System, method, and computer program product for securing data on a server based on a heuristic analysis

US 8,281,405 B1
Filed: 06/13/2007
Issued: 10/02/2012
Est. Priority Date: 06/13/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

recording information associated with attempts to access data on a server, wherein the attempts are provided remotely over a network to which the server is coupled;

heuristically analyzing the information associated with the attempts in order to identify a pattern associated with data leakage; and

securing the data on the server for a predefined period of time based on the pattern, wherein an action to secure the data is determined based on a type of access attempted, such that different actions are associated with different types of access attempts, and wherein at least one of the different actions includes securing an access control list (ACL) based on a number of modifications to the ACL, and wherein the data is accessible using an identification file that comprises a private key that can be associated with a public key for accessing the data on the server.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for securing data on a server based on a heuristic analysis. In use, information associated with attempts to access data on a server is recorded. Additionally, the information is heuristically analyzed. Further, the data is secured on the server based on the heuristic analysis.

22 Citations

View as Search Results

21 Claims

1. A method, comprising:
- recording information associated with attempts to access data on a server, wherein the attempts are provided remotely over a network to which the server is coupled;
  
  heuristically analyzing the information associated with the attempts in order to identify a pattern associated with data leakage; and
  
  securing the data on the server for a predefined period of time based on the pattern, wherein an action to secure the data is determined based on a type of access attempted, such that different actions are associated with different types of access attempts, and wherein at least one of the different actions includes securing an access control list (ACL) based on a number of modifications to the ACL, and wherein the data is accessible using an identification file that comprises a private key that can be associated with a public key for accessing the data on the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the data includes an electronic mail message.
  - 3. The method of claim 1, wherein the data is particular to a user.
  - 4. The method of claim 1, wherein the data includes an access control list.
  - 5. The method of claim 1, wherein the at least one source identifies at least one computer.
  - 6. The method of claim 1, wherein the information describes an attempt to modify the data.
  - 7. The method of claim 1, wherein the modifications of the access control list include modifying permissions in the access control list.
  - 8. The method of claim 1, wherein the attempts to access the data include a first user attempting to access data particular to a second user.
  - 9. The method of claim 8, wherein the first user attempts to access data particular to the second user utilizing identification data associated with the second user.
  - 10. The method of claim 9, wherein the identification data includes the identification file.
  - 11. The method of claim 1, wherein the attempts to access the data include an attempt by a first user and an attempt by a second user to access the same data simultaneously.
  - 12. The method of claim 1, wherein heuristically analyzing the information includes determining whether the information is suspicious.
  - 13. The method of claim 12, wherein the information is suspicious if the information indicates that access to the data has been attempted a threshold number of times.
  - 14. The method of claim 12, wherein the data is secured on the server if it is determined that the information is suspicious.
  - 15. The method of claim 1, wherein securing the data includes preventing access to the data and sending notifications.
  - 16. The method of claim 1, wherein heuristically analyzing the data includes determining that a database previously only accessed utilizing identification data stored on a first computer associated with a first user is subsequently accessed utilizing the identification data as stored on a second computer associated with a second user, and securing the data based on the heuristic analysis includes securing the database in response to the determination.
  - 17. The method of claim 1, wherein the action includes communicating an alert if the type of the access attempted includes at least one of reading the data and opening the data, and wherein the action includes preventing the access attempted if the type of the access attempted includes at least one of modifying the data, transmitting the data, and deleting the data.
  - 18. The method of claim 1, wherein the type of access includes at least one of reading the data, opening the data, modifying the data, transmitting the data, deleting the data, simultaneous access to the data, access by a first user using identification of a second user, a predetermined number of modifications to the data, and modifications to a specific portion of the data.

19. A computer program product embodied on a non-transitory computer readable medium for:
- recording information associated with attempts to access data on a server, wherein the attempts are provided remotely over a network to which the server is coupled;
  
  heuristically analyzing the information associated with the attempts in order to identify a pattern associated with data leakage; and
  
  securing the data on the server for a predefined period of time based on the pattern, wherein an action to secure the data is determined based on a type of access attempted, such that different actions are associated with different types of access attempts, and wherein at least one of the different actions includes securing an access control list (ACL) based on a number of modifications to the ACL, and wherein the data is accessible using an identification file that comprises a private key that can be associated with a public key for accessing the data on the server.

20. A system, comprising:
- a processor, wherein the system is configured for;
  
  recording information associated with attempts to access data on a server,heuristically analyze the information associated with the attempts in order to identify a pattern associated with data leakage;
  
  securing the data on the server for a predefined period of time based on the pattern, wherein an action to secure the data is determined based on a type of access attempted, such that different actions are associated with different types of access attempts, and wherein at least one of the different actions includes securing an access control list (ACL) based on a number of modifications to the ACL, and wherein the data is accessible using an identification file that comprises a private key that can be associated with a public key for accessing the data on the server.
- View Dependent Claims (21)
- - 21. The system of claim 20, further comprising memory coupled to the processor via a bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gaddala, Satish Kumar
Primary Examiner(s)
McNally, Michael S

Application Number

US11/762,545
Time in Patent Office

1,938 Days
Field of Search

726/26
US Class Current

726/26
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

System, method, and computer program product for securing data on a server based on a heuristic analysis

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and computer program product for securing data on a server based on a heuristic analysis

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links