Auditing Authorization Decisions

US 20080066146A1
Filed: 09/08/2006
Published: 03/13/2008
Est. Priority Date: 09/08/2006
Status: Active Grant

First Claim

Patent Images

1. A system implementing a security authorization paradigm comprising an access control scheme and an auditing scheme;

wherein the access control scheme includes a semantic framework comprising assertions and authorization queries; and

wherein the auditing scheme includes an audit policy that is coupled to the semantic framework of the access control scheme such that the audit policy is specified using at least a portion of the semantic framework.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The auditing of authorization decisions is facilitated by integrating or coupling an audit policy to access control decisions. In an example implementation, an audit policy of an auditing scheme is coupled to a semantic framework of an access control scheme such that the audit policy is specified using at least a portion of the semantic framework. In another example implementation, audit policy rules include audit content rules that specify what audit information from any of the inputs, the outputs, or the internal data of authorization decisions is to be included in an audit record. In yet another example implementation, a semantic of an audit trigger rule comports with a semantic framework of an access request and of a logical evaluation for an authorization decision.

36 Citations

View as Search Results

20 Claims

1. A system implementing a security authorization paradigm comprising an access control scheme and an auditing scheme;
- wherein the access control scheme includes a semantic framework comprising assertions and authorization queries; and
  
  wherein the auditing scheme includes an audit policy that is coupled to the semantic framework of the access control scheme such that the audit policy is specified using at least a portion of the semantic framework.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as recited in claim 1, wherein the audit policy comprises audit policy rules including audit trigger rules that specify when auditing is triggered utilizing the semantic framework of the access control scheme.
  - 3. The system as recited in claim 2, wherein the audit trigger rules generate auditing responsive to at least one of:
    - an authorization decision result, a targeted resource, a requested action, or an operation on a resource.
  - 4. The system as recited in claim 2, wherein the audit policy rules further include audit content rules that specify what information relating to an authorization decision is audited utilizing the semantic framework of the access control scheme.
  - 5. The system as recited in claim 4, wherein the audit content rules record audit information based on at least one of:
    - one or more token assertions, one or more policy assertions, a requested authorization decision, or logical deduction data.
  - 6. The system as recited in claim 1, wherein the semantic framework is at least partially defined by the assertions comprising token assertions and policy assertions, by the authorization queries being respectively associated with resource-specific operations that respectively correspond to access requests, and by an evaluation algorithm that attempts to satisfy a given authorization query in conjunction with an assertion context having token assertions that are authenticated and policy assertions that are related to a given access request.

7. A device implementing an auditing scheme that is integrated with an access control scheme, the access control scheme making authorization decisions in response to access requests for resources, the authorization decisions including inputs, outputs, and internal data;
- wherein the auditing scheme includes an audit policy that comprises audit policy rules, the audit policy rules including audit content rules that specify what audit information from any of the inputs, the outputs, or the internal data is to be included in an audit record.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The device as recited in claim 7, wherein the audit content rules utilize a semantic framework that is utilized by the access control scheme for making the authorization decisions.
  - 9. The device as recited in claim 7, wherein the audit content rules specify inputs to the authorization decisions in terms of logical assertions.
  - 10. The device as recited in claim 9, wherein the audit content rules specify internal data of the authorization decisions in terms of logical deductions derived from the logical assertions.
  - 11. The device as recited in claim 7, wherein the audit content rules specify logical deduction data used or produced during evaluation algorithms of authorization decisions.
  - 12. The device as recited in claim 11, wherein the logical deduction data comprises a proof graph indicating a logical chain of deductions that occur within the evaluation algorithm.
  - 13. The device as recited in claim 7, wherein the audit policy rules further include audit trigger rules that specify when an audit record is to be generated and added to an audit log.
  - 14. The device as recited in claim 13, wherein the audit trigger rules specify that an audit record is to be generated and added to the audit log responsive to access requests involving at least one of the following output and inputs:
    - a particular authorization decision result, a particular targeted resource, a particular requested action, or a particular operation on a particular resource.

15. A method comprising:
- specifying at least one audit trigger rule that indicates when an audit record is to be generated;
  
  receiving an access request targeting a particular resource;
  
  performing, in response to the access request, a logical evaluation of an authorization query in conjunction with an assertion context to make an authorization decision about the particular resource;
  
  detecting if the at least one audit trigger rule matches the access request or the logical evaluation; and
  
  if the at least one audit trigger rule is detected to match, generating an audit record;
  
  wherein a semantic of the at least one audit trigger rule comports with a semantic framework of the access request including the particular resource and the logical evaluation including both the authorization query and the assertion context.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method as recited in claim 15, wherein the specifying comprises at least one of:
    - specifying an authorization decision result;
      
      specifying a targeted resource;
      
      specifying a requested action;
      
      orspecifying an operation on a resource.
  - 17. The method as recited in claim 15, further comprising:
    - specifying at least one audit content rule that indicates what audit information is to be included as part of an audit record;
      
      wherein the generating comprises generating the audit record based on the at least one audit content rule; and
      
      wherein a semantic of the at least one audit content rule comports with the semantic framework of the access request including the particular resource and the logical evaluation including both the authorization query and the assertion context.
  - 18. The method as recited in claim 17, wherein the specifying at least one audit content rule comprises at least one of:
    - specifying token assertions that are provided with the access request;
      
      specifying policy assertions that are input to the logical evaluation from an authorization and trust policy;
      
      specifying a requested authorization decision that includes the access request or the authorization query;
      
      orspecifying logical deduction data produced by the logical evaluation.
  - 19. The method as recited in claim 17, wherein the particular resource can be specified by the at least one audit trigger rule or the at least one audit content rule using a resource naming mechanism that is identical to the resource naming mechanism utilized by both the authorization query and one or more assertions of the assertion context.
  - 20. The method as recited in claim 15, wherein:
    - the performing comprises developing a logical chain of deductions starting from assertions of the assertion context and leading to the authorization query;
      
      the method further comprises producing a proof graph having nodes representing assertions and directed edges representing logical deduction links of the logical chain of deductions; and
      
      the audit record includes the proof graph.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dillaway, Blair B.

Granted Patent

US 7,814,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2101 Auditing as a secondary aspect

Auditing Authorization Decisions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Auditing Authorization Decisions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links