Methods and systems for securing a system in an adaptive computer environment

US 8,161,520 B1
Filed: 04/30/2004
Issued: 04/17/2012
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. An automated method for securing a target system, comprising:

detecting a request to change an entity in the target system, the target system having an existing security profile;

constructing a security configuration group associated with the entity, the security configuration group including security policy of the entity with associated constraints;

fusing the security configuration group with the existing security profile to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity; and

prosecuting the unified security profile onto the target system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated method for securing a target system is provided. In this method, a request to change an entity in the target system is detected. The target system has an existing security profile or one is created. As a result, a security configuration group associated with the changed entity is constructed. The security configuration group is then fused with the existing security profile to form a unified security profile, and the unified security profile is prosecuted onto the target system. Other methods and a system for securing the target system are also described.

16 Citations

View as Search Results

24 Claims

1. An automated method for securing a target system, comprising:
- detecting a request to change an entity in the target system, the target system having an existing security profile;
  
  constructing a security configuration group associated with the entity, the security configuration group including security policy of the entity with associated constraints;
  
  fusing the security configuration group with the existing security profile to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity; and
  
  prosecuting the unified security profile onto the target system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The automated method of claim 1, wherein constructing the security configuration group includesselecting a security configuration associated with the entity;
    - andadding the security configuration to the security configuration group,wherein the request to change the entity is a request to add the entity to the target system.
  - 3. The automated method of claim 1, wherein constructing the security configuration group includesremoving a security configuration associated with the entity from the security configuration group,wherein the request to change the entity is a request to remove the entity from the target system.
  - 4. The automated method of claim 1, wherein fusing the security configuration group with the existing security profile to form the unified security profile includeschecking for conflict amongst constraints between security configurations within the security configuration group and security configurations within the existing security profile;
    - upon encountering the conflict,generating a notification event when a conflicting constraint cannot be automatically resolved;
      
      terminating the formation of a unified security profile; and
      
      upon resolution of the conflict or upon encountering no conflict,merging the security configuration group and the existing security profile in compliance with the constraints to form the unified security profile.
  - 5. The automated method of claim 1, wherein prosecuting the unified security profile includesapplying a modification to the target system in accordance with the unified security profile.
  - 6. The automated method of claim 5, wherein the modification to the target system is defined as one or more of an installation of software, a removal of the software, a configuration of a feature, an enablement of the feature, a disablement of the feature, a configuration of a component, an enablement of the component, and a disablement of the component.
  - 7. The automated method of claim 5, wherein prosecuting the unified security profile includesundoing the modification applied to the target system.
  - 8. The automated method of claim 5, wherein prosecuting the unified security profile includesassessing whether the target system is configured and running in a state that complies with the unified security profile.
  - 9. The automated method of claim 1, wherein the security configuration group is comprised of one or more security configurations that are related.
  - 10. The automated method of claim 9, wherein each of the security configurations is an abstract grouping of elements that describe requirements of one of a hardware platform, a hardware component, and a software component.
  - 11. The automated method of claim 1, wherein the target system is defined by one or more of a Web server, an application server, an identity server, an authentication server, a directory server, a database server, a file server, a print server, a proxy server, a naming service server, a time server, a log server, a Solaris operating system, a Linux operating system, a Microsoft Windows operating system, an IBM Advanced Interactive eXecutive (AIX) operating system, a Hewlett-Packard-UX operating system, and a Silicon Graphics IRIX operating system.
  - 12. The automated method of claim 1, wherein the entity is a component of the target system.
  - 13. The automated method of claim 12, wherein the entity is defined by one or more of a software function, a software configuration, a hardware function, a hardware configuration, a device, a system of devices, an application program, a system of application programs, a system application, a system of system applications, an operating system, and a framework service.

