System for Supervising the Security of an Architecture

US 20150089572A1
Filed: 03/26/2013
Published: 03/26/2015
Est. Priority Date: 03/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for supervising security of an architecture comprising a plurality of interconnected clouds, a cloud comprising a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, a security controller supervising the resources of the domain, a plurality of physical machines comprising the resources of the plurality of clouds, the method comprising:

a step of reception of a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain,a step of sending said security event to the security supervisor of the first cloud,a step of sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and of sending the security order by the second security controller to a second resource supervised by the second controller.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.

20 Citations

View as Search Results

5 Claims

1. A method for supervising security of an architecture comprising a plurality of interconnected clouds, a cloud comprising a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, a security controller supervising the resources of the domain, a plurality of physical machines comprising the resources of the plurality of clouds, the method comprising:
- a step of reception of a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain,a step of sending said security event to the security supervisor of the first cloud,a step of sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and of sending the security order by the second security controller to a second resource supervised by the second controller.
- View Dependent Claims (2, 3, 4)
- - 2. The supervision method as claimed in claim 1, comprising:
    - a step of detection of an inconsistency between a knowledge base of the supervisor, said base comprising all the security events sent by the controllers of the first cloud and a rules base of the first cloud, said base comprising the rules of operation inside the first cloud.
  - 3. The supervision method as claimed in claim 1, wherein, the first resource included in the first security domain being associated with a first execution level, the method furthermore comprises:
    - a step of selecting and sending of a second security order by the security controller of the first domain to a third resource of the first security domain, the third resource being associated with a second execution level.
  - 4. The supervision method as claimed in claim 1, wherein the respective security supervisors of the clouds comprise a set of security rules forming a security policy, the method comprising:
    - a step of sending, by the supervisor of the first cloud, information relating to the security event to the other cloud supervisors, anda step of negotiation of a second security order between the first supervisor and the other supervisors, the negotiation step being based on the information relating to the security event and on the respective security policies of the security supervisors,a step of sending the second security order to at least a third resource, the third resource being included in a cloud different from the first cloud.

5. A system for supervising security of a computer architecture, said architecture comprising a plurality of interconnected clouds, a cloud comprising a plurality of resources and a security supervisor, the plurality of resources forming, in the cloud, a plurality of groups of resources respectively associated with a security domain, a security controller supervising the resources of the domain, a plurality of physical machines comprising the resources of the plurality of clouds, the system comprising:
- reception means, included in a security controller of a first cloud, for receiving a security event originating from a first resource associated with a first security domain,first sending means, included in the security controller, for sending said security event to the security supervisor of the first cloud,second sending means, included in the supervisor of the first cloud, for sending a security order to at least a second security controller of the first cloud in reaction to the security event, andthird sending means, included in the second controller, for sending the security order to a second resource supervised by the second controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
He, Ruan, Lacoste, Marc, Wailly, Aurlien

Granted Patent

US 9,380,075 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 9/40   Network security protocols

System for Supervising the Security of an Architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

System for Supervising the Security of an Architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links