×

Declarative language for specifying a security policy

  • US 6,779,120 B1
  • Filed: 01/07/2000
  • Issued: 08/17/2004
  • Est. Priority Date: 01/07/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A declarative language system for specifying in an annotated policy specification a security policy of a network event, wherein said network event comprises a stack having a plurality of protocol events, wherein each of said plurality of protocol events is associated with a predefined protocol layer, and wherein said network event is an interaction between an active principal and a passive principal, said declarative language system comprising:

  • a declarative language comprising a plurality of objects, such that each object of said plurality of objects comprises at least one list having a first element;

    a declarative language editor for providing means for specifying in a first policy specification said security policy using said declarative language;

    a declarative language compiler for providing means for compiling said first policy specification and generating said annotated policy specification;

    means for loading said annotated policy specification into a Policy Engine;

    means for said Policy Engine to receive said network event from an Agent;

    means for said Policy Engine to evaluate said security policy against said network event and to generate a disposition for said network event;

    means for said Policy Engine to communicate agent directives to said Agent; and

    means for said Policy Engine to output said network event and said disposition to a datastore;

    wherein said each object is a first-class object and wherein said first-class object is any of;

    a policy;

    a group;

    a credential, said credential having a specificity;

    a condition;

    a disposition; and

    a rule, said rule having an outcome;

    wherein said rule for evaluating said event comprises;

    a protocol field associated with said event;

    a plurality of actions associated with said event;

    an initiator for representing said active principal of said event;

    a target for representing said passive principal of said event, and means for said outcome to generate a disposition by specifying constraints upon said event said outcome comprising at least one of a plurality of conditional statements and a default statement, wherein each of said plurality of conditional statement comprises a keyword and a disposition, and wherein said plurality of conditional statements are evaluated in chronological order; and

    wherein said outcome comprises any of an immediate outcome and a final outcome, wherein said immediate outcome is evaluated by said Policy Engine when said rule is selected, and wherein said final outcome is evaluated when said Policy Engine determines said event is final.

View all claims
  • 14 Assignments
Timeline View
Assignment View
    ×
    ×