Systems and methods for modifying security based on reputation information

US 9,384,336 B1
Filed: 10/08/2012
Issued: 07/05/2016
Est. Priority Date: 10/08/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to assign a security policy, comprising:

detecting, by a processor, a plurality of components of a device;

determining, by the processor, an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category;

determining, by the processor, an overall reputation of the device based on the individual reputations, wherein determining an overall reputation comprises determining whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold;

upon satisfying at least one of the first or second threshold, adjusting, by the processor, the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components;

assigning, by the processor, a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information;

identifying, by the processor, a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information;

identifying, by the processor, a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information;

upon determining the restrictive security policy is assigned, restricting, by the processor, access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and

upon determining the non-restrictive security policy is assigned, allowing, by the processor, access to both the first and second components based on the non-restricted security policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method to assign a security policy is described. A plurality of components of a device are detected. An individual reputation for each of the plurality of components is determined. An overall reputation is determined based on the individual reputations. A security policy is assigned based at least in part on the overall reputation. In some cases, access to at least one component on the device is restricted according to the security policy.

Citations

12 Claims

1. A computer-implemented method to assign a security policy, comprising:
- detecting, by a processor, a plurality of components of a device;
  
  determining, by the processor, an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category;
  
  determining, by the processor, an overall reputation of the device based on the individual reputations, wherein determining an overall reputation comprises determining whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold;
  
  upon satisfying at least one of the first or second threshold, adjusting, by the processor, the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components;
  
  assigning, by the processor, a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information;
  
  identifying, by the processor, a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information;
  
  identifying, by the processor, a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information;
  
  upon determining the restrictive security policy is assigned, restricting, by the processor, access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and
  
  upon determining the non-restrictive security policy is assigned, allowing, by the processor, access to both the first and second components based on the non-restricted security policy.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the plurality of components comprise each of the components of the device.
  - 3. The method of claim 1, wherein the individual reputation is obtained from a cloud based reputation store.
  - 4. The method of claim 1, wherein determining an overall reputation comprises:
    - analyzing a distribution of categories; and
      
      determining whether the overall reputation of the device satisfies a threshold based on the distribution of categories.
  - 5. The method of claim 1, wherein restricting access comprises:
    - restricting at least one of firewall access and networking access.

6. A device configured to assign a security policy, comprising:
- a processor; and
  
  memory in electronic communication with the processor; and
  
  instructions stored in the memory, the instructions being executable by the processor to;
  
  detect a plurality of components of a device;
  
  determine an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category;
  
  determine an overall reputation of the device the individual reputations, wherein determining an overall reputation comprises instructions executable by the processor to determine whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold;
  
  upon satisfying at least one of the first or second threshold, adjust the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components;
  
  assign a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information;
  
  identify a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information;
  
  identify a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information;
  
  upon determining the restrictive security policy is assigned, restrict access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and
  
  upon determining the non-restrictive security policy is assigned, allow access to both the first and second components based on the non-restricted security policy.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The device of claim 6, wherein the plurality of components comprise each of the components of the device.
  - 8. The device of claim 6, wherein the individual reputation is obtained from a cloud based reputation store.
  - 9. The device of claim 6, wherein the instructions to determine an overall reputation are further executable by the processor to:
    - analyze a distribution of categories; and
      
      determine whether the overall reputation of the device satisfies a threshold based on the distribution of categories.
  - 10. The device of claim 6, wherein the instructions to restrict access are further executable by the processor to:
    - restrict at least one of firewall access and networking access.

11. A computer-program product to assign a security policy, the computer-program product comprising a non-transitory computer-readable medium having instructions thereon, the instructions being executable by a processor to:
- detect a plurality of components of a device;
  
  determine an individual reputation for each of the plurality of components, wherein each individual reputation is categorized based on two or more categories of trust, the two or more categories of trust including at least a suspicious category and an untrusted category;
  
  determine an overall reputation of the device the individual reputations, wherein determining an overall reputation comprises instructions executable by the processor to determine whether a tally of components categorized into the untrusted category satisfies a first threshold and determining whether a tally of components categorized into the suspicious category satisfies a second threshold;
  
  upon satisfying at least one of the first or second threshold, adjust the overall reputation of the device, wherein the overall reputation is downgraded if the tally of components categorized into the untrusted category includes at least one component, and wherein the overall reputation is downgraded if the tally of components categorized into the suspicious category includes multiple components;
  
  assign a security policy based at least in part on the overall reputation of the device, wherein the security policy assigned includes at least one of a restrictive security policy and a non-restrictive security policy, the restrictive security policy restricting access to components associated with sensitive information;
  
  identify a first component among the plurality of components having a high sensitivity level based on the first component comprising sensitive information;
  
  identify a second component among the plurality of components having a low sensitivity level based on the second component not comprising sensitive information;
  
  upon determining the restrictive security policy is assigned, restrict access to the first component on the device based on the high sensitivity level of the first component, while allowing access to the second component based on the low sensitivity level of the second component; and
  
  upon determining the non-restrictive security policy is assigned, allow access to both the first and second components based on the non-restricted security policy.
- View Dependent Claims (12)
- - 12. The computer-program product of claim 11, wherein the plurality of components comprise each of the components of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Ashley, Peter
Primary Examiner(s)
Powers, William

Application Number

US13/646,808
Time in Patent Office

1,366 Days
Field of Search

726/1, 726/22, 726/29
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/00   Network architectures or ne...

H04L 63/0263   Rule management

H04L 63/10   for controlling access to d...

Systems and methods for modifying security based on reputation information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for modifying security based on reputation information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links