System and method for inferring access policies from access event records
First Claim
Patent Images
1. A method of establishing a policy for a secure transaction in a network system, the method comprising:
- selecting a log record from among a plurality of log records, the selected log record including log components indicating a transaction log of an attempt to access a protected resource of a network system via a gateway, the attempt reported by the gateway in the log record, the network system including a predefined table with a plurality of records, each record including a distinguished name and a corresponding descriptive name, each distinguished name comprising at least one of;
an Internet Protocol (IP) address and a port number of a respective network component, each descriptive name being user-defined to describe the respective network component to a user;
automatically translating one or more distinguished names in at least one of the log components of the selected log record to one or more corresponding descriptive names, respectively, by cross referencing using the predefined table each respective descriptive name from a corresponding distinguished name in the at least one log component;
establishing a policy attribute using the translated one or more descriptive names;
creating a respective policy for the gateway based on the established policy attribute, the policy for controlling access to the protected resource; and
presenting the policy which includes the translated one or more descriptive names for approval.
8 Assignments
0 Petitions
Accused Products
Abstract
A method of security gateway policy definition to quickly infer a new policy based on event data extracted and analyzed using business logic and workflow from a gateway event log or behavior log. The method includes reading the components of a log record, translating the components into acceptable policy attributes, creating a new policy based on those attributes, and presenting the new policy to a system administrator for editing and approval.
196 Citations
24 Claims
-
1. A method of establishing a policy for a secure transaction in a network system, the method comprising:
-
selecting a log record from among a plurality of log records, the selected log record including log components indicating a transaction log of an attempt to access a protected resource of a network system via a gateway, the attempt reported by the gateway in the log record, the network system including a predefined table with a plurality of records, each record including a distinguished name and a corresponding descriptive name, each distinguished name comprising at least one of;
an Internet Protocol (IP) address and a port number of a respective network component, each descriptive name being user-defined to describe the respective network component to a user;automatically translating one or more distinguished names in at least one of the log components of the selected log record to one or more corresponding descriptive names, respectively, by cross referencing using the predefined table each respective descriptive name from a corresponding distinguished name in the at least one log component; establishing a policy attribute using the translated one or more descriptive names; creating a respective policy for the gateway based on the established policy attribute, the policy for controlling access to the protected resource; and presenting the policy which includes the translated one or more descriptive names for approval. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of establishing a policy for a secure transaction in a network system, the network system including network components and a predefined table with a plurality of records, each record including a distinguished name and a corresponding descriptive name, each distinguished name comprising at least one of:
- an Internet Protocol (IP) address and a port number of a respective network component and each descriptive name being user defined to describe the respective network component to a user, the method comprising;
selecting a log record from among a plurality of log records, the selected log record including log components indicating a transaction log of an attempt to access a protected resource of a network system via a gateway, the attempt reported by the gateway in the log record; translating one or more distinguished names in at least one of the log components to one or more corresponding descriptive names, respectively, by cross referencing using the predefined table each respective descriptive name from a corresponding distinguished name in the at least one log component; establishing a log policy attribute using the translated one or more descriptive names; creating a respective policy for the gateway based on the established log policy attribute, the policy for controlling access to the protected resource; and presenting the policy which includes the translated one or more descriptive names for approval. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- an Internet Protocol (IP) address and a port number of a respective network component and each descriptive name being user defined to describe the respective network component to a user, the method comprising;
-
16. An administration device for establishing a policy for a secure transaction using stored log records of a network system, comprising:
-
an audit module for retrieving at least one respective log record of an attempt to access a protected resource of a network system via a gateway, the attempt reported by the gateway in the log record, the network system including a predefined table with a plurality of records, each record including a distinguished name and a corresponding descriptive name, each distinguished name comprising at least one of;
an Internet Protocol (IP) address and a port number of a respective network component, each descriptive name being user-defined to describe the respective network component to a user;a policy inference logic module for automatically translating one or more distinguished names in the retrieved log record to one or more corresponding descriptive names, respectively, by cross referencing using the predefined table each respective descriptive name from a corresponding distinguished name in the retrieved log record, establishing a policy attribute using the translated one or more descriptive names, and creating a policy for the gateway based on the retrieved log record and the established policy attribute, the policy for controlling access to the protected resource; and a policy module for presenting the created policy which includes the translated one or more descriptive names for approval and for communicating the approved policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer readable storage medium for storing program code to execute the method comprising:
-
selecting a log record from among a plurality of log records, the selected log record including log components indicating a transaction log of an attempt to access a protected resource of a network system via a gateway, the attempt reported by the gateway in the log record, the network system including a predefined table with a plurality of records, each record including a distinguished name and a corresponding descriptive name, each distinguished name comprising at least one of;
an Internet Protocol (IP) address and a port number of a respective network component, each descriptive name being user-defined to describe the respective network component to a user;automatically translating one or more distinguished names in at least one of the log components of the selected log record to one or more corresponding descriptive names, respectively, by cross referencing using the predefined table each respective descriptive name from a corresponding distinguished name in the at least one log component; establishing a policy attribute using the translated one or more descriptive names; creating a respective policy for the gateway based on the established policy attribute, the policy for controlling access to the protected resource; and presenting the policy which includes the translated one or more descriptive names for approval.
-
Specification