEMS, METHODS, AND MEDIA FOR ENFORCING A SECURITY POLICY IN A NETWORK INCLUDING A PLURALITY OF COMPONENTS
First Claim
1. A method for enforcing a security policy in a network including a plurality of components, the method comprising:
- receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of the plurality of components;
attributing a first event of the plurality of events to a first principal;
attributing a second event of the plurality of events to a second principal;
determining whether the first and second events are correlated;
storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated;
comparing the second event to the security policy; and
modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.
-
Citations
30 Claims
-
1. A method for enforcing a security policy in a network including a plurality of components, the method comprising:
-
receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of the plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for enforcing a security policy in a network including a plurality of components, the method comprising:
-
receiving the security policy having a plurality of policy rules, wherein the plurality of policy rules are represented by a corresponding plurality of policy graphs, wherein each vertex in the plurality of policy graphs has attributes describing an event, and wherein each of the plurality of policy rules has a corresponding actuator; receiving a plurality of requests; modeling the plurality of requests, wherein a graph of each request is generated; comparing the graph of each request with the plurality of policy graphs; and in response to detecting a deviation from one of the plurality of policy graph, activating the corresponding actuator. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A method for enforcing a security policy in a network including a plurality of components, the method comprising:
-
receiving a request; processing the request at a first node, wherein a sensor monitors a plurality of events generated at the first node; associating information relating to the plurality of events with a graph representing interactions of the request with the network; and transmitting the information relating to the plurality of events and the graph to a neighboring second node, wherein the second node evaluates the request against the security policy using the transmitted information. - View Dependent Claims (24, 25, 26)
-
-
27. A method for creating security policies in a network including a plurality of components, the method comprising:
-
monitoring a plurality of requests, wherein a plurality of events associated with each of the plurality of requests is generated at a plurality of nodes; modeling the plurality of requests and the plurality of events, wherein a representation of each of the plurality of requests is generated; transmitting the representation to an administrator node; receiving a modified representation from the administrator node; and generating a security policy having a plurality of policy rules in response to receiving the modified representation, wherein the plurality of policy rules reflect the modified representation. - View Dependent Claims (28, 29, 30)
-
Specification