Security policy update supporting at least one security service provider

US 7,661,123 B2
Filed: 12/05/2003
Issued: 02/09/2010
Est. Priority Date: 12/05/2003
Status: Active Grant

First Claim

Patent Images

1. A method, implemented in a computing device, the method comprising:

accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be implemented by the plurality of security engines in place of a current security policy, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine;

identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engine;

processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules;

returning, via each of the plurality of security engines, a fail value when it determines that it has not successfully processed the identified set of rules;

returning, via each of the plurality of security engines, a pass value when it determines that it has successfully processed the identified set of rules;

receiving an indication to ignore the new set of rules and continue operating each of the plurality of security engines according to the previous rules when at least one of the plurality of security engines has returned a fail value; and

switching, after receiving a pass value from each of the plurality of security engines, each of the plurality of security engines to the new rules substantially concurrently.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security policy update supporting at least one security service provider includes each of one or more security service providers receiving a set of new rules to be enforced as part of a new security policy. Each security service provider processes the new rules in order to be ready to begin using the new rules, but continues to use the previous set of rules until instructed to begin using the new rules. When all of the one or more security service providers are ready to begin using the new rules, they are instructed to begin using the new rules at which point all of the security service providers begin using the set of new rules substantially concurrently.

37 Citations

View as Search Results

28 Claims

1. A method, implemented in a computing device, the method comprising:
- accessing a new security policy to be implemented by a plurality of security engines of the computing device and to be implemented by the plurality of security engines in place of a current security policy, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine;
  
  identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engine;
  
  processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules;
  
  returning, via each of the plurality of security engines, a fail value when it determines that it has not successfully processed the identified set of rules;
  
  returning, via each of the plurality of security engines, a pass value when it determines that it has successfully processed the identified set of rules;
  
  receiving an indication to ignore the new set of rules and continue operating each of the plurality of security engines according to the previous rules when at least one of the plurality of security engines has returned a fail value; and
  
  switching, after receiving a pass value from each of the plurality of security engines, each of the plurality of security engines to the new rules substantially concurrently.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as recited in claim 1, wherein switching each of the plurality of security engines to the new rules substantially concurrently comprises switching each of the plurality of security engines after each of the plurality of security engines can nearly ensure that it can begin using the new rules as soon as it receives the indication to switch to the new security policy.
  - 3. A method as recited in claim 1, wherein the switching comprises calling, for each of the plurality of security engines, a function exposed by the security engine.
  - 4. A method as recited in claim 1, wherein the switching comprises writing a value to a shared data structure.
  - 5. A method as recited in claim 1, wherein the switching comprises firing an event across all of the security engines at once.
  - 6. A method as recited in claim 1, wherein the plurality of security engines includes an antivirus engine.
  - 7. A method as recited in claim 1, wherein the plurality of security engines includes a firewall engine.
  - 8. A method as recited in claim 1, wherein the plurality of security engines includes an intrusion detection engine.
  - 9. A method as recited in claim 1, wherein the plurality of security engines includes a vulnerability analysis engine.
  - 10. A method as recited in claim 1, wherein the plurality of security engines includes a behavioral blocking engine.
  - 11. A method as recited in claim 1, wherein each of the plurality of security engines is part of a same application process.
  - 12. A method as recited in claim 1, wherein the plurality of security engines includes one or more of:
    - an antivirus engine, a firewall engine, an intrusion detection engine, a vulnerability analysis engine, and a behavioral blocking engine.
  - 13. A method as recited in claim 12, wherein the switching comprises one or more of:
    - calling, for each of the plurality of security engines, a function exposed by the security engine;
      
      writing a value to a shared data structure; and
      
      firing an event across all of the security engines at once.

