Implementing security policies in software development tools

US 7,340,469 B1
Filed: 04/15/2005
Issued: 03/04/2008
Est. Priority Date: 04/16/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “

computer program”

by one or more processors causes said “

one or more processors”

to perform the steps of;

a) performing a series of first phase steps, said “

series of first phase steps”

including;

i) receiving at least one raw authorization requirement;

ii) creating at least one authorization requirement representation from at least one of said “

at least one raw authorization requirement”

using a language; and

iii) analyzing at least one of said “

at least one authorization requirement representation”

for at least one of the following;

(1) ensuring that at least one of said “

at least one authorization requirement representation”

is consistent”

; and

(2) ensuring that at least one of said “

at least one authorization requirement representation”

is conflict-free”

;

b) performing a series of second phase steps, said “

series of second phase steps”

including;

i) creating at least one use case authorization from at least one of said “

at least one authorization requirement representation”

by;

(1) propagating at least one of said “

at least one authorization requirement representation”

to a subject hierarchy;

(2) enumerating at least one implicit authorization, said “

at least one implicit authorization”

derived from at least one of said “

at least one authorization requirement representation”

;

(3) resolving inconsistencies in at least one of said “

at least one use case authorization”

; and

(4) completing incomplete said “

at least one use case authorization”

;

ii) validating consistency between at least one of said “

at least one authorization requirement representation” and

at least one of said “

at least one use case authorization”

;

c) performing a series of third phase steps for information flow control including;

i) receiving at least one raw information flow requirement;

ii) creating at least one information flow requirement representation from at least one of said “

at least one raw information flow requirement”

using a language;

iii) creating at least one propagated information flow requirement by propagating at least one of said “

at least one information flow requirement representation”

to a subject hierarchy;

iv) creating at least one enumerated information flow requirement by enumerating at least one possible direct and indirect information flow requirement derived from said “

at least one information flow requirement representation” and

at least one of said “

at least one propagated information flow requirement”

;

v) generate at least one filtered enumerated information flow requirement by filtering at least one of said “

at least one enumerated information flow requirement”

; and

vi) ensure that at least one of said at least one filtered enumerated information flow requirement”

is consistent with an information flow policy;

d) performing a series of fourth phase steps, said “

series of fourth phase steps including;

i) creating at least one operation authorization;

ii) resolving inconsistencies in at least one of said at least one operation authorization”

; and

iii) ensuring that at least one of said “

at least one operation authorization”

is conflict-free”

; and

e) handling errors in at least one of the following;

i) said “

series of first phase steps”

;

ii) said “

series of second phase steps”

;

iii) said “

series of third phase steps”

; and

iv) said “

series of fourth phase steps”

.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is an access and information flow control framework. The framework includes: creating consistent and conflict-free authorization requirement(s) from the raw authorization requirement(s); creating consistent case authorization(s); creating information flow and propagated information flow requirement(s) that are consistent with an information flow policy; creating operation authorization(s); resolving inconsistencies in operation authorization(s); and ensuring that the operation authorization(s) are conflict-free.

124 Citations

4 Claims

1. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “
- computer program”
  
  by one or more processors causes said “
  
  one or more processors”
  
  to perform the steps of;
  
  a) performing a series of first phase steps, said “
  
  series of first phase steps”
  
  including;
  
  i) receiving at least one raw authorization requirement;
  
  ii) creating at least one authorization requirement representation from at least one of said “
  
  at least one raw authorization requirement”
  
  using a language; and
  
  iii) analyzing at least one of said “
  
  at least one authorization requirement representation”
  
  for at least one of the following;
  
  (1) ensuring that at least one of said “
  
  at least one authorization requirement representation”
  
  is consistent”
  
  ; and
  
  (2) ensuring that at least one of said “
  
  at least one authorization requirement representation”
  
  is conflict-free”
  
  ;
  
  b) performing a series of second phase steps, said “
  
  series of second phase steps”
  
  including;
  
  i) creating at least one use case authorization from at least one of said “
  
  at least one authorization requirement representation”
  
  by;
  
  (1) propagating at least one of said “
  
  at least one authorization requirement representation”
  
  to a subject hierarchy;
  
  (2) enumerating at least one implicit authorization, said “
  
  at least one implicit authorization”
  
  derived from at least one of said “
  
  at least one authorization requirement representation”
  
  ;
  
  (3) resolving inconsistencies in at least one of said “
  
  at least one use case authorization”
  
  ; and
  
  (4) completing incomplete said “
  
  at least one use case authorization”
  
