Reactive audit protection in the database (RAPID)

US 7,555,645 B2
Filed: 01/06/2005
Issued: 06/30/2009
Est. Priority Date: 01/06/2005
Status: Active Grant

First Claim

Patent Images

1. A method for proactively enforcing security in a computer system, the method comprising the computer-implemented steps of:

storing a plurality of security modification rules for a system, wherein each security modification rule of the plurality of security modification rules is associated with a set of conditions;

receiving a command at the computer system;

analyzing the command to determine whether one or more audit rules are satisfied;

when the one or more audit rules are satisfied, determining whether one or more audit records need to be generated;

in response to determining that the one or more audit records need to be generated, generating the one or more audit records;

based on the one or more audit records, determining whether the set of conditions associated with any security modification rule has been satisfied; and

in response to determining that the set of conditions associated with a security modification rule of the plurality of security modification rules has been satisfied, performing an action, associated with the security modification rule, that modifies one or more security parameters associated with the system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for proactively enforcing security in a computer system is provided. A plurality of security modification rules is stored for a system. A set of conditions is associated with each security modification rule. Based on one or more audit records generated for the system, the system determines whether the set of conditions associated with any security modification rule has been satisfied. If the system determines that the set of conditions associated with a particular security modification rule has been satisfied, then the system performs an action that modifies one or more security parameters associated with the system, where the action is associated with the violated security modification rule.

39 Citations

View as Search Results

64 Claims

1. A method for proactively enforcing security in a computer system, the method comprising the computer-implemented steps of:
- storing a plurality of security modification rules for a system, wherein each security modification rule of the plurality of security modification rules is associated with a set of conditions;
  
  receiving a command at the computer system;
  
  analyzing the command to determine whether one or more audit rules are satisfied;
  
  when the one or more audit rules are satisfied, determining whether one or more audit records need to be generated;
  
  in response to determining that the one or more audit records need to be generated, generating the one or more audit records;
  
  based on the one or more audit records, determining whether the set of conditions associated with any security modification rule has been satisfied; and
  
  in response to determining that the set of conditions associated with a security modification rule of the plurality of security modification rules has been satisfied, performing an action, associated with the security modification rule, that modifies one or more security parameters associated with the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 2. The method of claim 1, wherein the system is a database system.
  - 3. The method of claim 2, wherein:
    - at least one of(a) the step of determining whether the set of conditions associated with any security modification rules has been satisfied, and(b) the step of performing an action that modifies one or more security parameters,is performed by executing one or more Structured Query Language (SQL) commands.
  - 4. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 3.
  - 5. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 2.
  - 6. The method of claim 1, wherein:
    - at least one of(a) the step of storing a plurality of security modification rules,(b) the step of determining whether the set of conditions associated with any security modification rules has been satisfied, and(c) the step of performing an action that modifies one or more security parameters,is performed by making one or more calls to an Application Programming Interface (API).
  - 7. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 6.
  - 8. The method of claim 1, wherein:
    - the step of performing an action includes changing the value of a particular security parameter of the one or more security parameters from a first value to a second value; and
      
      the method further comprises the step of changing the value of the particular security parameter from the second value to the first value in response to an operation performed by a user that is authorized to enforce security in the system.
  - 9. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 8.
  - 10. The method of claim 1, wherein:
    - the step of performing an action includes changing the value of a particular security parameter of the one or more security parameters from a first value to a second value; and
      
