PDSTUDIO DESIGN SYSTEM AND METHOD
First Claim
Patent Images
1. A policy developer system for providing at least one translation of a meta-policy for development of, implementation of, monitoring, and enforcing a network security policy, said system comprising:
- a meta-policy for representing said network security policy, said meta-policy comprising;
an association with zero or more outcomes;
an association with zero or more relationships;
an association with zero or more network objects; and
an association with zero, more services;
wherein a relationship of said zero or more relationships is associated with only one of said zero or more services and is associated with only one of said zero or more outcomes, wherein a protocol of said only one of said zero or more services must match a protocol of said only one of said zero or more outcomes, and wherein said relationship associated with an initiator network object and a target network object;
wherein said outcome of said zero or more outcomes also comprises an attribute of owner and is associated with one or more components, each of said one or more components associated with a criticality;
at least one translation of said meta-policy, said at least one translation used for said development of or implementation of said network security policy; and
means for inputting said at least one translation of said meta-policy into a tool capable of monitoring and enforcing said network security policy;
wherein a network object comprises an identity object.
4 Assignments
0 Petitions
Accused Products
Abstract
A policy developer studio comprising: a meta-policy core of network objects, a policy developer graphical user interface (GUI) tool for providing a front end to a policy language, an output in XML, a compiled output for a policy engine, and an output in human readable form is provided.
-
Citations
46 Claims
-
1. A policy developer system for providing at least one translation of a meta-policy for development of, implementation of, monitoring, and enforcing a network security policy, said system comprising:
-
a meta-policy for representing said network security policy, said meta-policy comprising; an association with zero or more outcomes; an association with zero or more relationships; an association with zero or more network objects; and an association with zero, more services; wherein a relationship of said zero or more relationships is associated with only one of said zero or more services and is associated with only one of said zero or more outcomes, wherein a protocol of said only one of said zero or more services must match a protocol of said only one of said zero or more outcomes, and wherein said relationship associated with an initiator network object and a target network object; wherein said outcome of said zero or more outcomes also comprises an attribute of owner and is associated with one or more components, each of said one or more components associated with a criticality; at least one translation of said meta-policy, said at least one translation used for said development of or implementation of said network security policy; and means for inputting said at least one translation of said meta-policy into a tool capable of monitoring and enforcing said network security policy;
wherein a network object comprises an identity object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46)
-
-
8. A policy developer method for providing at least one translation of a meta-policy for development of, implementation of, monitoring, and enforcing a network security policy, said method comprising:
-
providing a meta-policy for representing said network security policy, said meta-policy comprising; an association with zero or more Outcomes; an association with zero or more relationships; an association with zero or more network objects; and an association with zero or more services; wherein a relationship of said zero or more relationships is associated with only one of said zero or more services and is associated with only one of said zero or more outcomes, wherein a protocol of-said only one of said zero or more outcomes, and wherein said relationship is associated with an initiator network object and a target network object; wherein said outcome of said zero or more outcomes also comprises an attribute of owner and is associated with one or more components, each of said one or more components associated with a criticality; providing at least one translation of said meta-policy, said at least one translation used for said development of or implementation of, said network security policy; and inputting said at least one translation of said meta-policy into a tool capable of monitoring and enforcing said network security policy; wherein a network object comprises an identity object. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 45)
-
Specification