AUDITING ACCESS TO DATA BASED ON RESOURCE PROPERTIES
First Claim
1. In a computing environment, a method performed on at least one processor, comprising, determining whether a resource has at least one associated audit rule, including any per-resource audit rule or any resource manager audit rule, or both, and if so, processing each rule, including evaluating each eligible rule against metadata associated with the resource to determine whether to generate an audit event, and if so, generating the audit event corresponding to that audit rule.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a technology, such as implemented in an operating system security system, by which a resource'"'"'s metadata (e.g., including data properties) is evaluated against an audit rule or audit rules associated with that resource (e.g., object). The audit rule may be associated with all such resources corresponding to a resource manager, and/or by a resource-specific audit rule. When a resource is accessed, each audit rule is processed against the metadata to determine whether to generate an audit event for that rule. The audit rule may be in the form of one or more conditional expressions. Audit events may be maintained and queried to obtain audit information for various usage scenarios.
22 Citations
20 Claims
- 1. In a computing environment, a method performed on at least one processor, comprising, determining whether a resource has at least one associated audit rule, including any per-resource audit rule or any resource manager audit rule, or both, and if so, processing each rule, including evaluating each eligible rule against metadata associated with the resource to determine whether to generate an audit event, and if so, generating the audit event corresponding to that audit rule.
- 11. In a computing environment, a system comprising, a security mechanism, including audit logic that processes metadata associated with a resource against audit policy, the audit policy including at least one audit rule including a conditional expression, the metadata including information corresponding to at least one variable in the conditional expression, the audit logic configured to generate an audit event when the conditional expression is met, and an event log that logs the audit event.
-
18. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising:
-
(a) determining whether an audit rule of a set of one or more pending audit rules is eligible for evaluating against resource metadata, and if not, advancing to step (d); (b) evaluating one or more conditional expressions in the audit rule against resource metadata to determine whether to generate an audit event, and if not, advancing to step (d); (c) generating the audit event; and (d) removing the audit rule from the pending set; and (e) returning to step (a) for each other audit rule in the pending set, until none remain. - View Dependent Claims (19, 20)
-
Specification