Automated compliance policy enforcement in software systems

US 8,707,385 B2
Filed: 02/11/2008
Issued: 04/22/2014
Est. Priority Date: 02/11/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

collecting information from a plurality of components of a software system;

storing the collected information in a data repository;

parsing a compliance policy for the software system to determine a compliance test that includes a predefined database query for the data repository, wherein the database query produces a result which indicates whether the software system is in compliance with a configuration requirement for the software system;

determining whether the software system violates the compliance policy by performing the database query of the compliance test on the data repository;

in response to determining that the software system violates the compliance policy;

retrieving a change package for the compliance test; and

automatically deploying the change package to the software system to resolve the violation;

evaluating the software system using the compliance policy after automatically deploying the change package; and

clearing the violation in response to determining that the software system conforms to the compliance policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of the present invention provide a system that maintains a software system. During operation, the system obtains a compliance policy for the software system and monitors the software system for a violation of the compliance policy. If such a violation is detected, the system retrieves a change package associated with the violation based on the compliance policy and automatically deploys the change package to the software system to resolve the violation.

Citations

18 Claims

1. A method comprising:
- collecting information from a plurality of components of a software system;
  
  storing the collected information in a data repository;
  
  parsing a compliance policy for the software system to determine a compliance test that includes a predefined database query for the data repository, wherein the database query produces a result which indicates whether the software system is in compliance with a configuration requirement for the software system;
  
  determining whether the software system violates the compliance policy by performing the database query of the compliance test on the data repository;
  
  in response to determining that the software system violates the compliance policy;
  
  retrieving a change package for the compliance test; and
  
  automatically deploying the change package to the software system to resolve the violation;
  
  evaluating the software system using the compliance policy after automatically deploying the change package; and
  
  clearing the violation in response to determining that the software system conforms to the compliance policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the compliance policy is user-authored by an administrator of the software system.
  - 3. The method of claim 1, wherein the violation is associated with at least one of a password reset, a security attack, a port, a configuration file, a software patch, an application type, an application version, and a standard.
  - 4. The method of claim 1, wherein the software system comprises an enterprise solution.
  - 5. The method of claim 1, wherein the change package is user-specified by an administrator of the software system.
  - 6. The method of claim 1, wherein the compliance policy comprises an Extensible Markup Language (XML) document.

7. A system comprising:
- a change package repository comprising a set of change packages for the software system;
  
  a data repository configured to store information collected from a plurality of components of the software system; and
  
  a configuration framework configured to parse a compliance policy to determine a compliance test that includes a predefined database query, wherein the database query produces a result which indicates whether the software system is in compliance with a configuration requirement for the software system, and wherein the configuration framework comprises;
  
  a configuration engine configured to determine whether the software system violates the compliance policy by performing the database query of the compliance test on the data repository; and
  
  an enforcement engine configured to;
  
  retrieve a change package for the compliance test from the set of change packages using the compliance policy; and
  
  automatically deploy the change package to the software system to resolve the violation;
  
  wherein the configuration framework is further configured to evaluate the software system using the compliance policy after automatically deploying the change package, and to clear the violation.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, further comprising:
    - an agent process configured to;
      
      obtain information from the software system; and
      
      store the information in the data repository;
      
      wherein the stored information is used by the configuration framework to determine whether the software system violates the compliance policy.
  - 9. The system of claim 7, wherein the compliance policy is user-authored by an administrator of the software system, and wherein the change package is user-provided by the administrator of the software system.
  - 10. The system of claim 7, wherein the violation is associated with at least one of a password reset, a security attack, a port, a configuration file, a software patch, an application type, an application version, and a standard.
  - 11. The system of claim 7, wherein the software system comprises an enterprise solution.
  - 12. The system of claim 7, wherein the compliance policy comprises an Extensible Markup Language (XML) document.

13. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method comprising:
- collecting information from a plurality of components of a software system;
  
  storing the collected information in a data repository;
  
  parsing a compliance policy for the software system to determine a compliance test that includes a predefined database query for the data repository, wherein the database query produces a result which indicates whether the software system is in compliance with a configuration requirement for the software system;
  
  determining whether the software system violates the compliance policy by performing the database query of the compliance test on the data repository;
  
  in response to determining that the software system violates the compliance policy;
  
  retrieving a change package for the compliance test; and
  
  automatically deploying the change package to the software system to resolve the violation;
  
  evaluating the software system using the compliance policy after automatically deploying the change package; and
  
  clearing the violation in response to determining that the software system conforms to the compliance policy.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the compliance policy is user-authored by an administrator of the software system.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the violation is associated with at least one of a password reset, a security attack, a port, a configuration file, a software patch, an application type, an application version, and a standard.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the software system comprises an enterprise solution.
  - 17. The non-transitory computer-readable storage medium of claim 13, wherein the change package is user-provided by an administrator of the software system.
  - 18. The non-transitory computer-readable storage medium of claim 13, wherein the compliance policy comprises an Extensible Markup Language (XML) document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Jain, Nitin, Bhalla, Amit, Singh, Anurag, Logandan, Aawardhan, Mukherjee, Sourav
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US12/029,059
Publication Number

US 20090205012A1
Time in Patent Office

2,262 Days
Field of Search

726/1, 726/23, 726 24- 26, 705/37, 709/223, 717/178
US Class Current

726/1
CPC Class Codes

G06F 16/95 Retrieval from the web

G06F 21/577 Assessing vulnerabilities a...

Automated compliance policy enforcement in software systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automated compliance policy enforcement in software systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links