      the method further comprises the step of changing the value of the particular parameter from the second value to the first value in response to the closing of a session in the system, wherein the session was created by a user that performed an operation causing generation of the one or more audit records.
  - 11. The method of claim 1, wherein the step of performing an action comprises increasing one or more security restrictions that are controlled by the values of the one or more security parameters.
  - 12. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 11.
  - 13. The method of claim 1, wherein the step of performing an action comprises decreasing one or more security restrictions that are controlled by the values of the one or more security parameters.
  - 14. The method of claim 1, wherein the step of performing an action comprises restricting a particular activity in the entire system.
  - 15. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 14.
  - 16. The method of claim 1, wherein the step of performing an action comprises restricting a particular activity in a session created in the system by a user, wherein the user performed an operation that caused generation of the one or more audit records.
  - 17. The method of claim 16, wherein the method further comprises:
    - in response to receiving input from an administrator of the system, modifying the one or more security parameters based on the input in order to permit unrestricted performance of the particular activity in the session.
  - 18. The method of claim 1, wherein the step of performing an action comprises restricting a particular activity of a user that performed an operation that caused generation of the one or more audit records.
  - 19. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 18.
  - 20. The method of claim 1, wherein the step of performing an action comprises auditing a particular activity of a user that performed an operation that caused generation of the one or more audit records.
  - 21. The method of claim 1, wherein the step of performing an action comprises terminating a session created in the system by a user, wherein the user performed an operation that caused generation of the one or more audit records.
  - 22. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 21.
  - 23. The method of claim 1, wherein the step of performing an action comprises preventing a user from accessing a set of data which the user was previously permitted to access, wherein the user performed an operation that caused generation of the one or more audit records.
  - 24. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 23.
  - 25. The method of claim 1, wherein the one or more security parameters are associated with a user of the system that performed an operation causing generation of the one or more audit records.
  - 26. The method of claim 25, wherein the one or more security parameters represent one or more privileges of the user to perform one or more operations in the system.
  - 27. The method of claim 25, wherein the one or more security parameters represent permissions associated with one or more objects, in the system, that the user has attempted to access.
  - 28. The method of claim 1, wherein the one or more security parameters are associated with a group of users, wherein the group of users includes a user of the system that performed an operation that caused generation of the one or more audit records.
  - 29. The method of claim 1, wherein the one or more security parameters are associated with all users of the system.
  - 30. The method of claim 29, wherein the step of performing an action that modifies one or more security parameters is carried out in response to performing, by a user of the system, an operation that caused generation of the one or more audit records.
  - 31. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 30.
  - 32. The method of claim 1, wherein the one or more security parameters are associated with a component of the system.
  - 33. The method of claim 1, wherein the one or more security parameters are associated with one or more files managed by the system.
  - 34. The method of claim 1, wherein the step of determining whether the set of conditions associated with any security modification rule has been satisfied is performed at a predetermined time.
  - 35. The method of claim 1, wherein the step of determining whether the set of conditions associated with any security modification rule has been satisfied is performed in response to the expiration of a predetermined interval of time.
  - 36. The method of claim 1, wherein the step of determining whether the set of conditions associated with any security modification rule has been satisfied is performed in response to generation of the one or more audit records.
  - 37. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 36.
  - 38. The method of claim 1, wherein the one or more audit records include information related to one or more operations performed by a user in the system.
  - 39. The method of claim 1, wherein the one or more audit records include information related to a session in the system, wherein the session is created by a user of the system.
  - 40. The method of claim 1, wherein the one or more audit records include information associated with the identity of a user that has created a session in the system.
  - 41. The method of claim 1, wherein the one or more audit records are stored in a repository.
  - 42. The method of claim 41, wherein the repository is maintained on the same computer host as the system.
  - 43. The method of claim 41, wherein the repository is maintained on a different computer host than the system.
  - 44. The method of claim 41, wherein the repository is organized as a database.
  - 45. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 44.
  - 46. The method of claim 1, wherein the step of storing a plurality of security modification rules includes storing the plurality of security modification rules in an eXtensible Markup Language (XML) format.
  - 47. The method of claim 41, wherein the repository is organized as one or more operating system files.
  - 48. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 46.
  - 49. The method of claim 1, wherein:
    - the system is a database system; and
      
      the set of conditions associated with each security modification rule is represented by one or more Structured Query Language (SQL) predicates.
  - 50. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 49.
  - 51. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 1.

52. A method for integrating security rules and audit rules, the method comprising:
- during operation of a system, detecting an attempt to execute an operation that is governed by a particular security rule;
  
  determining whether the particular security rule has been identified as a security rule for which audit records are automatically generated; and
  
  if the particular security rule has been identified as a security rule for which audit records are automatically generated, then generating an audit record in response to the attempt to execute the operation.
- View Dependent Claims (53, 54, 55, 56, 57, 58)
- - 53. The method of claim 52, wherein the system is a database system.
  - 54. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 53.
  - 55. The method of claim 52, further comprising:
    - based on the audit record, performing an action that modifies one or more security parameters in the system.
  - 56. The method of claim 55, wherein the one or more security parameters are associated with the particular security rule.
  - 57. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 52.
  - 58. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 55.

59. A method for combining security rules and audit rules, the method comprising:
- exposing an Application Programming Interface (API) through which users can specify security rules for a system; and
  
  receiving a call from the API, wherein the call indicates a security rule for the system and includes a parameter that indicates whether audit records should be generated by the system automatically in response to operations that are governed by the security rule.
- View Dependent Claims (60, 61, 62, 63, 64)
- - 60. The method of claim 59, wherein the system is a database system.
  - 61. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 60.
  - 62. The method of claim 59, further comprising:
    - if the parameter indicates that audit records should be generated, then in response to performing an operation that is governed by the security rule, generating an audit record; and
      
      based on the audit record, performing an action that modifies one or more security parameters associated with the system.
  - 63. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 62.
  - 64. A computer-readable volatile or non-volatile medium storing one or more sequences of instructions which, when executed by one or more processors, causes the one or more processors to perform the method recited in claim 59.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Vissapragada, Rama
Primary Examiner(s)
PEESO, THOMAS R

Application Number

US11/031,052
Publication Number

US 20060156379A1
Time in Patent Office

1,636 Days
Field of Search

713/164, 713/166
US Class Current

713/166
CPC Class Codes

G06F 21/552 involving long-term monitor...

G06F 21/562 Static detection

Reactive audit protection in the database (RAPID)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

Reactive audit protection in the database (RAPID)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links