Security policy verification system

US 8,495,703 B2
Filed: 06/18/2009
Issued: 07/23/2013
Est. Priority Date: 06/18/2009
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide a security policy verification system, the providing comprising:

receiving an implementation of a first security policy, wherein the received implementation is one of a plurality of implementations of the first security policy, each implementation is different from the other implementations in terms of being in a different computer language, a different platform, or a different framework, and the first security policy is one of a plurality of security policies;

recognizing which implementation of the plurality of implementations of the first security policy was received, wherein the plurality of implementations are recognizable;

parsing programming language code of the implementation of the first security policy;

identifying a first annotation in the programming language code;

matching the first annotation to the first security policy to which the first annotation corresponds; and

displaying a natural language description of the first security policy in a user interface, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided that comprise a security policy verification system for verifying security policies. The system parses programming language code that implements security policies, and identifies annotations in the programming language code. The system then matches the annotations to the security policies to which the annotations correspond. The system then displays a natural language description of the security policy in a user interface.

Citations

18 Claims

1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide a security policy verification system, the providing comprising:
- receiving an implementation of a first security policy, wherein the received implementation is one of a plurality of implementations of the first security policy, each implementation is different from the other implementations in terms of being in a different computer language, a different platform, or a different framework, and the first security policy is one of a plurality of security policies;
  
  recognizing which implementation of the plurality of implementations of the first security policy was received, wherein the plurality of implementations are recognizable;
  
  parsing programming language code of the implementation of the first security policy;
  
  identifying a first annotation in the programming language code;
  
  matching the first annotation to the first security policy to which the first annotation corresponds; and
  
  displaying a natural language description of the first security policy in a user interface, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 16)
- - 2. The computer-readable medium of claim 1, wherein the first security policy is associated with one or more roles.
  - 3. The computer-readable medium of claim 1, wherein the first annotation is defined by a security policy reference implementation.
  - 4. The computer-readable medium of claim 1, further comprising:
    - displaying the programming language code at a request of a user.
  - 5. The computer-readable medium of claim 1, further comprising:
    - determining that a second security policy is not implemented; and
      
      displaying an indication in the user interface that the second security policy is not implemented for a first technology.
  - 6. The computer-readable medium of claim 5, wherein determining that the second security policy is not implemented comprises:
    - parsing a plurality of existing security policy implementations; and
      
      failing to identify a second annotation corresponding to the second security policy.
  - 7. The computer-readable medium of claim 1, further comprising displaying in the user interface all implemented security policies for a role.
  - 16. The computer-readable medium of claim 1, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role of an employee of an enterprise.

8. A computer-implemented method, performed by a processor, for providing a security policy verification system, comprising:
- receiving an implementation of a first security policy, wherein the received implementation is one of a plurality of implementations of the first security policy, each implementation is different from the other implementations in terms of being in a different computer language, a different platform, or a different framework, and the first security policy is one of a plurality of security policies;
  
  recognizing which implementation of the plurality of implementations of the first security policy was received, wherein the plurality of implementations are recognizable;
  
  parsing programming language code of the implementation of the first security policy;
  
  identifying, by the processor, a first annotation in the programming language code;
  
  matching, by the processor, the first annotation to the first security policy to which the first annotation corresponds; and
  
  displaying a natural language description of the first security policy in a user interface, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role.
- View Dependent Claims (9, 10, 11, 17)
- - 9. The method of claim 8, further comprising:
    - determining that a second security policy is not implemented; and
      
      displaying an indication in the user interface that the second security policy is not implemented.
  - 10. The method of claim 8, wherein determining that the second security policy is not implemented comprises:
    - parsing a plurality of existing security policy implementations; and
      
      failing to identify a second annotation corresponding to the second security policy.
  - 11. The method of claim 8, further comprising displaying in the user interface all implemented security policies for a role.
  - 17. The method of claim 8, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role of an employee of an enterprise.

12. A security policy verification system, comprising:
- a processor;
  
  a memory storing instructions coupled to the processor;
  
  a receiving module that receives an implementation of a first security policy, wherein the received implementation is one of a plurality of implementations of the first security policy, each implementation is different from the other implementations in terms of being in a different computer language, a different platform, or a different framework, and the first security policy is one of a plurality of security policies;
  
  a recognizing module that recognizes which implementation of the plurality of implementations of the first security policy was received, wherein the plurality of implementations are recognizable;
  
  a parser, executed by the processor, for parsing programming language code of the implementation of the first security policy and identifying a first annotation within the programming language code;
  
  a security policy module, executed by the processor, that matches the first annotation to the first security policy to which the first annotation corresponds; and
  
  a user interface that displays a natural language description of the first security policy implementation, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role.
- View Dependent Claims (13, 14, 15, 18)
- - 13. The security policy verification system of claim 12, further comprising:
    - a determining module that determines that a second security policy implementation is not implemented, andwherein the user interface displays an indication that the second security policy implementation is not implemented.
  - 14. The security policy verification system of claim 12, wherein determining that the second security policy implementation is not implemented comprises:
    - parsing a plurality of existing security policy implementations; and
      
      failing to identify a second annotation code corresponding to the second security policy implementation.
  - 15. The security policy verification system of claim 12, wherein the user interface displays all implemented security policy implementations for a role.
  - 18. The security policy verification system of claim 12, wherein the natural language description of the first security policy describes at least one access privilege that is assigned to at least one role of an employee of an enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
King, Nigel, Smith, Nigel David, Singh, Rajesh Chandra
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Getachew, Abiy

Application Number

US12/487,361
Publication Number

US 20100325569A1
Time in Patent Office

1,496 Days
Field of Search

715/711
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 8/75   Structural analysis for pro...

Security policy verification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security policy verification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links