System for supervising the security of an architecture

US 9,380,075 B2
Filed: 03/26/2013
Issued: 06/28/2016
Est. Priority Date: 03/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for supervising security of an architecture, the method comprising:

reception of a security event by a first security controller of a first cloud, said first cloud belonging to a plurality of interconnected clouds of the architecture, wherein each cloud of the plurality comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, wherein each security domain comprises a security controller that supervises the resources of the security domain, and a plurality of physical machines comprise resources of the plurality of interconnected clouds, wherein the respective security supervisors of the interconnected clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains,sending said security event to the security supervisor of the first cloud,sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and sending the security order by the second security controller to a second resource supervised by the second security controller,sending, by the security supervisor of the first cloud, information relating to the security event to the other security supervisors of the other interconnected clouds of the plurality of interconnected cloudsnegotiation of a second security order between the security supervisor of the first cloud and the other security supervisors, the negotiation being based on information relating to the security event and on the respective security policies of the other security supervisors, andsending by one of the other security supervisors of the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.

90 Citations

View as Search Results

4 Claims

1. A method for supervising security of an architecture, the method comprising:
- reception of a security event by a first security controller of a first cloud, said first cloud belonging to a plurality of interconnected clouds of the architecture, wherein each cloud of the plurality comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, wherein each security domain comprises a security controller that supervises the resources of the security domain, and a plurality of physical machines comprise resources of the plurality of interconnected clouds, wherein the respective security supervisors of the interconnected clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains,sending said security event to the security supervisor of the first cloud,sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and sending the security order by the second security controller to a second resource supervised by the second security controller,sending, by the security supervisor of the first cloud, information relating to the security event to the other security supervisors of the other interconnected clouds of the plurality of interconnected cloudsnegotiation of a second security order between the security supervisor of the first cloud and the other security supervisors, the negotiation being based on information relating to the security event and on the respective security policies of the other security supervisors, andsending by one of the other security supervisors of the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud.
- View Dependent Claims (2, 3)
- - 2. The supervision method as claimed in claim 1, comprising:
    - detection of an inconsistency between a knowledge database of the security supervisor, said knowledge database comprising all the security events sent by the security controllers of the first cloud and a rules database of the first cloud, said rules database comprising the rules of operation inside the first cloud.
  - 3. The supervision method as claimed in claim 1, wherein, the first resource included in the first security domain being associated with a first execution level, the method furthermore comprises:
    - selecting and sending a second security order by the first security controller of the first security domain to a fourth resource of the first security domain, the fourth resource being associated with a second execution level.

4. A system for supervising security of a computer architecture, the system comprising, for a first cloud belonging to a plurality of interconnected clouds of the architecture and for the other clouds of the plurality:
- a processing unit; and
  
  a non-transitory memory comprising code instructions stored thereon, which when executed by the processing unit configure the processing unit to;
  
  receive a security event by a first security controller of the first cloud of the plurality of clouds, wherein each cloud comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, each security domain comprises a security controller supervising the resources of the security domain, a plurality of physical machines comprising resources of the plurality of clouds, wherein the respective security supervisors of the clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains,sending by the first security controller of the first cloud said security event to the security supervisor of the first cloud,sending by the security supervisor of the first cloud a security order to at least a second security controller of the first cloud in reaction to the security event, andsending by the second security controller the security order to a second resource supervised by the second security controller,sending by the security supervisor of the first cloud, information relating to the security event to the security supervisors of the other clouds of the plurality of interconnected clouds,negotiating a second security order between the security supervisor of the first cloud and the security supervisors of the other clouds, the negotiation being based on information relating to the security event and on the respective security policies of the security supervisors, andsending by one of the security supervisors of the other clouds the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
He, Ruan, Lacoste, Marc, Wailly, Aurlien
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
JHAVERI, JAYESH M

Application Number

US14/389,191
Publication Number

US 20150089572A1
Time in Patent Office

1,190 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 9/40   Network security protocols

System for supervising the security of an architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

System for supervising the security of an architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links