System and method for security planning with hard security constraints

US 8,276,192 B2
Filed: 05/30/2008
Issued: 09/25/2012
Est. Priority Date: 07/11/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for security planning with access control policies, comprising:

receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function;

receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and

generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result,wherein to satisfy the access control policies, the following rules are adhered to;

(1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein generating the first network according to the security-related requirements further comprises;

verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.

13 Citations

View as Search Results

17 Claims

1. A method for security planning with access control policies, comprising:
- receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function;
  
  receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and
  
  generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result,wherein to satisfy the access control policies, the following rules are adhered to;
  
  (1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein generating the first network according to the security-related requirements further comprises;
  
  verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs.
- View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and
      
      generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.
  - 3. The method of claim 2, further comprising:
    - deploying the first or second networks that satisfy the access control policies in a real production system.
  - 4. The method of claim 2, wherein the first or second networks that satisfy the access control policies are newly generated networks or modifications of existing networks.
  - 5. The method of claim 1, further comprising:
    - translating privacy constraints into access control policies.
  - 11. The method of claim 1, wherein the first network is generated by an automated planner and is deployed without user review.
  - 12. The method of claim 1, wherein the first network is generated using a planning algorithm.
  - 13. The method of claim 12, wherein the planning algorithm receives a planning task in Planning Domain Definition Language (PDDL) or Stream Processing Planning Language (SPPL) format.
  - 14. The method of claim 1, wherein the descriptions of available external inputs and processing components comprise metadata.
  - 15. The method of claim 1, further comprising:
    - deploying the first network in a real production system.
  - 16. The method of claim 1, wherein the first network includes a downgrader.

6. A computer program product comprising computer program logic recorded on a non-transitory computer useable medium for security planning with access control policies, the computer program logic comprising:
- program code for receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function;
  
  program code for receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and
  
  program code for generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result,wherein to satisfy the access control policies, the following rules are adhered to;
  
  (1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein the program code for generating the first network according to the security-related requirements further comprises;
  
  program code for verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs.
- View Dependent Claims (7, 8, 9, 10, 17)
- - 7. The computer program product of claim 6, further comprising:
    - program code for receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and
      
      program code for generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.
  - 8. The computer program product of claim 7, further comprising:
    - program code for deploying the first or second networks that satisfy the access control policies in a real production system.
  - 9. The computer program product of claim 6, further comprising:
    - program code for translating privacy constraints into access control policies.
  - 10. The computer program product of claim 6, wherein the access control policies comprise Biba integrity constraints.
  - 17. The computer program product of claim 6, further comprising:
    - program code for deploying the first network that satisfies hard security constraints in a real production system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Anderson, Kay Schwendimann, Cheng, Pau-Chen, Grabarnik, Genady Ya., Karger, Paul Ashley, Lelarge, Marc, Liu, Zhen, Riabov, Anton Viktorovich, Rohatgi, Pankaj, Schuett, Angela Marie, Wagner, Grant
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US12/130,243
Publication Number

US 20090055890A1
Time in Patent Office

1,579 Days
Field of Search

726 1- 2, 726/29, 726/4
US Class Current

726/4
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/20 for managing network securi...

System and method for security planning with hard security constraints

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for security planning with hard security constraints

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links