Reputation based access control
First Claim
1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:
- identifying a requesting subject that is requesting access to a controlled resource;
retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource;
determining whether the requesting subject is a known security risk;
modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold;
modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk;
retrieving a policy of the requested controlled resource;
determining if the reputation of the requesting subject meets the policy of the requested controlled resource;
if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and
if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.
28 Citations
20 Claims
-
1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:
-
identifying a requesting subject that is requesting access to a controlled resource; retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource; determining whether the requesting subject is a known security risk; modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold; modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the requesting subject meets the policy of the requested controlled resource; if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable hardware storage device storing computer instructions, which, when executed, causes a computer system operating with a reputation based access control unit to provide reputation based access control, the computer-readable storage device storing computer instructions comprising:
-
identifying a requesting subject that is requesting access to a controlled resource; retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource; determining whether the requesting subject is a known security risk; modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold; modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the requesting subject meets the policy of the requested controlled resource; if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer system for providing reputation based access control, the system comprising:
-
a memory medium comprising instructions; a bus coupled to the memory medium; and a processor coupled to the bus that when executing the instructions causes the computer system to; identify a requesting subject that is requesting access to a controlled resource; retrieve a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource; determine whether the requesting subject is a known security risk; modify a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold; modify the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk; retrieve a policy of the requested controlled resource; determine if the reputation of the requesting subject meets the policy of the requested controlled resource; if the reputation of the requesting subject meets the policy of the requested controlled resource, allow the requesting subject access to the requested controlled resource; and if the reputation of the requesting subject does not meet the policy of the requested controlled resource, deny the requesting subject access to the requested controlled resource. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification