Security verification method and device
First Claim
1. A security verification method for verifying whether improper settings that indicate composite errors of security settings exist in an object system, said method comprising the steps of:
- reading data transfer paths that represent data movement in said object system and that have been generated based on program operation information that describes operations of a program that is used in said object system;
integrating access rights of data transfer paths that have been read; and
based on security verification policies in which improper paths, which are paths of data movement that are improper from a standpoint of security, have been set in advance, searching for improper paths among data transfer paths for which access rights have been integrated.
1 Assignment
0 Petitions
Accused Products
Abstract
A security verification method for verifying whether improper settings that indicate composite errors of security settings exist in an object system, which is an object of examination, includes steps of: reading data transfer paths that represent data movement in the object system and that are generated based on program operation information that describes operations of a program that is used in the object system, integrating the access rights of data transfer paths that have been read; and searching for improper paths among the data transfer paths for which access rights have been integrated based on security verification policies in which improper paths, which are paths of data movement that are improper from the standpoint of security, have been set in advance.
-
Citations
25 Claims
-
1. A security verification method for verifying whether improper settings that indicate composite errors of security settings exist in an object system, said method comprising the steps of:
-
reading data transfer paths that represent data movement in said object system and that have been generated based on program operation information that describes operations of a program that is used in said object system; integrating access rights of data transfer paths that have been read; and based on security verification policies in which improper paths, which are paths of data movement that are improper from a standpoint of security, have been set in advance, searching for improper paths among data transfer paths for which access rights have been integrated. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A security verification method for verifying whether improper settings that indicate composite errors of security settings exist in an object system, said security verification method comprising the steps of:
-
storing in a storage device an operation model that represents operation contents of said object system and that is generated based on program operation information that describes operations of a program that is used said object system; and verifying whether data movement that is represented by security verification policies in which data movement that is proper or improper from a standpoint of security has been set in advance conform with the operation contents of said object system that is represented by the operation model that has been stored in said storage device.
-
-
7. A security verification device for verifying whether improper settings that indicate composite errors of security settings exist in an object system;
- said security verification device comprising;
data transfer path storage means for storing data transfer paths that indicate data movement in said object system and that have been generated based on program operation information that describes operations of a program that is used in said object system; access right integration means for integrating access rights of data transfer paths that represent data movement in said object system that have been stored in said data transfer path storage means; and search means for, based on security verification policies in which improper paths, which are paths of data movement that is improper from a standpoint of security, have been set in advance, searching for improper paths among data transfer paths for which access rights have been integrated. - View Dependent Claims (8, 9, 10, 11, 12)
- said security verification device comprising;
-
13. A security verification device for verifying whether improper settings that indicate composite errors of security settings exist in an object system;
- said security verification device comprising;
setting information storage means for storing setting information; setting information collection means for collecting setting information that indicates security settings in said object system and that is stored in said setting information storage means; program operation information storage means for storing program operation information that describes operations of a program that is used in said object system; and data transfer path generation means for generating data transfer paths based on setting information that has been collected by said setting information collection means and program operation information that is stored in said program operation information storage means.
- said security verification device comprising;
-
14. A security verification device for verifying whether improper settings that indicate composite errors of security settings exist in an object system;
- said security verification device comprising;
operation model storage means for storing operation model that represents operation contents of said object system and that is generated based on program operation information that describes operations of a program that is used in said object system; and verification means for verifying whether the operation contents of said object system that are represented by operation model that have been stored in said operation model storage means conform with relevant data movement that is represented by security verification policies in which data movement that is proper or improper from a standpoint of security has been set in advance. - View Dependent Claims (15, 16)
- said security verification device comprising;
-
17. A security verification device for verifying whether improper settings that indicate composite errors of security settings exist in an object system that is connected to a communication network;
- said security verification device comprising;
search means for searching for improper paths among data transfer paths that represent data movement in said object system based on security verification policies in which improper paths, which are paths of data movement that are improper from a standpoint of security, have been set in advance; and security setting search means for, based on program operation information that describes operations of a program that is used in said object system, searching for composite security settings that allow data movement on improper paths that have been discovered by said search means. - View Dependent Claims (18, 19)
- said security verification device comprising;
-
20. A program product for verifying whether improper settings that indicate composite errors in security settings exist in an object system;
- said program product causing a computer to execute steps of;
reading data transfer paths that represent data movement in an object system and that are generated based on program operation information that describes operations of a program that is used in said object system; integrating access rights of data transfer paths that have been read; and searching for improper paths among data transfer paths for which access rights have been integrated based on security verification policies in which improper paths, which are paths of data movement that is improper from a standpoint of security, have been set in advance. - View Dependent Claims (21, 22, 23, 24)
- said program product causing a computer to execute steps of;
-
25. A program product for verifying whether improper settings that indicate composite errors of security settings exist in an object system, said program product causing a computer to execute steps of:
-
storing in a storage device operation models that represent operation contents of said object system and that are generated based on program operation information that describes operations of a program that is used by said object system; and verifying whether data movement that is represented by security verification policies in which data movement that is proper or improper from a standpoint of security has been set in advance conforms with operation contents of said object system that are represented by operation models that are stored in said storage device.
-
Specification