Application-based security rights in cloud environments

US 20170041347A1
Filed: 08/08/2015
Published: 02/09/2017
Est. Priority Date: 08/08/2015
Status: Active Grant

First Claim

Patent Images

1. A method to enforce security service requirements for a cloud application, comprising:

associating with the cloud application a set of security service requirements;

deploying the cloud application into a specific cloud security environment;

evaluating the security service requirements against the specific cloud security environment; and

responsive to a determination that the specific cloud security environment does not meet the security service requirements for the cloud application, taking a given action.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides the ability for a cloud application to specify its security requirements, to ability to have those requirements evaluated, e.g., against a specific cloud deployment environment, and the ability to enable the application to control a cloud-based security assurance service to provision additional security technology in the cloud to support deployment (or re-deployment elsewhere) of the application if the environment does not have the necessary topology and security resources deployed. To this end, the application queries the service by passing a set of application-based security rights. If the security capabilities provided by the security assurance service are sufficient or better than the application'"'"'s security rights, the application functions normally. If, however, the security environment established by the security assurance service is insufficient for the application, the application is afforded one or more remediation options, e.g., issuing a request to upgrade the security environment, or the like.

43 Citations

View as Search Results

21 Claims

1. A method to enforce security service requirements for a cloud application, comprising:
- associating with the cloud application a set of security service requirements;
  
  deploying the cloud application into a specific cloud security environment;
  
  evaluating the security service requirements against the specific cloud security environment; and
  
  responsive to a determination that the specific cloud security environment does not meet the security service requirements for the cloud application, taking a given action.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the given action is a remediation action that attempts to meet the security service requirements, the remediation action being one of:
    - requesting upgrade or reconfiguration of the specific cloud security environment, requesting transfer of the cloud application to another specific cloud security environment, and requesting transfer of the cloud application to another cloud platform.
  - 3. The method as described in claim 1 wherein the given action temporarily de-activates the cloud application or prevents the cloud application from starting.
  - 4. The method as described in claim 1 further including performing the evaluating operation using a changed set of security service requirement or a changed cloud security environment.
  - 5. The method as described in claim 1 wherein the set of security service requirements include one of:
    - a generic security level requirement that as specified does not expose at least some specific security resource requirements necessary to implement the security level, one or more specific security resource requirements, and one or more relationship-specific criteria associated with the cloud application.
  - 6. The method as described in claim 4 further including:
    - evaluating the relationship-specific criteria; and
      
      responsive to the evaluation, restricting another cloud application from being hosted with the cloud application in the specific cloud security environment.
  - 7. The method as described in claim 1 wherein evaluating the security service requirements against the specific cloud security environment includes:
    - providing a security assurance service with a query that includes the set of security service requirements; and
      
      receiving from the security assurance service a response that includes the determination.

8. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions executed by the processor to enforce security service requirements for a cloud application, the computer program instructions comprising program code operative to;
  
  associate with the cloud application a set of security service requirements;
  
  deploy the cloud application into a specific cloud security environment;
  
  evaluate the security service requirements against the specific cloud security environment; and
  
  responsive to a determination that the specific cloud security environment does not meet the security service requirements for the cloud application, take a given action.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein the given action is a remediation action that attempts to meet the security service requirements, the remediation action being one of:
    - requesting upgrade or reconfiguration of the specific cloud security environment, requesting transfer of the cloud application to another specific cloud security environment, and requesting transfer of the cloud application to another cloud platform.
  - 10. The apparatus as described in claim 8 wherein the given action temporarily de-activates the cloud application or prevents the cloud application from starting.
  - 11. The apparatus as described in claim 8 wherein the program code is further operative to perform the evaluate operation using a changed set of security service requirement or a changed cloud security environment.
  - 12. The apparatus as described in claim 8 wherein the set of security service requirements include one of:
    - a generic security level requirement that as specified does not expose at least some specific security resource requirements necessary to implement the security level, one or more specific security resource requirements, and one or more relationship-specific criteria associated with the cloud application.
  - 13. The apparatus as described in claim 12 wherein the program code is further operative to:
    - evaluate the relationship-specific criteria; and
      
      responsive to the evaluation, restrict another cloud application from being hosted with the cloud application in the specific cloud security environment.
  - 14. The apparatus as described in claim 8 wherein the program code operative to evaluate the security service requirements against the specific cloud security environment is further operative to:
    - provide a security assurance service with a query that includes the set of security service requirements; and
      
      receive from the security assurance service a response that includes the determination.

15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions executed by the data processing system to enforce security service requirements for a cloud application, the computer program instructions comprising program code operative to:
- associate with the cloud application a set of security service requirements;
  
  deploy the cloud application into a specific cloud security environment;
  
  evaluate the security service requirements against the specific cloud security environment; and
  
  responsive to a determination that the specific cloud security environment does not meet the security service requirements for the cloud application, take a given action.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product as described in claim 15 wherein the given action is a remediation action that attempts to meet the security service requirements, the remediation action being one of:
    - requesting upgrade or reconfiguration of the specific cloud security environment, requesting transfer of the cloud application to another specific cloud security environment, and requesting transfer of the cloud application to another cloud platform.
  - 17. The computer program product as described in claim 15 wherein the given action temporarily de-activates the cloud application or prevents the cloud application from starting.
  - 18. The computer program product as described in claim 15 wherein the program code is further operative to perform the evaluate operation using a changed set of security service requirement or a changed cloud security environment.
  - 19. The computer program product as described in claim 15 wherein the set of security service requirements include one of:
    - a generic security level requirement that as specified does not expose at least some specific security resource requirements necessary to implement the security level, one or more specific security resource requirements, and one or more relationship-specific criteria associated with the cloud application.
  - 20. The computer program product as described in claim 19 wherein the program code is further operative to:
    - evaluate the relationship-specific criteria; and
      
      responsive to the evaluation, restrict another cloud application from being hosted with the cloud application in the specific cloud security environment.
  - 21. The computer program product as described in claim 15 wherein the program code operative to evaluate the security service requirements against the specific cloud security environment is further operative to:
    - provide a security assurance service with a query that includes the set of security service requirements; and
      
      receive from the security assurance service a response that includes the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Nagaratnam, Nataraj, Hoy, Jeffrey Robert, Kapadia, Kaushal Kiran, Muthukrishnan, Ravi Krishnan, Iyer, Sreekanth Ramakrishna

Granted Patent

US 9,762,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0254   Stateful filtering

H04L 63/20   for managing network securi...

Application-based security rights in cloud environments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Application-based security rights in cloud environments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links