×

Systems and methods for managing application security profiles

  • US 8,490,148 B2
  • Filed: 03/12/2007
  • Issued: 07/16/2013
  • Est. Priority Date: 03/12/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method for configuring one or more application security profiles for a device, each application security profile specifying a number of checks performing security functions related to an application, the method comprising:

  • (a) providing a configuration interface for configuring an application security profile to comprise a plurality of checks to perform on a stream of packets from a predetermined application to be received by a device, the predetermined application identified by a policy;

    (b) receiving, via the configuration interface, a first setting, the first setting specifying a first check of the application security profile, wherein the first check comprises actions related to a first security function;

    (c) receiving, via the configuration interface, a second setting, the second setting specifying a second check of the application security profile, wherein the second check comprises actions related to a second security function;

    (d) receiving, by the configuration interface, configuration of a policy by a user to configure a policy engine of the device, the policy specifying a rule comprising a first expression, the first expression comprising an object oriented expression that specifies a device defined data structure selected by the user from a plurality of device defined data structures to explicitly typecast application layer data within a packet into a predetermined device defined data type and evaluates an application layer portion of a payload of the packet in the stream of packets from the predetermined application to be received by the device, the application layer portion comprising HyperText Transfer Protocol (HTTP) content;

    (e) receiving, via the configuration interface, information identifying the application security profile to be processed based on an evaluation of the object oriented expression of the first expression of the rule to the payload of the packet in the stream of packets from the predetermined application to be received by the device; and

    (f) establishing, by the configuration interface for the device, the policy to execute the first check and the second check of the application security profile based on a result of the evaluation of the object oriented expression of the first expression of the rule identifying to execute the application security profile.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×