14. A method for securing a target system, comprising:
- receiving a request to add an entity to the target system, the target system having an existing security profile;
  
  adding a security configuration associated with the entity to a security configuration group the security configuration associated with the entity including associated constraints;
  
  fusing the security configuration group with the existing security profile to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with the security policy of the entity; and
  
  prosecuting the unified security profile onto the target system.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - selecting the security configuration associated with the entity.
  - 16. The method of claim 15, wherein selecting the security configuration associated with the entity includesselecting the security configuration from a security configuration library, the security configuration library being populated with security configurations.
  - 17. The method of claim 16, wherein the security configuration library is a storage repository.
  - 18. The method of claim 14, wherein fusing the security configuration group with the existing security profile to form the unified security profile includeschecking for conflict amongst constraints between the security configuration within the security configuration group and security configurations within the existing security profile;
    - upon encountering the conflict,generating a notification event and terminating the formation of the unified security profile when the conflict cannot be automatically resolved; and
      
      upon resolution of the conflict or upon encountering no conflict,merging the security configuration group and the existing security profile in compliance with the constraints to form the unified security profile.

19. A method for securing a target system, comprising:
- receiving a request to remove an entity from the target system, the target system having an existing security configuration group within an existing security profile, the security configuration group including security policy of the entity with associated constraints;
  
  removing a security configuration associated with the entity from the existing security configuration group;
  
  fusing the existing security configuration group with the existing security profile to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity; and
  
  prosecuting the unified security profile onto the target system.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein fusing the existing security configuration group with the existing security profile to form the unified security profile includeschecking for conflict amongst constraints between security configurations within the existing security configuration group and security configurations within the existing security profile;
    - upon encountering the conflict,generating a notification event when a conflicting constraint cannot be automatically resolved;
      
      terminating the formation of a unified security profile; and
      
      upon resolution of the conflict or upon encountering no conflict,merging the existing security configuration group and the existing security profile in compliance with the constraints to form the unified security profile.

21. A system for securing a target system, comprising:
- a memory for storing an adaptive security program module; and
  
  a central processing unit for executing the adaptive security program module stored in the memory,the adaptive security program module including,logic for detecting a request to change an entity in the target system, the target system having an existing security profile;
  
  if the request is to add the entity to the target system, logic for adding a security configuration associated with the entity to a security configuration group;
  
  if the request is to remove the entity from the target system, logic for removing the security configuration associated with the entity from an existing security configuration group;
  
  logic for fusing the security configuration group with the existing security profile to form a unified security profile when the entity is added to the target system;
  
  logic for fusing the existing security configuration group with the existing security profile to form the unified security profile when the entity is removed from the target system; and
  
  logic for prosecuting the unified security profile onto the target system,wherein the detection of the request to change the entity, the fusion to form the unified security profile, and the prosecution of the unified security profile are automatic,wherein the security configuration including security policy of the entity with associated constraints and the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity.

22. An automated method for securing a target system, comprising:
- detecting a request to update the target system, the target system having an existing security profile;
  
  selecting an existing security configuration group associated with the existing security profile, the security configuration group including security policy of an entity with associated constraints;
  
  fusing the existing security configuration group with the existing security profile to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity; and
  
  prosecuting the unified security profile onto the target system.
- View Dependent Claims (23)
- - 23. The automated method of claim 22, wherein selecting the existing security configuration group associated with the existing security profile includesselecting a security configuration within the existing security configuration group from a security configuration library, the security configuration library being populated with updated security configurations.

24. An automated method for securing a target system, comprising:
- detecting a request to change an entity in the target system;
  
  constructing a security configuration group associated with the entity, the security configuration group including security policy of the entity with associated constraints;
  
  fusing the security configuration group to form a unified security profile, the fusing of the security configuration group including automatically resolving any conflict with constraints associated with security policy of the entity; and
  
  prosecuting the unified security profile onto the target system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Brunette, Glenn M., Walker, David
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Harriman, Dant Shaifer

Application Number

US10/837,063
Time in Patent Office

2,909 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/57   Certifying or maintaining t...

G06F 21/604   Tools and structures for ma...

Methods and systems for securing a system in an adaptive computer environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for securing a system in an adaptive computer environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links