Trusted public infrastructure grid cloud

US 9,626,526 B2
Filed: 04/30/2012
Issued: 04/18/2017
Est. Priority Date: 04/30/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor;

a memory having computer readable program code, the program code executable by the processor to cause the system to;

select a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element;

indicate a communication connection between a first component template of the plurality of component templates and a second component template of the plurality of component templates;

detect a first of a plurality of security levels specified for at least the first component template of the plurality of component templates;

in response to detection of the first security level, select from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels;

assign the first set of security policies to at least the first component template;

build a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection;

deploy components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies;

detect a second of the plurality of security levels specified for at least the first component template of the plurality of component templates;

in response to detection of the second security level and after authentication of a password, select from the plurality of security policies a second set of one or more security policies that satisfies a second set of one or more security attributes that corresponds to the second security level and lower levels of the plurality of security levels;

update at least the first component template of the plurality of component templates in accordance with the second set of security policies; and

modify the cloud computing application blueprint, wherein the program code executable by the processor to cause the system to modify the cloud computing application blueprint comprises program code executable by the processor to cause the system to update the deployment descriptors to indicate configuration in accordance with the second set of security policies for any of the components deployed based on the first or the second component templates.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.

11 Citations

View as Search Results

18 Claims

1. A system comprising:
- a processor;
  
  a memory having computer readable program code, the program code executable by the processor to cause the system to;
  
  select a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element;
  
  indicate a communication connection between a first component template of the plurality of component templates and a second component template of the plurality of component templates;
  
  detect a first of a plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the first security level, select from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels;
  
  assign the first set of security policies to at least the first component template;
  
  build a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection;
  
  deploy components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies;
  
  detect a second of the plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the second security level and after authentication of a password, select from the plurality of security policies a second set of one or more security policies that satisfies a second set of one or more security attributes that corresponds to the second security level and lower levels of the plurality of security levels;
  
  update at least the first component template of the plurality of component templates in accordance with the second set of security policies; and
  
  modify the cloud computing application blueprint, wherein the program code executable by the processor to cause the system to modify the cloud computing application blueprint comprises program code executable by the processor to cause the system to update the deployment descriptors to indicate configuration in accordance with the second set of security policies for any of the components deployed based on the first or the second component templates.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the second component template is not assigned a security policy.
  - 3. The system of claim 1, wherein the program code executable by the processor to cause the system to assign the first set of security policies to at least the first component template comprises program code executable by the process to cause the system to modify the first component template to comply with the first set of security policies.
  - 4. The system of claim 1, further comprising program code executable by the processor to cause the system to:
    - collect audit and reporting information regarding compliance with the first security policy; and
      
      generate a compliance report based, at least in part, on the collected audit and reporting information.
  - 5. The system of claim 1 further comprising program code executable by the processor cause the system to:
    - determine whether the second of the plurality of security levels requires components which are communicatively connected to the components based on the first component template to maintain at least a third of the plurality of security levels, wherein the third security level is less secure than the second security level;
      
      in response to a determination that the second security level requires components which are communicatively connected to the components based on the first component template to maintain at least the third security level, select from the plurality of security policies a third set of one or more security policies that satisfies a third set of one or more security attributes that corresponds to the third security level and lower levels of the plurality of security levels; and
      
      update the second component template in accordance with the third set of security policies;
      
      wherein the program code executable by the processor cause the system to modify the cloud computing application blueprint comprises program code executable by the processor cause the system to update the deployment descriptors to indicate configuration also in accordance with the third set of security policies for any of the components deployed based on the first or the second component templates.
  - 6. The system of claim 1, wherein the program code executable by the processor cause the system to deploy the components for the cloud computing application according to the deployment descriptors comprises program code executable by the processor cause the system to track a deployment location of the components.

7. A method comprising:
- selecting a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element;
  
  indicating a communication connection between at least a first component template of the plurality of component templates and a second component template of the plurality of component templates;
  
  detecting a first of a plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the first security level, selecting from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels;
  
  assigning the first set of security policies to at least the first component template;
  
  building a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection;
  
  deploying components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies;
  
  detecting a second of the plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the second security level and after authentication of a password, selecting from the plurality of security policies a second set of one or more security policies that satisfies a second set of one or more security attributes that corresponds to the second security level and lower levels of the plurality of security levels;
  
  updating at least the first component template of the plurality of component templates in accordance with the second set of security policies; and
  
  modifying the cloud computing application blueprint, wherein modifying the cloud computing application blueprint comprises updating the deployment descriptors to indicate configuration in accordance with the second set of security policies for any of the components deployed based on the first or the second component templates.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the second component template is not assigned a security policy.
  - 9. The method of claim 7, wherein assigning the first set of security policies to at least the first component template comprises modifying the first component template to comply with the first set security policies.
  - 10. The method of claim 7, further comprising:
    - collecting audit and reporting information regarding compliance with the first set of security policies; and
      
