Method and apparatus for security policy management
First Claim
Patent Images
1. A security policy management system comprising:
- a processor, configured to operate the security policy management system;
setting information storage means for storing setting information representing settings with regard to security functions of devices included in a network system to be managed; and
general-purpose security policy generating means for generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, based on the setting information stored in said setting information storage means,wherein the general-purpose security policy generating means describes a content of each item in a model obtained by modeling an operation of a device having a security function to generate the security policy, the model being represented as a set of items which are described in the security policy,wherein the content of each item in the model is derived from an expression which is included in the setting information stored in the setting information storage means, by using knowledge with regard to descriptive specification for the setting information stored in the setting information storage means, andwherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed.
1 Assignment
0 Petitions
Accused Products
Abstract
A security policy management system for deriving a security policy from setting details of security devices as components of an information system includes a setting information storage unit for storing setting information representing settings with regard to security functions of devices included in a network system to be managed, and a general-purpose security policy generator for generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, based on the setting information stored in the setting information storage unit.
-
Citations
49 Claims
-
1. A security policy management system comprising:
-
a processor, configured to operate the security policy management system; setting information storage means for storing setting information representing settings with regard to security functions of devices included in a network system to be managed; and general-purpose security policy generating means for generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, based on the setting information stored in said setting information storage means, wherein the general-purpose security policy generating means describes a content of each item in a model obtained by modeling an operation of a device having a security function to generate the security policy, the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from an expression which is included in the setting information stored in the setting information storage means, by using knowledge with regard to descriptive specification for the setting information stored in the setting information storage means, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A security policy management system comprising:
-
a processor, configured to operate the security policy management system; setting information inputting means for inputting setting information representing settings with regard to security functions of devices included in a network system to be managed; and general-purpose security policy generating means for generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, based on the setting information inputted by said setting information inputting means, wherein the general-purpose security policy generating means describes a content of each item in a model obtained by modeling an operation of a device having a security function to generate the security policy, the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from an expression which is included in the setting information stored in the setting information storage means, by using knowledge with regard to descriptive specification for the setting information stored in the setting information storage means, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method of managing a security policy, comprising the steps of:
-
storing setting information representing settings with regard to security functions of devices included in a network system to be managed in a setting information storage unit; and generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, by describing a content of each item in a model based on the stored setting information with a general-purpose security policy generating unit, the model being obtained by modeling an operation of a device having a security function, and the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from expression which is included in the setting information, by using knowledge with regard to descriptive specification for the setting information, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (43)
-
-
44. A method of managing a security policy, comprising the steps of:
-
inputting setting information representing settings with regard to security functions of devices included in a network system to be managed into setting information storage unit; and generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, by describing a content of each item in a model based on the inputted setting information with a general-purpose security policy generating unit, the model being obtained by modeling an operation of a device having a security function, and the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from expression which is included in the setting information, by using knowledge with regard to descriptive specification for the setting information, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (45)
-
-
46. A computer-readable medium having a program product for enabling a computer to execute a process comprising the steps of:
-
storing setting information representing settings with regard to security functions of devices included in a network system to be managed; and generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, by describing a content of each item in a model based on the stored setting information, the model being obtained by modeling an operation of a device having a security function, and the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from an expression which is included in the setting information, by using knowledge with regard to descriptive specification for the setting information, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (47)
-
-
48. A computer-readable medium having a program product for enabling a computer to execute a process comprising the steps of:
-
inputting setting information representing settings with regard to security functions of devices included in a network system to be managed; and generating a security policy including a description expressed in a format independent of descriptions depending on particular devices, by describing a content of each item in a model based on the inputted setting information, the model being obtained by modeling an operation of a device having a security function, and the model being represented as a set of items which are described in the security policy, wherein the content of each item in the model is derived from an expression which is included in the setting information, by using knowledge with regard to descriptive specification for the setting information, and wherein, when the setting information to an item for which a default value has been prescribed is omitted, the default value is used to describe the security policy with regard to the item for which the default value has been prescribed. - View Dependent Claims (49)
-
Specification