  ;
  
  ii) validating consistency between at least one of said “
  
  at least one authorization requirement representation” and
  
  at least one of said “
  
  at least one use case authorization”
  
  ;
  
  c) performing a series of third phase steps for information flow control including;
  
  i) receiving at least one raw information flow requirement;
  
  ii) creating at least one information flow requirement representation from at least one of said “
  
  at least one raw information flow requirement”
  
  using a language;
  
  iii) creating at least one propagated information flow requirement by propagating at least one of said “
  
  at least one information flow requirement representation”
  
  to a subject hierarchy;
  
  iv) creating at least one enumerated information flow requirement by enumerating at least one possible direct and indirect information flow requirement derived from said “
  
  at least one information flow requirement representation” and
  
  at least one of said “
  
  at least one propagated information flow requirement”
  
  ;
  
  v) generate at least one filtered enumerated information flow requirement by filtering at least one of said “
  
  at least one enumerated information flow requirement”
  
  ; and
  
  vi) ensure that at least one of said at least one filtered enumerated information flow requirement”
  
  is consistent with an information flow policy;
  
  d) performing a series of fourth phase steps, said “
  
  series of fourth phase steps including;
  
  i) creating at least one operation authorization;
  
  ii) resolving inconsistencies in at least one of said at least one operation authorization”
  
  ; and
  
  iii) ensuring that at least one of said “
  
  at least one operation authorization”
  
  is conflict-free”
  
  ; and
  
  e) handling errors in at least one of the following;
  
  i) said “
  
  series of first phase steps”
  
  ;
  
  ii) said “
  
  series of second phase steps”
  
  ;
  
  iii) said “
  
  series of third phase steps”
  
  ; and
  
  iv) said “
  
  series of fourth phase steps”
  
  .
- View Dependent Claims (2, 3)
- - 2. A computer-readable medium according to claim 1, wherein said raw information flow requirements include non-functional requirements.
  - 3. A computer-readable medium according to claim 1, wherein at least one of said at least one raw authorization requirement is a non-functional requirement.

4. A computer-readable medium encoded with an access and information flow control framework computer program, wherein execution of said “
- computer program”
  
  by one or more processors causes said “
  
  one or more processors”
  
  to perform the steps of;
  
  a) performing a series of first phase steps, said “
  
  series of first phase steps”
  
  including;
  
  i) receiving raw authorization requirements;
  
  ii) creating an authorization requirement representations from said raw authorization requirements using a language; and
  
  iii) analyzing said “
  
  authorization requirement representations”
  
  for at least one of the following;
  
  (1) ensuring that said “
  
  authorization requirement representations are consistent”
  
  ; and
  
  (2) ensuring that said “
  
  authorization requirement representations”
  
  are conflict-free”
  
  ;
  
  b) performing a series of second phase steps, said “
  
  series of second phase steps”
  
  including;
  
  i) creating a use case authorization from said “
  
  authorization requirement representations”
  
  by;
  
  (1) propagating said “
  
  authorization requirement representations”
  
  to a subject hierarchy;
  
  (2) enumerating implicit authorizations, said “
  
  implicit authorizations”
  
  derived from at least one of said “
  
  authorization requirement representations”
  
  ;
  
  (3) resolving inconsistencies in said “
  
  use case authorization”
  
  ; and
  
  (4) completing incomplete said “
  
  use case authorization”
  
  ; and
  
  ii) validating consistency between said “
  
  authorization requirement representations” and
  
  said “
  
  use case authorization”
  
  ;
  
  c) performing a series of third phase steps, said series of third phase steps”
  
  including;
  
  i) creating an operation authorization by;
  
  (1) propagating said “
  
  use case authorization”
  
  to “
  
  operation authorization”
  
  ; and
  
  (2) resolve inconsistencies in said “
  
  operation authorization”
  
  ; and
  
  ii) ensuring that said “
  
  operation authorization”
  
  is conflict-free; and
  
  d) handling errors in at least one of the following;
  
  i) said “
  
  series of first phase steps”
  
  ;
  
  ii) said “
  
  series of second phase steps”
  
  ; and
  
  iii) said “
  
  series of third phase steps”
  
  .

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Mason Intellectual Properties, Inc.
Original Assignee
George Mason Intellectual Properties, Inc.
Inventors
Alghathbar, Khaled S., Wijesekera, Duminda
Primary Examiner(s)
Lee; Wilson

Application Number

US11/106,460
Time in Patent Office

1,054 Days
Field of Search

707 1- 10
US Class Current

1/1
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06Q 10/06 Resources, workflows, human...

Implementing security policies in software development tools

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Implementing security policies in software development tools

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links