Method and apparatus for detecting policy violations in a data repository having an arbitrary data schema

US 7,996,373 B1
Filed: 03/28/2008
Issued: 08/09/2011
Est. Priority Date: 03/28/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

identifying, by a scan agent hosted by a computer system, a structure of data stored in a data repository having an arbitrary data schema when the arbitrary data schema of the data repository is unknown, wherein the arbitrary data schema of the data repository is derived from the identified structure;

scanning the structured data of the data repository according to the derived data schema;

converting the structured data into text data; and

applying a schema-independent policy to the converted text data to detect confidential information stored in the data repository regardless of the arbitrary data schema of the structured data, wherein the schema-independent policy is a data loss prevention policy, and wherein a violation of the data loss prevention policy is triggered when the converted text data contains the confidential information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for scanning structured data from a data repository having an arbitrary data schema and for applying a policy to the data of the data repository are described. In one embodiment, the structured data is converted to unstructured text data to allow a schema-independent policy to be applied to the text data in order to detect a policy violation in the data repository regardless of the data schema used by the data repository.

242 Citations

18 Claims

1. A computer-implemented method, comprising:
- identifying, by a scan agent hosted by a computer system, a structure of data stored in a data repository having an arbitrary data schema when the arbitrary data schema of the data repository is unknown, wherein the arbitrary data schema of the data repository is derived from the identified structure;
  
  scanning the structured data of the data repository according to the derived data schema;
  
  converting the structured data into text data; and
  
  applying a schema-independent policy to the converted text data to detect confidential information stored in the data repository regardless of the arbitrary data schema of the structured data, wherein the schema-independent policy is a data loss prevention policy, and wherein a violation of the data loss prevention policy is triggered when the converted text data contains the confidential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein applying the data loss prevention policy comprises detecting confidential information that is otherwise hidden in the data repository due to the arbitrary data schema of the data repository.
  - 3. The method of claim 1, wherein deriving the arbitrary data schema comprises identifying the structured data as containing one of text, numbers, or binary data, and wherein converting the structured data comprises converting the text, numbers, or binary data into text data.
  - 4. The method of claim 1, wherein converting the structured data into text data further comprises:
    - analyzing the arbitrary data schema to determine logical units of data of the data repository;
      
      reading the structured data by the logical units of data; and
      
      generating a message containing the converted text data that is read from the data repository.
  - 5. The method of claim 1, wherein identifying the structure of the data stored in the data repository comprises:
    - querying the data repository to identify the structure of the data stored in the data repository.
  - 6. The method of claim 1, further comprising:
    - generating a message containing the converted text data that is read from the data repository; and
      
      sending the message to a detection engine to detect whether there is a policy violation in the message by applying the schema-independent policy to the converted text data of the message.
  - 7. The method of claim 6, further comprising receiving user input concerning the data repository, wherein the policy is applicable to the data repository.
  - 8. The method of claims 7, wherein receiving the user input comprises at least one of a connect string that includes information about how to connect to the data repository, credentials for the data repository, or vendor information for the data repository from the user.
  - 9. The method of claims 7, further comprising receiving a query from the user to query specific information from the data repository.
  - 10. The method of claim 1, wherein:
    - the data repository is a database;
      
      identifying the structure of the data stored in the data repository comprises;
      
      connecting to the database using a connect string;
      
      querying a set of table names of the database; and
      
      for each table, reading column names of table;
      
      deriving the arbitrary data schema of the data repository comprises;
      
      for each table, identifying each column in database as one of text, numbers, or binary data; and
      
      scanning the structured data of the data repository comprises;
      
      for each row in the table, reading all cells in that row.
  - 11. The method of claim 10, further comprising:
    - for each row in the table, constructing a text block containing the column names, text of cells that are in text, text representation of cells that are numbers;
      
      for each row in the table, creating a message containing the constructed text block and the binary data from each cell containing binary data, if any; and
      
      for each row in the table, sending the message to a detection engine that detects whether there is a policy violation in the message by applying the policy to the converted text data of the message.
  - 12. The method of claim 11, wherein creating the message further comprises converting the cell containing binary data into text data, and wherein the converted text data remains associated with the message.
  - 13. The method of claim 1, further comprising reporting the policy violation when detected, wherein reporting the policy violation comprises identifying a location of the structured data that triggered the policy violation.

14. An apparatus, comprising:
- a data repository having an arbitrary data schema; and
  
  a scan agent, coupled to the data repository, to;
  
  identify a structure of data stored in the data repository when the arbitrary data schema of the data repository is unknown, wherein the arbitrary data schema of the data repository is unknown, wherein the arbitrary data schema of the data repository is derived from the identified structure;
  
  scan the structured data of the data repository according to the derived data schema,convert the structured data into unstructured text data, andapply a schema-independent policy to the converted unstructured text data to detect confidential information stored in the data repository regardless of the arbitrary data schema of the structured data, wherein the schema-independent policy is a data loss prevention policy, and wherein a violation of the data loss prevention policy is triggered when the converted text data contains the confidential information.
- View Dependent Claims (15, 16)
- - 15. The apparatus of claim 14, wherein the scan agent is to convert the structured data by identifying the data as containing one of text, numbers, or binary data, and converting the text, numbers, or binary data into text data, and wherein the san agent is further to generate a message containing the converted text data and send the message to a detection engine to detect whether the message contains confidential data.
  - 16. The apparatus of claim 14, further comprising the detection engine, coupled to the scan agent, to apply a data loss prevention policy to the converted text data of the message to detect whether the message contains confidential information, wherein the data loss prevention policy is the schema-independent policy.

17. A non-transitory computer-readable storage medium having instructions stored thereon that when executed by a computer cause the computer to perform a method, comprising:
- identifying, by a scan agent hosted by a computer system, a structure of data stored in a data repository having an arbitrary data schema when the arbitrary data schema of the data repository is unknown, wherein the arbitrary data schema of the data repository is derived from the identified structure;
  
  scanning the structured data of the data repository according to the derived data schema;
  
  converting the structured data into text data; and
  
  applying a schema-independent policy to the converted text data to detect confidential information stored in the data repository regardless of the arbitrary data schema of the structured data, wherein the schema-independent policy is a data loss prevention policy, and wherein a violation of the data loss prevention policy is triggered when the converted text data contains the confidential information.
- View Dependent Claims (18)
- - 18. The non-transitory computer-readable storage medium of claim 17, wherein applying the data loss prevention policy comprises detecting confidential information that is otherwise hidden in the data repository due to the arbitrary data schema of the data repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Zoppas, Michel, O'Raghallaigh, Conal, Hermann, Jeremy, Bothwell, Eric, Fontana, Alexander
Primary Examiner(s)
Corrielus; Jean M

Application Number

US12/079,630
Time in Patent Office

1,229 Days
Field of Search

707/694, 707/783, 707/784, 707/785, 707/786, 726/1, 726/3, 726/14, 726/26, 726/35, 709/223, 709/230
US Class Current

707/694
CPC Class Codes

G06F 16/24565   Triggers; Constraints

G06F 21/10   Protecting distributed prog...

G06F 21/554   involving event detection a...

G06F 21/556   involving covert channels, ...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6209   to a single file or object,...

G06F 2221/2141   Access rights, e.g. capabil...

Method and apparatus for detecting policy violations in a data repository having an arbitrary data schema

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

242 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for detecting policy violations in a data repository having an arbitrary data schema

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

242 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others