      generating compliance reports based, at least in part, on the collected audit and reporting information.
  - 11. The method of claim 7 further comprising:
    - determining that the second of the plurality of security levels requires components which are communicatively connected to the components based on the first component template to maintain at least a third of the plurality of security levels, wherein the third security level is less secure than the second security level;
      
      in response to determining that the second security level requires components which are communicatively connected to the components based on the first component template to maintain at least the third security level, select from the plurality of security policies a third set of one or more security policies that satisfies a third set of one or more security attributes that corresponds to the third security level and lower levels of the plurality of security levels; and
      
      updating the second component template in accordance with the third set of security policies;
      
      wherein modifying the cloud computing application blueprint comprises updating the deployment descriptors to indicate configuration also in accordance with the third set of security policies for any of the components deployed based on the first or the second component templates.
  - 12. The method of claim 7, wherein deploying the components for the cloud computing application according to the deployment descriptors comprises tracking a deployment location of the components.
  - 13. The method of claim 7 further comprising:
    - in response to detection of the second security level, requesting a password;
      
      wherein selecting from the plurality of security policies the second set of security policies is in response to successful authentication of the password.

14. A computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer program code comprising program code to;
  
  select a plurality of component templates from a cloud computing component catalog, wherein the plurality of component templates represent at least one virtual machine and at least one network element;
  
  indicate a communication connection between at least a first component template of the plurality of component templates and a second component template of the plurality of component templates;
  
  detect a first of a plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the first security level, select from a plurality of security policies a first set of one or more security policies that satisfies a first set of one or more security attributes that corresponds to the first security level and lower levels of the plurality of security levels;
  
  assign the first set of security policies to at least the first component template;
  
  build a cloud computing application blueprint comprising the plurality of component templates, the first set of security policies, and deployment descriptors expressed in a markup language that indicate configuration of components deployed based on the plurality of component templates including configuration according to the first set of security policies for any of the components deployed based on the first or the second component templates and that indicate configuration of connections between those of the components deployed based on the first and the second component templates according to the communication connection;
  
  deploy components for the cloud computing application according to the deployment descriptors along with an agent program code to ensure any of the components based on the first component template, any of the components based on the second component template, and connections therebetween comply with the first set of security policies;
  
  detect a second of the plurality of security levels specified for at least the first component template of the plurality of component templates;
  
  in response to detection of the second security level and after authentication of a password, select from the plurality of security policies a second set of one or more security policies that satisfies a second set of one or more security attributes that corresponds to the second security level and lower levels of the plurality of security levels;
  
  update at least the first component template of the plurality of component templates in accordance with the second set of security policies; and
  
  modify the cloud computing application blueprint, wherein modifying the cloud computing application blueprint comprises updating the deployment descriptors to indicate configuration in accordance with the second set of security policies for any of the components deployed based on the first or the second component templates.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer program product of claim 14, wherein the program code to assign the first set of security policies to at least the first component template comprises program code to modify the first component template to comply with the first set of security policies.
  - 16. The computer program product of claim 14 further comprising program code to:
    - collect audit and reporting information regarding compliance with the first set of security policies; and
      
      generate compliance reports based, at least in part, on the collected audit and reporting information.
  - 17. The computer program product of claim 14 further comprising program code to:
    - determine whether the second of the plurality of security levels requires components which are communicatively connected to the components based on the first component template to maintain at least a third of the plurality of security levels, wherein the third security level is less secure than the second security level;
      
      in response to a determination that the second security level requires components which are communicatively connected to the components based on the first component template to maintain at least the third security level, select from the plurality of security policies a third set of one or more security policies that satisfies a third set of one or more security attributes that corresponds to the third security level and lower levels of the plurality of security levels; and
      
      update the second component template in accordance with the third set of security policies;
      
      wherein the program code to modify the cloud computing application blueprint comprises program code to update the deployment descriptors to indicate configuration also in accordance with the third set of security policies for any of the components deployed based on the first or the second component templates.
  - 18. The computer program product of claim 14, wherein the program code to deploy the components for the cloud computing application according to the deployment descriptors comprises program code to track a deployment location of the components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Hadar, Eitan, Kletskin, Michael, Barak, Nir, Jerbi, Amir, Bezalel, Yaacov
Primary Examiner(s)
Desrosiers, Evans

Application Number

US13/459,593
Publication Number

US 20130291052A1
Time in Patent Office

1,814 Days
Field of Search

709217, 709206, 709225, 709229, 709249, 709389, 726 1- 8, 713168-174, 713182-186, 713202
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Trusted public infrastructure grid cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted public infrastructure grid cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links