IDENTITY BASED BEHAVIOR MEASUREMENT ARCHITECTURE
First Claim
Patent Images
1. A method comprising:
- generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity;
recording performance of a later operation by an actor having an actor identity upon a subject having a subject identity; and
using the actor identity and the subject identity to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.
0 Assignments
0 Petitions
Accused Products
Abstract
A method includes generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity. Performance of a later operation by an actor with an actor identity upon a subject with a subject identity is recorded and the actor identity and the subject identity are used to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.
-
Citations
20 Claims
-
1. A method comprising:
-
generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity; recording performance of a later operation by an actor having an actor identity upon a subject having a subject identity; and using the actor identity and the subject identity to determine that the performance of the later operation does not match the behavioral state and indicates a security risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An endpoint device, comprising:
-
memory; and a processor executing instructions to perform steps comprising; generating a behavior value based the identities of actors and subjects that were involved in operations performed at least in part on the endpoint device; receiving an identity of an actor and an identity of a subject involved in a later operation; and using the identity of the actor and the identity of the subject and the behavior value to determine that the later operation is suspect. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An endpoint device comprising:
-
a memory; and a processor executing a security supervisor that provides a single value indicative of a plurality of past actor-subject operations and that detects a security violation in the endpoint device on a further actor-subject operation and the single value. - View Dependent Claims (20)
-
Specification