Data system forensics system and method

US 8,931,048 B2
Filed: 08/24/2010
Issued: 01/06/2015
Est. Priority Date: 08/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for system security forensics in a system for allowing or denying a requester access to a protected asset comprising:

receiving a request to access a protected asset from a requester having a reputation;

making a decision whether to allow or to deny the requester access to the protected asset based upon the requester'"'"'s reputation;

creating access decision data related to the access decision;

assessing the access decision data to determine why the access decision was made;

determining that the requester'"'"'s reputation has changed, and if the decision is to deny the requester to access the protected asset based on the change in reputation, identifying other protected assets previously accessed by the requester;

identifying potential risks associated with the other protected assets previously accessed by the requester; and

determining whether there would be a violation of system security for the requester to access the other protected assets after the reputation change.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for creates, maintains and monitors individuals, organizations and artifacts relating to the same over time with respect to pedigree and reputation, security and reliability. One aspect of the present invention provides for a method and a system for collecting and maintaining historical party reputation data. Another aspect of the present invention provides for a method and a system for assessing an access decision to the historical party reputation data to a person after the person'"'"'s reputation has changed.

43 Citations

15 Claims

1. A method for system security forensics in a system for allowing or denying a requester access to a protected asset comprising:
- receiving a request to access a protected asset from a requester having a reputation;
  
  making a decision whether to allow or to deny the requester access to the protected asset based upon the requester'"'"'s reputation;
  
  creating access decision data related to the access decision;
  
  assessing the access decision data to determine why the access decision was made;
  
  determining that the requester'"'"'s reputation has changed, and if the decision is to deny the requester to access the protected asset based on the change in reputation, identifying other protected assets previously accessed by the requester;
  
  identifying potential risks associated with the other protected assets previously accessed by the requester; and
  
  determining whether there would be a violation of system security for the requester to access the other protected assets after the reputation change.
- View Dependent Claims (2, 3, 4)
- - 2. The method as defined in claim 1 further comprising assessing potential risk associated with the other protected assets being accessed by the requester after the requester'"'"'s reputation has changed.
  - 3. The method as defined in claim 1 further comprising determining other protected assets that, if accessed by the requester after the reputation change, would have been a violation.
  - 4. The method as defined in claim 3 further comprising assessing potential risk should there had been a violation.

5. A non-transitory computer-readable storage medium storing computer instructions, which, when executed, enables a computer system operating with a reputation modification and decision making system, a reputation analyzer, a protected asset analyzer, and a protected asset access decision data assessor for system security forensics in a system for to allow or deny a requester access to a protected asset in a computer environment having hardware, the computer-readable medium storing computer instructions for performing a method comprising:
- receiving a request to access a protected asset from a requester having a reputation;
  
  making a decision whether to allow or to deny the requester access to the protected asset based upon the requester'"'"'s reputation;
  
  creating access decision data related to the access decision;
  
  assessing the access decision data to determine why the access decision was made;
  
  determining that the requester'"'"'s reputation has changed, and if the decision is to deny the requester to access the protected asset based on the change in reputation, identifying other protected assets previously accessed by the requester;
  
  identifying potential risks associated with the other protected assets previously accessed by the requester; and
  
  determining whether there would be a violation of system security for the requester to access the other protected assets after the reputation change.
- View Dependent Claims (6, 7, 8)
- - 6. The non-transitory computer-readable storage medium as defined in claim 5 wherein the method further comprises assessing potential risk associated with the other protected assets accessed by the requester after the requester'"'"'s reputation has changed.
  - 7. The non-transitory computer-readable storage medium as defined in claim 5 wherein the method further comprises determining other protected assets that, if accessed after the reputation change, would have been a violation.
  - 8. The non-transitory computer-readable storage medium as defined in claim 7 wherein the method further comprises assessing potential risk should there had been a violation.

9. A method for deploying a reputation modification and decision making system having a reputation analyzer, a protected asset analyzer, and a protected asset access decision data assessor for system security forensics in a system for allowing or denying a requester access to a protected asset in a computer environment having hardware, for collecting and maintaining historical party reputation data and for assessing an access decision to the historical party reputation data to a person after the person'"'"'s reputation has changed, the method comprising a process comprising:
- receiving a request to access a protected asset from a requester having a reputation;
  
  making a decision whether to allow or to deny the requester access to the protected asset based upon the requester'"'"'s reputation;
  
  creating and storing access decision data related to the access decision;
  
  assessing the access decision data to determine why the access decision was made;
  
  determining that the requester'"'"'s reputation has changed, and if the decision is to deny the requester to access the protected asset based on the change in reputation, identifying other protected assets previously accessed by the requester;
  
  identifying potential risks associated with the other protected assets previously accessed by the requester; and
  
  determining whether there would be a violation of system security for the requester to access the other protected assets after the reputation change.
- View Dependent Claims (10, 11, 12)
- - 10. The method as defined in claim 9 wherein the process further comprises assessing potential risk associated with the other protected assets being accessed by the requester after the requester'"'"'s reputation has changed.
  - 11. The method as defined in claim 10 wherein the process further comprises determining other protected assets that, if accessed after the reputation change, would have been a violation.
  - 12. The method as defined in claim 11 wherein the process further comprises assessing potential risk should there had been a violation.

13. A reputation modification and decision making system comprising:
- at least one processing unit;
  
  a memory operably associated with the at least one processing unit;
  
  a reputation analyzer storable in the memory and executable by the at least one processing unit, the reputation analyzer configured to determine whether the reputation of a requester to access a protected asset has changed and to identify other protected assets previously accessed by the requester;
  
  a protected asset analyzer storable in the memory and executable by the at least one processing unit, the protected asset analyzer configured to analyze the access requirements of a requested protected asset;
  
  a risk assessor storable in the memory and executable by the at least one processing unit, the risk assessor configured to assess the risk of a requester to access a protected asset based upon the reputation of the requester and the access requirements of the requested protected asset;
  
  a protected asset access decision maker storable in the memory and executable by the at least one processing unit, the protected asset access decision maker configured to make a protected access decision based upon the risk assessment made by the risk assessor;
  
  a protected asset data creator storable in the memory and executable by the at least one processing unit, the protected asset data creator configured to, in response to the making of the protected access decision by the asset access decision maker, create access decision data related to the protected access decision; and
  
  a protected asset access decision data assessor storable in the memory and executable by the at least one processing unit, the protected asset access decision data assessor configured to assess the access decision data to determine why the protected access decision was made;
  
  wherein the risk assessor is further configured to identify potential risks associated with the other protected assets previously accessed by the requester, and determine whether there would be a violation of system security for the requester to access the other protected assets after the reputation change.
- View Dependent Claims (14, 15)
- - 14. The reputation modification and decision making system as defined in claim 13 further comprising a protected asset access decision data creator storable in the memory and executable by the at least one processing unit, the protected asset access decision data creator configured to create and store protected asset access decision data so that the access decision data may be analyzed to determine the logic as to the protected asset access decision.
  - 15. The reputation modification and decision making system as defined in claim 14 further comprising a protected asset access decision data assessor storable in the memory and executable by the at least one processing unit, the protected asset access decision data assessor configured to assess protected asset access decision data to determine the logic as to the protected asset access decision.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hom, Richard V., Roxin, David C.
Primary Examiner(s)
Eskandarnia, Arvin

Application Number

US12/862,030
Publication Number

US 20120054827A1
Time in Patent Office

1,596 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 67/1057   involving pre-assessment of...

Data system forensics system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Data system forensics system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links