Computing resource policy regime specification and verification

US 9,106,661 B1
Filed: 05/09/2014
Issued: 08/11/2015
Est. Priority Date: 04/11/2012
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an interface configured to;

receive a computing resource policy regime specification from a first user, wherein the computing resource policy regime specification is applicable to a set of one or more computing resources sharing at least a portion of a first domain name, wherein the first domain name comprises a domain designated as a higher trust domain, wherein the computing resource policy regime specification comprises a plurality of rules describing a set of requirements with which a given computing resource belonging to the set must comply, and wherein receiving the computing resource policy regime specification includes receiving a command to duplicate an existing policy specification and creating the policy regime specification as a copy of the existing policy specification;

a set of one or more processors configured to;

associate the received computing resource policy regime specification with a first computing resource, wherein the association is performed based at least in part on the first computing resource being accessible via a resource domain name that includes at least the portion of the first domain name; and

dispatch an assessment of compliance by the first computing resource with the associated received computing resource policy regime specification, wherein the assessment includes performing a set of one or more scans of the first computing resource for compliance with at least some of the requirements included in the set of requirements, and wherein at least one of the requirements included in the set of requirements pertains to a protocol used by the first computing resource; and

a memory coupled to the set of one or more processors and configured to provide the set of one or more processors with instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing resource policy regime specification is received from a first user. The computing policy regime specification comprises a plurality of rules. The received computing resource policy regime specification is associated with a computing resource. An assessment of compliance by the computing resource with the computing resource policy regime specification is dispatched.

93 Citations

View as Search Results

20 Claims

1. A system, comprising:
- an interface configured to;
  
  receive a computing resource policy regime specification from a first user, wherein the computing resource policy regime specification is applicable to a set of one or more computing resources sharing at least a portion of a first domain name, wherein the first domain name comprises a domain designated as a higher trust domain, wherein the computing resource policy regime specification comprises a plurality of rules describing a set of requirements with which a given computing resource belonging to the set must comply, and wherein receiving the computing resource policy regime specification includes receiving a command to duplicate an existing policy specification and creating the policy regime specification as a copy of the existing policy specification;
  
  a set of one or more processors configured to;
  
  associate the received computing resource policy regime specification with a first computing resource, wherein the association is performed based at least in part on the first computing resource being accessible via a resource domain name that includes at least the portion of the first domain name; and
  
  dispatch an assessment of compliance by the first computing resource with the associated received computing resource policy regime specification, wherein the assessment includes performing a set of one or more scans of the first computing resource for compliance with at least some of the requirements included in the set of requirements, and wherein at least one of the requirements included in the set of requirements pertains to a protocol used by the first computing resource; and
  
  a memory coupled to the set of one or more processors and configured to provide the set of one or more processors with instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1 wherein the existing policy specification includes a set of minimum security requirements and wherein any changes made by the first user to the copy of the existing policy specification are prevented from relaxing the set of minimum security requirements.
  - 3. The system of claim 1 wherein receiving the computing resource policy regime specification includes receiving an indication of a frequency with which at least a portion of the assessment should be performed.
  - 4. The system of claim 1 wherein the set of one or more processors is further configured to provide an estimated cost associated with performing at least a portion of the assessment.
  - 5. The system of claim 4 wherein the set of one or more processors is further configured to, in response to receiving a proposed modification to at least one of:
    - (1) the computing resource policy regime specification, and (2) a frequency with which at least one portion of the assessment is to be performed;
      
      provide an updated estimated cost associated with performing the at least a portion of the assessment.
  - 6. The system of claim 4 wherein the estimated cost is dynamically adjusted based at least in part on a surge pricing determination.
  - 7. The system of claim 1 wherein the set of one or more processors is further configured to indicate to the first user which portions of the assessment can optionally involve a human operator.
  - 8. The system of claim 1 wherein the set of one or more processors is configured to receive the computing resource policy regime specification at least in part by receiving information from the first user via the interface.
  - 9. The system of claim 8 wherein at least some of the information received from the first user comprises a selection, from a set of preexisting rules, of which rules should be enabled.
  - 10. The system of claim 8 wherein at least some of the information received from the first user comprises an indication, for at last one rule included in the computing resource policy regime specification, that a human operator should be involved in the assessment.
  - 11. The system of claim 1 wherein the set of one or more processors is further configured to deliver results.
  - 12. The system of claim 11 wherein the set of one or more processors is further configured to receive, from the first user, an indication of whether a result associated with the assessment should be verified.
  - 13. The system of claim 1 wherein the assessment is dispatched in accordance with a schedule specified by an administrator associated with the computing resource.

