Implementing security policies in software development tools
First Claim
Patent Images
1. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “
- computer program”
by one or more processors causes said “
one or more processors”
to perform the steps of;
a) performing a series of first phase steps, said “
series of first phase steps”
including;
i) receiving at least one raw authorization requirement;
ii) creating at least one authorization requirement representation from at least one of said “
at least one raw authorization requirement”
using a language; and
iii) analyzing at least one of said “
at least one authorization requirement representation”
for at least one of the following;
(1) ensuring that at least one of said “
at least one authorization requirement representation”
is consistent”
; and
(2) ensuring that at least one of said “
at least one authorization requirement representation”
is conflict-free”
;
b) performing a series of second phase steps, said “
series of second phase steps”
including;
i) creating at least one use case authorization from at least one of said “
at least one authorization requirement representation”
by;
(1) propagating at least one of said “
at least one authorization requirement representation”
to a subject hierarchy;
(2) enumerating at least one implicit authorization, said “
at least one implicit authorization”
derived from at least one of said “
at least one authorization requirement representation”
;
(3) resolving inconsistencies in at least one of said “
at least one use case authorization”
; and
(4) completing incomplete said “
at least one use case authorization”
;
ii) validating consistency between at least one of said “
at least one authorization requirement representation” and
at least one of said “
at least one use case authorization”
;
c) performing a series of third phase steps for information flow control including;
i) receiving at least one raw information flow requirement;
ii) creating at least one information flow requirement representation from at least one of said “
at least one raw information flow requirement”
using a language;
iii) creating at least one propagated information flow requirement by propagating at least one of said “
at least one information flow requirement representation”
to a subject hierarchy;
iv) creating at least one enumerated information flow requirement by enumerating at least one possible direct and indirect information flow requirement derived from said “
at least one information flow requirement representation” and
at least one of said “
at least one propagated information flow requirement”
;
v) generate at least one filtered enumerated information flow requirement by filtering at least one of said “
at least one enumerated information flow requirement”
; and
vi) ensure that at least one of said at least one filtered enumerated information flow requirement”
is consistent with an information flow policy;
d) performing a series of fourth phase steps, said “
series of fourth phase steps including;
i) creating at least one operation authorization;
ii) resolving inconsistencies in at least one of said at least one operation authorization”
; and
iii) ensuring that at least one of said “
at least one operation authorization”
is conflict-free”
; and
e) handling errors in at least one of the following;
i) said “
series of first phase steps”
;
ii) said “
series of second phase steps”
;
iii) said “
series of third phase steps”
; and
iv) said “
series of fourth phase steps”
.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an access and information flow control framework. The framework includes: creating consistent and conflict-free authorization requirement(s) from the raw authorization requirement(s); creating consistent case authorization(s); creating information flow and propagated information flow requirement(s) that are consistent with an information flow policy; creating operation authorization(s); resolving inconsistencies in operation authorization(s); and ensuring that the operation authorization(s) are conflict-free.
124 Citations
4 Claims
-
1. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “
- computer program”
by one or more processors causes said “
one or more processors”
to perform the steps of;a) performing a series of first phase steps, said “
series of first phase steps”
including;i) receiving at least one raw authorization requirement; ii) creating at least one authorization requirement representation from at least one of said “
at least one raw authorization requirement”
using a language; andiii) analyzing at least one of said “
at least one authorization requirement representation”
for at least one of the following;(1) ensuring that at least one of said “
at least one authorization requirement representation”
is consistent”
; and(2) ensuring that at least one of said “
at least one authorization requirement representation”
is conflict-free”
;b) performing a series of second phase steps, said “
series of second phase steps”
including;i) creating at least one use case authorization from at least one of said “
at least one authorization requirement representation”
by;(1) propagating at least one of said “
at least one authorization requirement representation”
to a subject hierarchy;(2) enumerating at least one implicit authorization, said “
at least one implicit authorization”
derived from at least one of said “
at least one authorization requirement representation”
;(3) resolving inconsistencies in at least one of said “
at least one use case authorization”
; and(4) completing incomplete said “
at least one use case authorization”
;ii) validating consistency between at least one of said “
at least one authorization requirement representation” and
at least one of said “
at least one use case authorization”
;c) performing a series of third phase steps for information flow control including; i) receiving at least one raw information flow requirement; ii) creating at least one information flow requirement representation from at least one of said “
at least one raw information flow requirement”
using a language;iii) creating at least one propagated information flow requirement by propagating at least one of said “
at least one information flow requirement representation”
to a subject hierarchy;iv) creating at least one enumerated information flow requirement by enumerating at least one possible direct and indirect information flow requirement derived from said “
at least one information flow requirement representation” and
at least one of said “
at least one propagated information flow requirement”
;v) generate at least one filtered enumerated information flow requirement by filtering at least one of said “
at least one enumerated information flow requirement”
; andvi) ensure that at least one of said at least one filtered enumerated information flow requirement”
is consistent with an information flow policy;d) performing a series of fourth phase steps, said “
series of fourth phase steps including;i) creating at least one operation authorization; ii) resolving inconsistencies in at least one of said at least one operation authorization”
; andiii) ensuring that at least one of said “
at least one operation authorization”
is conflict-free”
; ande) handling errors in at least one of the following; i) said “
series of first phase steps”
;ii) said “
series of second phase steps”
;iii) said “
series of third phase steps”
; andiv) said “
series of fourth phase steps”
. - View Dependent Claims (2, 3)
- computer program”
-
4. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “
- computer program”
by one or more processors causes said “
one or more processors”
to perform the steps of;a) performing a series of first phase steps, said “
series of first phase steps”
including;i) receiving raw authorization requirements; ii) creating an authorization requirement representations from said raw authorization requirements using a language; and iii) analyzing said “
authorization requirement representations”
for at least one of the following;(1) ensuring that said “
authorization requirement representations are consistent”
; and(2) ensuring that said “
authorization requirement representations”
are conflict-free”
;b) performing a series of second phase steps, said “
series of second phase steps”
including;i) creating a use case authorization from said “
authorization requirement representations”
by;(1) propagating said “
authorization requirement representations”
to a subject hierarchy;(2) enumerating implicit authorizations, said “
implicit authorizations”
derived from at least one of said “
authorization requirement representations”
;(3) resolving inconsistencies in said “
use case authorization”
; and(4) completing incomplete said “
use case authorization”
; andii) validating consistency between said “
authorization requirement representations” and
said “
use case authorization”
;c) performing a series of third phase steps, said series of third phase steps”
including;i) creating an operation authorization by; (1) propagating said “
use case authorization”
to “
operation authorization”
; and(2) resolve inconsistencies in said “
operation authorization”
; andii) ensuring that said “
operation authorization”
is conflict-free; andd) handling errors in at least one of the following; i) said “
series of first phase steps”
;ii) said “
series of second phase steps”
; andiii) said “
series of third phase steps”
.
- computer program”
Specification