System for supervising the security of an architecture
First Claim
1. A method for supervising security of an architecture, the method comprising:
- reception of a security event by a first security controller of a first cloud, said first cloud belonging to a plurality of interconnected clouds of the architecture, wherein each cloud of the plurality comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, wherein each security domain comprises a security controller that supervises the resources of the security domain, and a plurality of physical machines comprise resources of the plurality of interconnected clouds, wherein the respective security supervisors of the interconnected clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains,sending said security event to the security supervisor of the first cloud,sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and sending the security order by the second security controller to a second resource supervised by the second security controller,sending, by the security supervisor of the first cloud, information relating to the security event to the other security supervisors of the other interconnected clouds of the plurality of interconnected cloudsnegotiation of a second security order between the security supervisor of the first cloud and the other security supervisors, the negotiation being based on information relating to the security event and on the respective security policies of the other security supervisors, andsending by one of the other security supervisors of the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for supervising security of an architecture having a plurality of interconnected clouds. A cloud includes a plurality of resources and a security supervisor. The plurality of resources forms in the cloud a plurality of groups of resources associated respectively with a security domain. A security controller supervises the resources of the domain, and a plurality of physical machines contains the resources of the plurality of clouds. The method includes: receiving a security event by a security controller of a first cloud, originating from a first resource associated with a first security domain; dispatching said security event to the security supervisor of the first cloud; and dispatching by the security supervisor of the first cloud a security order in reaction to the security event to at least one second security controller of the first cloud and dispatching the security order by the second security controller to a second resource supervised by the second controller.
90 Citations
4 Claims
-
1. A method for supervising security of an architecture, the method comprising:
-
reception of a security event by a first security controller of a first cloud, said first cloud belonging to a plurality of interconnected clouds of the architecture, wherein each cloud of the plurality comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, wherein each security domain comprises a security controller that supervises the resources of the security domain, and a plurality of physical machines comprise resources of the plurality of interconnected clouds, wherein the respective security supervisors of the interconnected clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains, sending said security event to the security supervisor of the first cloud, sending a security order by the security supervisor of the first cloud to at least a second security controller of the first cloud in reaction to the security event, and sending the security order by the second security controller to a second resource supervised by the second security controller, sending, by the security supervisor of the first cloud, information relating to the security event to the other security supervisors of the other interconnected clouds of the plurality of interconnected clouds negotiation of a second security order between the security supervisor of the first cloud and the other security supervisors, the negotiation being based on information relating to the security event and on the respective security policies of the other security supervisors, and sending by one of the other security supervisors of the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud. - View Dependent Claims (2, 3)
-
-
4. A system for supervising security of a computer architecture, the system comprising, for a first cloud belonging to a plurality of interconnected clouds of the architecture and for the other clouds of the plurality:
-
a processing unit; and a non-transitory memory comprising code instructions stored thereon, which when executed by the processing unit configure the processing unit to; receive a security event by a first security controller of the first cloud of the plurality of clouds, wherein each cloud comprises a plurality of resources and a security supervisor, the plurality of resources forming a plurality of resource groups in the cloud that are respectively associated with a security domain, each security domain comprises a security controller supervising the resources of the security domain, a plurality of physical machines comprising resources of the plurality of clouds, wherein the respective security supervisors of the clouds comprise a set of security rules forming a security policy, and wherein said security event originates from a first of the resources associated with a first of the security domains, sending by the first security controller of the first cloud said security event to the security supervisor of the first cloud, sending by the security supervisor of the first cloud a security order to at least a second security controller of the first cloud in reaction to the security event, and sending by the second security controller the security order to a second resource supervised by the second security controller, sending by the security supervisor of the first cloud, information relating to the security event to the security supervisors of the other clouds of the plurality of interconnected clouds, negotiating a second security order between the security supervisor of the first cloud and the security supervisors of the other clouds, the negotiation being based on information relating to the security event and on the respective security policies of the security supervisors, and sending by one of the security supervisors of the other clouds the second security order to at least a third resource, the third resource being included in a cloud of the plurality of interconnected clouds, different from the first cloud.
-
Specification