×

Distributed network security using a logical multi-dimensional label-based policy model

  • US 9,882,919 B2
  • Filed: 09/02/2014
  • Issued: 01/30/2018
  • Est. Priority Date: 04/10/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method of quarantining a bad actor within an administrative domain, the method comprising:

  • storing cached actor-sets, each of the cached actor sets specifying a group of actors present in the administrative domain;

    storing a plurality of rules applicable to a particular managed server, each of the rules specifying a provider of a service, a user of the service, and a function controlling interactions between the provider and the user of the service, wherein each of the rules specifies at least one of the provider of the service and the user of the service as a set of managed servers using a label set, wherein a label of the label set represents a dimension of the managed servers and a value of the dimension;

    storing in association with a given rule of the plurality of rules, relevant actor-sets comprising a subset of the cached actor-sets that each include at least one of the provider specified in the given rule and the user specified in the given rule;

    receiving an instruction to quarantine the bad actor;

    updating the cached actor-sets to indicate a change in state of the bad actor to a quarantined state;

    identifying a changed actor-set in the relevant actor-sets for the given rule, wherein the changed actor-set was updated based on the change in state of the bad actor to the quarantined state;

    responsive to identifying the changed actor-set,sending, to the particular managed server, information describing the changed actor-set and an instruction to add, remove, or modify the changed actor-set in a local list stored by the particular managed server.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×