NON-INTRUSIVE METHOD AND APPARATUS FOR AUTOMATICALLY DISPATCHING SECURITY RULES IN CLOUD ENVIRONMENT
First Claim
1. A non-intrusive method for automatically dispatching a plurality of security rules in a cloud environment, comprising:
- forming a composition application model of an application in the cloud environment, wherein said composition application model comprises various servers for deploying said application;
generating a topology model of said various servers in the cloud environment;
automatically generating a plurality of security rules to be adopted by a plurality of server-side firewalls for respective various servers based on an application context of the following;
(i) said application, (ii) said composition application model, (iii) and said topology model; and
dispatching said plurality of security rules to each server-side firewall based on said composition application model and said topology model.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a non-intrusive method and apparatus for automatically dispatching security rules in a cloud environment. The method comprises: forming a composition application model of an application in the cloud environment, said composition application model including at least types of various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating security rules to be adopted by the server-side firewalls of respective servers based on the application context of said application, said composition application model and said topology model; and dispatching said security rules to each server-side firewall based on said composition application model and topology model.
-
Citations
19 Claims
-
1. A non-intrusive method for automatically dispatching a plurality of security rules in a cloud environment, comprising:
-
forming a composition application model of an application in the cloud environment, wherein said composition application model comprises various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating a plurality of security rules to be adopted by a plurality of server-side firewalls for respective various servers based on an application context of the following;
(i) said application, (ii) said composition application model, (iii) and said topology model; anddispatching said plurality of security rules to each server-side firewall based on said composition application model and said topology model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-intrusive apparatus for automatically dispatching a plurality of security rules in a cloud environment, comprising:
-
a composition application model forming means for forming a composition application model of an application in the cloud environment, wherein said composition application model comprises various servers for deploying said application; a topology model generating means for generating a topology model of said various servers in the cloud environment; a security rule generating means for automatically generating a plurality of security rules to be adopted by a plurality of server-side firewalls for respective various servers based on the following;
(i) the application context of said application, (ii) said composition application model, and (iii) said topology model; anda security rule dispatching means for dispatching said plurality of security rules to each server-side firewall based on said composition application model and topology model. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable non-transitory article of manufacture tangibly embodying computer readable instructions which, when executed, cause a computer to carry out the steps of a method comprising:
-
forming a composition application model of an application in the cloud environment, wherein said composition application model comprises various servers for deploying said application; generating a topology model of said various servers in the cloud environment; automatically generating a plurality of security rules to be adopted by a plurality of server-side firewalls for respective various servers based on an application context of the following;
(i) said application, (ii) said composition application model, (iii) and said topology model; anddispatching said plurality of security rules to each server-side firewall based on said composition application model and said topology model.
-
Specification