AUTOMATED AND ADAPTIVE MODEL-DRIVEN SECURITY SYSTEM AND METHOD FOR OPERATING THE SAME
First Claim
1. A method of managing implementation of policies in an information technologies system, the method comprising:
- receiving into a processor at least one policy function stored in at least one memory;
receiving into the processor at least one refinement template from the at least one memory;
receiving into the processor at least one available policy function from the at least one memory;
receiving into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, and being received in a format that is not machine-enforceable at an enforcement entity of the IT system;
based on the received policy input, automatically or semi-automatically generating via the processor a machine-enforceable rule and/or configuration by filling the at least one refinement template, the machine-enforceable rule and/or configuration including the at least one available policy function and being compliant with the received policy input; and
distributing, via the processor, the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.
-
Citations
30 Claims
-
1. A method of managing implementation of policies in an information technologies system, the method comprising:
-
receiving into a processor at least one policy function stored in at least one memory; receiving into the processor at least one refinement template from the at least one memory; receiving into the processor at least one available policy function from the at least one memory; receiving into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, and being received in a format that is not machine-enforceable at an enforcement entity of the IT system; based on the received policy input, automatically or semi-automatically generating via the processor a machine-enforceable rule and/or configuration by filling the at least one refinement template, the machine-enforceable rule and/or configuration including the at least one available policy function and being compliant with the received policy input; and distributing, via the processor, the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An information technologies (IT) policy management system, comprising:
-
At least one memory that stores at least one policy function, at least one refinement template, or at least one available policy function; and a processor that is configured to; receive the at least one policy function, the at least one refinement template, and the at least one available policy function from the at least one memory; receive a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, and being received in a format that is not machine-enforceable at an enforcement entity of the IT system; based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, the machine-enforceable rule and/or configuration including the at least one available policy function and being compliant with the received policy input; and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification