Modelling network to assess security properties
First Claim
1. A method of using a data model of a network infrastructure comprising:
- making an alteration in the data model of a number of application services;
making a representation in the data model of one or more alterations in the network infrastructure, the data model comprising nodes to represent parts of the network infrastructure, and comprising links to represent how the nodes influence each other; and
automatically deriving from the data model changes in security properties of the network infrastructure resulting from the alteration;
determining the security properties of the altered data model of the application services; and
comparing the security properties of the application services before the alteration in the data model with the security properties after the alteration.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of assessing a network uses a model (450) having nodes (100, 110) to represent parts of the network infrastructure and the application services, and having links to represent how the nodes influence each other. Dependencies or effects of the application services are found by determining paths through the nodes and links of the model (530). Such assessment can be useful for design, test, operations, and diagnosis, and for assessment of which parts of the infrastructure are critical to given services, or which services are dependent on, or could have an effect on a given part of the infrastructure. The dependencies or effects can encompass reachability information. The use of a model having links and nodes can enable more efficient processing, to enable larger or richer models. What changes in the dependencies or effects result from a given change in the network can be determined (830).
-
Citations
25 Claims
-
1. A method of using a data model of a network infrastructure comprising:
- making an alteration in the data model of a number of application services;
making a representation in the data model of one or more alterations in the network infrastructure, the data model comprising nodes to represent parts of the network infrastructure, and comprising links to represent how the nodes influence each other; and
automatically deriving from the data model changes in security properties of the network infrastructure resulting from the alteration;
determining the security properties of the altered data model of the application services; and
comparing the security properties of the application services before the alteration in the data model with the security properties after the alteration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 25)
- making an alteration in the data model of a number of application services;
-
13. A method of using a data model of a network infrastructure and application services arranged to use the network infrastructure, the data model comprising nodes to represent parts of the network infrastructure and the application services, and links to represent how the nodes influence each other, comprising:
- finding paths through the nodes and links of the data model;
automatically deriving security properties of at least the application services from the determined paths;
deriving from the data model alterations in the network infrastructure which enable a given change in the security properties;
making an alteration in the data model of the application services;
determining the security properties of the altered data model of the application services; and
comparing the security properties of the application services before the alteration in the data model with the security properties after the alteration. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- finding paths through the nodes and links of the data model;
-
23. A database stored on a storage medium comprising:
- a model of at least a portion of a network, the model comprising;
nodes to represent parts of the network infrastructure and the application services, links to represent how the nodes influence each other, in which the model is arranged such that dependencies or effects of the application services can be determined from paths through the nodes and links of the model, and in which the model indicates changes in security properties of the network infrastructure resulting from an alteration in the network infrastructure, in which the storage medium stores;
data representing an alteration made to the model of the application services;
data representing security properties of the altered model of the application services; and
data representing a comparison between the security properties of the application services before the alteration in the model with the security properties before the alteration.
- a model of at least a portion of a network, the model comprising;
-
24. A method of using a data model of application services, the data model comprising nodes to represent a portion of the application services, and links to represent how the nodes influence each other, at least the links being represented by object oriented elements comprising:
-
determining paths through the nodes and links of the data model; deriving security properties of the application services from the paths; making an alteration in the data model of the application services; determining of the security properties of the altered data model of the application services; and comparing the security properties of the application services before the alteration in the data model with the security properties after the alteration.
-
Specification