14. One or more computer readable storage media storing one or more instructions that, when executed by one or more processors, causes the one or more processors to:
- receive information of a new security policy to be used by a plurality of security engines, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine;
  
  identify, by a rule set generator, which set of rules is used by which type of security engines;
  
  process, via each of the plurality of security engines, the identified set of rules specific to its type to generate new rules having associated data for operation of the security engine;
  
  use a previous set of rules and associated data when each of the plurality of security engines determines that it has not successfully processed the identified set of rules; and
  
  use, upon receiving an indication that each of the plurality of security engines determines that it has successfully processed the identified set of rules, the new set of rules and associated data on each of the plurality of security engines substantially concurrently.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. One or more computer readable storage media as recited in claim 14, wherein the identify which set of rules is used by which type of security engines includes inferring which set of rules are associated with which type of security engine.
  - 16. One or more computer readable storage media as recited in claim 14, wherein the identify which set of rules is used by which type of security engines comprises using an identifier associated with each set of rules to identify which set of rules is used by which type of security engines.
  - 17. One or more computer readable storage media as recited in claim 14, wherein the indication that each of the plurality of security engines has successfully processed the identified set of rules comprises calling a function to begin using the new set of rules.
  - 18. One or more computer readable media as recited in claim 14, wherein the indication comprises identifying, in a shared data structure, a value indicating to begin using the new set of rules and associated data.
  - 19. One or more computer readable media as recited in claim 14, wherein the instructions further cause the one or more processors to begin polling an event, and wherein the indication comprises detecting that the event has been fired.
  - 20. One or more computer readable storage media as recited in claim 14, wherein the one or more instructions comprises one of:
    - an antivirus service provider, a firewall service provider, an intrusion detection service provider, a vulnerability analysis service provider, and a behavioral blocking service provider.
  - 21. One or more computer readable storage media as recited in claim 20, wherein the indication that each of the plurality of security engines has successfully processed the identified set of rules comprises one or more of:
    - having a function exposed by the one or more instructions invoked;
      
      identifying, in a shared data structure, a value indicating to begin using the new set of rules and associated data; and
      
      detecting that an event being polled has been fired.

22. A method, implemented in a computing device, the method comprising:
- receiving a new security policy to be enforced by a plurality of security engines of the computing device, the plurality of security engines including security engines of at least a first type of security engine and a second type of security engine, the new security policy including a first set of rules specific to the first type of security engine and a second set of rules specific to the second type of security engine;
  
  identifying, by a rule set generator of the computing device, which set of rules is used by which type of security engines;
  
  processing, via each of the plurality of security engines, the identified set of rules specific to its type to establish new rules for operation of the security engine while the security engine continues to operate according to previous rules; and
  
  enforcing, in response to receipt of an indication that each of the plurality of security engines has determined that it has successfully processed the identified set of rules, the new rules on each of the plurality of security engines substantially concurrently.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. A method as recited in claim 22, wherein the indication comprises calling a function to begin using the new set of rules.
  - 24. A method as recited in claim 22, wherein the indication comprises identifying, in a shared data structure, a value indicating to begin using the new set of rules.
  - 25. A method as recited in claim 22, wherein the indication comprises detecting that an event being polled has been fired.
  - 26. A method as recited in claim 22, wherein the security engines includes one or more of:
    - an antivirus engine, a firewall engine, an intrusion detection engine, a vulnerability analysis engine, and a behavioral blocking engine.
  - 27. A method as recited in claim 26, wherein the indication comprises one or more of:
    - having a function exposed by the security engine invoked;
      
      identifying, in a shared data structure, a value indicating to begin using the new set of rules and associated data; and
      
      detecting that an event being polled has been fired.
  - 28. A method as recited in claim 22, further comprising:
    - returning, via each of the plurality of security engines, a fail value when it determines that it has not successfully processed the identified set of rules; and
      
      returning, via each of the plurality of security engines, a pass value when it determines that it has successfully processed the identified set of rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fakes, Thomas F., Samuelsson, Anders M. E.
Primary Examiner(s)
Dinh; Minh

Application Number

US10/729,530
Publication Number

US 20050125694A1
Time in Patent Office

2,258 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/57 Certifying or maintaining t...

Security policy update supporting at least one security service provider

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Security policy update supporting at least one security service provider

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links