HIGH GRANULARITY APPLICATION AND DATA SECURITY IN CLOUD ENVIRONMENTS

US 20190318100A1
Filed: 09/20/2018
Published: 10/17/2019
Est. Priority Date: 04/17/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising, at a computer system of a security management system:

obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform;

analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application;

determining an action to perform in response to identifying the event; and

performing the action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are systems, methods, and computer-readable medium for identifying security risks in applications executing in a cloud environment. In various implementations, a security monitoring and management system can obtain application data from a service provider system. The application data can include a record of actions performed by an application during use of the application by users associated with a tenant. The application executes in a service platform provided for the tenant by the service provider system. In various implementations, the application data is analyzed to identify an event associated with a security risk, where the event is identified from one or more actions performed by the application. The system can determine an action to perform in response to identifying the event. In various examples, an agent executing on the service platform can add instrumentation codes used by the application, where the instrumentation provides the application data.

53 Citations

20 Claims

1. A computer-implemented method, comprising, at a computer system of a security management system:
- obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform;
  
  analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application;
  
  determining an action to perform in response to identifying the event; and
  
  performing the action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the service provider system maintains an activity log for the tenant, the activity log including actions performed by the one or more users in accessing the service platform, and wherein the activity log does not include actions performed by the application.
  - 3. The computer-implemented method of claim 1, wherein the event is identified using a policy from a plurality of policies, wherein the plurality of policies define application actions associated with security risks.
  - 4. The computer-implemented method of claim 3, wherein the one or more actions performed by the application produce an effect on a computing resource, and wherein the policy indicates that the effect on the computing resource is a security risk.
  - 5. The computer-implemented method of claim 1, further comprising:
    - filtering the application data using a plurality of polices, wherein one or more policies from the plurality of policies describe application actions identified as security risks.
  - 6. The computer-implemented method of claim 1, wherein the event is identified using a model for the application, wherein the model describes usage patterns for the application.
  - 7. The computer-implemented method of claim 1, wherein an agent executing on the service platform collects the application data and provides the application data to the computer system.
  - 8. The computer-implemented method of claim 1, wherein an agent executing on the service platform modifies code used by the application to add instrumentation to the code, wherein, when the code is executed by the application, the code produces the application data.
  - 9. The computer-implemented method of claim 8, wherein the agent is configured to identify code that, when executing, performs actions identified as security risks.

10. A computing system, comprising:
- one or more processors; and
  
  a memory coupled to and readable by the one or more processors, the memory including instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including;
  
  obtaining application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform;
  
  analyzing the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application;
  
  determining an action to perform in response to identifying the event; and
  
  performing the action.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computing system of claim 10, wherein the service provider system maintains an activity log for the tenant, the activity log including actions performed by the one or more users in accessing the service platform, and wherein the activity log does not include actions performed by the application.
  - 12. The computing system of claim 10, wherein the event is identified using a policy from a plurality of policies, wherein the plurality of policies define application actions associated with security risks.
  - 13. The computing system of claim 12, wherein the one or more actions performed by the application produce an effect on a computing resource, and wherein the policy indicates that the effect on the computing resource is a security risk.
  - 14. The computing system of claim 10, wherein the memory further includes instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including:
    - filtering the application data using a plurality of polices, wherein one or more policies from the plurality of policies describe application actions identified as security risks.
  - 15. The computing system of claim 10, wherein the event is identified using a model for the application, wherein the model describes usage patterns for the application.
  - 16. The computing system of claim 10, wherein an agent executing on the service platform modifies code used by the application to add instrumentation to the code, wherein, when the code is executed by the application, the code produces the application data.
  - 17. The computing system of claim 16, wherein the agent is configured to identify code that, when executing, performs actions identified as security risks.

18. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, cause the one or more processors to:
- obtain application data from a service provider system, wherein the application data includes a record of actions performed by an application during use of the application by one or more users associated with a tenant, wherein the application executes in a service platform provided for the tenant by the service provider system, wherein the service provider system provides the tenant with a tenant account, and wherein the tenant account enables the one or more users to access the service platform;
  
  analyze the application data to identify an event associated with a security risk, wherein the event is identified from one or more actions performed by the application;
  
  determine an action to perform in response to identifying the event; and
  
  perform the action.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the service provider system maintains an activity log for the tenant, the activity log including actions performed by the one or more users in accessing the service platform, and wherein the activity log does not include actions performed by the application.
  - 20. The non-transitory computer-readable medium of claim 18, wherein the event is identified using a policy from a plurality of policies, wherein the plurality of policies define application actions associated with security risks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Bhatia, Gaurav, Kirti, Ganesh, Turlapati, Ramana Rao Satyasai

Granted Patent

US 11,055,417 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

HIGH GRANULARITY APPLICATION AND DATA SECURITY IN CLOUD ENVIRONMENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HIGH GRANULARITY APPLICATION AND DATA SECURITY IN CLOUD ENVIRONMENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links