System and method for security planning with hard security constraints
First Claim
Patent Images
1. A method for security planning with access control policies, comprising:
- receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function;
receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and
generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result,wherein to satisfy the access control policies, the following rules are adhered to;
(1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein generating the first network according to the security-related requirements further comprises;
verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.
13 Citations
17 Claims
-
1. A method for security planning with access control policies, comprising:
-
receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function; receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result, wherein to satisfy the access control policies, the following rules are adhered to;
(1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein generating the first network according to the security-related requirements further comprises; verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs. - View Dependent Claims (2, 3, 4, 5, 11, 12, 13, 14, 15, 16)
-
-
6. A computer program product comprising computer program logic recorded on a non-transitory computer useable medium for security planning with access control policies, the computer program logic comprising:
-
program code for receiving descriptions of available external inputs and processing components, wherein a first processing component description identifies data receivable by the first processing component, a function the first processing component performs on the received data and data produced by the first processing component as a result of performing the function; program code for receiving first security-related requirements and a desired output result of a first network to be developed using the available external input and processing component descriptions; and program code for generating the first network according to the security-related requirements, wherein the first network satisfies access control policies and includes external inputs and processing components, wherein the processing components are configured such that the first network produces the desired output result, wherein to satisfy the access control policies, the following rules are adhered to;
(1) each processing component of the first network cannot accept any data that require an access class higher than the component'"'"'s access class and (2) each processing component of the first network must label all data it produces with a minimum access class equal to or higher than the component'"'"'s access class, yet after review of the operation of the processing components, at least one of the processing components is authorized to violate rule (2) and assign lower access classes to its data without incurring a security risk,wherein the program code for generating the first network according to the security-related requirements further comprises; program code for verifying access control policies for the external inputs and processing components in the first network, based on subject labels assigned to the processing components and object labels assigned to the external inputs. - View Dependent Claims (7, 8, 9, 10, 17)
-
Specification