14. A method, comprising:
- receiving a computing resource policy regime specification from a first user, wherein the computing resource policy regime specification is applicable to a set of one or more computing resources sharing at least a portion of a first domain name, wherein the first domain name comprises a domain designated as a higher trust domain, wherein the computing resource policy regime specification comprises a plurality of rules describing a set of requirements with which a given computing resource belonging to the set must comply, and wherein receiving the computing resource policy regime specification includes receiving a command to duplicate an existing policy specification and creating the policy regime specification as a copy of the existing policy specification;
  
  associating the received computing resource policy regime specification with a first computing resource, wherein the association is performed based at least in part on the first computing resource being accessible via a resource domain name that includes at least the portion of the first domain name; and
  
  dispatching an assessment of compliance by the first computing resource with the associated received computing resource policy regime specification, wherein the assessment includes performing a set of one or more scans of the first computing resource for compliance with at least some of the requirements included in the set of requirements, and wherein at least one of the requirements included in the set of requirements pertains to a protocol used by the first computing resource.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14 wherein the existing policy specification includes a set of minimum security requirements and wherein any changes made by the first user to the copy of the existing policy specification are prevented from relaxing the set of minimum security requirements.
  - 16. The method of claim 14 wherein receiving the computing resource policy regime specification includes receiving an indication of a frequency with which at least a portion of the assessment should be performed.
  - 17. The method of claim 14 further comprising providing an estimated cost associated with performing at least a portion of the assessment.
  - 18. The method of claim 17 further comprising, in response to receiving a proposed modification to at least one of:
    - (1) the computing resource policy regime specification, and (2) a frequency with which at least one portion of the assessment is to be performed;
      
      providing an updated estimated cost associated with performing the at least a portion of the assessment.
  - 19. The system of claim 17 wherein the estimated cost is dynamically adjusted based at least in part on a surge pricing determination.

20. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
- receiving a computing resource policy regime specification from a first user, wherein the computing resource policy regime specification is applicable to a set of one or more computing resources sharing at least a portion of a first domain name, wherein the first domain name comprises a domain designated as a higher trust domain, wherein the computing resource policy regime specification comprises a plurality of rules describing a set of requirements with which a given computing resource belonging to the set must comply, and wherein receiving the computing resource policy regime specification includes receiving a command to duplicate an existing policy specification and creating the policy regime specification as a copy of the existing policy specification;
  
  associating the received computing resource policy regime specification with a first computing resource, wherein the association is performed based at least in part on the first computing resource being accessible via a resource domain name that includes at least the portion of the first domain name; and
  
  dispatching an assessment of compliance by the first computing resource with the associated received computing resource policy regime specification, wherein the assessment includes performing a set of one or more scans of the first computing resource for compliance with at least some of the requirements included in the set of requirements, and wherein at least one of the requirements included in the set of requirements pertains to a protocol used by the first computing resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Artemis Internet Inc.
Original Assignee
Artemis Internet Inc.
Inventors
Stamos, Alexander Charles
Primary Examiner(s)
Darrow, Justin T
Assistant Examiner(s)
Ho, Dao

Application Number

US14/274,668
Time in Patent Office

459 Days
Field of Search

726/13
US Class Current

1/1
CPC Class Codes

G06F 9/54   Interprogram communication

G06Q 30/0283   Price estimation or determi...

H04L 41/0893   Assignment of logical group...

H04L 41/5006   Creating or negotiating SLA...

H04L 41/5009   Determining service level p...

H04L 63/10   for controlling access to d...

Computing resource policy regime specification and verification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

93 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computing resource policy regime specification and verification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links