[특허]Method for the automatic setting and updating of a security policy

Method for the automatic setting and updating of a security policy 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/14
출원번호	UP-0433532 (2003-05-01)
등록번호	US-7614085 (2009-11-16)
우선권정보	IL-149583(2002-05-09)
국제출원번호	PCT/IL03/000352 (2003-05-01)
§371/§102 date	20031120 (20031120)
국제공개번호	WO03/096168 (2003-11-20)
발명자 / 주소	Ben Itzhak, Yuval
출원인 / 주소	Protegrity Corporation
대리인 / 주소	Paul, Hastings, Janofsky & Walker LLP
인용정보	피인용 횟수 : 18 인용 특허 : 64

초록 ▼

The invention relates to a method for creating and/or updating a security policy within a computerized system protected by at least one security package, comprising: (a) Providing at least one trusted source within the system, capable of issuing a report detailing the structure and/or attributes of the system and/or security flaws within the system; (b) Periodically operating said at least one trusted source in order to periodically issue said report; (c) Importing each trusted source report into a security correcting unit, and forming one consolidated file containing the details from all said reports; (d) Importing into said security correcting unit the attributes files of all the security packages; (e) Separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and (f) Separately exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy.

대표청구항 ▼

The invention claimed is: 1. A method for the automatic update of a security policy enforced by at least one security package within a computerized system, comprising the steps of: a. Providing within the computerized system at least one trusted source, each capable of issuing a security report detailing at least one of: network protocol and its related attributes, application protocol and its related attributes application paths, application action, application action attributes, and application action flow, or security flaws within the computerized system; b. Periodically operating each of said at least one trusted source in order to issue a respective security report; c. Importing each respective security report into a security correcting unit, and forming one consolidated file comprising the details from each respective security report; d. Importing into said security correcting unit one or more attributes files of said at least one security package; e. Separately comparing the content of said consolidated file with the content of each of the imported attributes files, and updating each attributes file with security information included within said consolidated file; f. Separately exporting said updated attributes files and effecting each of them as the active attributes file or files of the corresponding security package; g. Using a predefined set of logical rules to decide which content from said consolidated file to effect and which to ignore; and h. Importing into said security correcting unit a second type report comprising application locations and paths that are defined by said security correcting unit as the only valid locations and paths for accessing an application, and said security correcting unit updating one or more relevant attribute files using the content of said second type report, thereby effecting an updated security policy. 2. A method according to claim 1, wherein: a. The step of importing each respective security source report further comprises the step of transforming each respective security report into a common format, and forming said consolidated file in said common format; b. The step of importing into said security correcting unit one or more attributes files of said at least one security package further comprises the step of transforming each attributes file into said common format; and c. The step of separately exporting each of said updated attributes files and effecting the same as the active attributes file or files of the corresponding security package further comprises the step of transforming said attributes file from a common format into a package specific format, prior to said exporting. 3. A method according to claim 1, wherein each respective security report comprises at least one attribute component. 4. A method according to claim 2 wherein each respective security report is arranged in the corresponding trusted source specific format. 5. A method according to claim 2 wherein each of said attributes files is arranged in the corresponding security package specific format. 6. A method according to claim 1, wherein each security package effects a security policy within its predefined range of responsibility, according to the content of its attributes file. 7. A method according to claim 1, wherein one of said at least one trusted source comprises a security scanner. 8. A method according to claim 3, wherein said attribute component is intended to eliminate a known flaw. 9. A method according to claim 3, wherein said attribute component is related to the current structure of the system, which when recorded within an updated attributes file enforces a security policy bounded to said structure, thereby rejecting activity deviated from said structure. 10. A computerized system for the automatic update of a security policy, the computerized system comprising one or more computers collectively comprising the following components: a. At least one security package enforcing a security policy within a predefined range of responsibility, said policy being defined by a specific, attributes file associated with each of said at least one security package; b. At least one trusted source capable of issuing a security report detailing at least one of: network protocol and its related attributes, application protocol and its related attributes, application paths, application action, application action attributes, and application action flow or security flaws within the system; c. A security correcting unit for: importing said report from each of said at least one trusted source, and producing a consolidated file including information from each said report; importing a second type report comprising application locations and paths that are defined by said security correcting unit as the only valid locations and paths for accessing an application, and updating one or more relevant attribute files using the content of said second type report, and importing the attributes file from each of said at least one security package, separately comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with security information included within said consolidated file, using a predefined set of logical rules to decide which content from said consolidated file to effect and which to ignore, and exporting said updated attributes files and effecting each of them as the active attributes file of the corresponding security package, thereby effecting an updated security policy. 11. A system according to claim 10 wherein the security correcting unit further comprises: At least one first importing modules for importing reports from each of said at least one trusted source; A consolidation module for receiving each of said reports and forming one consolidated file containing information included in said reports; At least one second importing modules for importing into the correcting unit from each security package its corresponding attributes file; A security policy creation module comprising a set of predefined logical decision rules for use while updating the attributes files, for comparing the content of said consolidated file with each of the imported attributes files, and updating each attributes file with the security information included within said consolidated file, information which is missing from the said attributes file, and is relevant to said attributes file; and At least one exporting module for exporting each updated attributes file into its corresponding security package, thereby effecting an updated security policy. 12. A system according to claim 11, further comprising at least one first transform modules for transforming each report from its trusted source specific format into a common format, at least one second transform modules for transforming each imported attributes security package from its package specific format into a common format, and at least one third transform modules for transforming each updated attributes file from a common format into its package specific format before its exportation into the corresponding package, and wherein the consolidated file is also arranged in said common format. 13. System according to claim 10, wherein one of the security packages comprises an Intrusion Detection System, whose set of signatures is stored within a file, said file being treated as the attributes file of a security package, and is therefore updated accordingly. 14. System according to claim 10, wherein one of the security packages comprises an application switch, whose set of attributes that is used for direction being stored within a file, said file being treated by the system as an attributes file of a security package, and is therefore updated accordingly. 15. System according to claim 10, wherein one of the security packages comprises an Application Layer Firewall, whose set of attributes that is used for denying actions or accesses within the application or allowing legal actions or accesses within the application is stored within a file, said file being treated by the system as an attributes file of a security package, and is therefore updated accordingly.

이 특허에 인용된 특허 (64)

Vu Hung T. (Ottawa CAX), Apparatus and method for providing a secure gateway for communication and data exchanges between networks.
상세보기
Banzhof,Carl E., Automated computer vulnerability resolution system.
상세보기
Abadi Martin (Palo Alto CA) Goldstein Andrew C. (Hudson MA) Lampson Butler W. (Cambridge MA), Compound principals in access control lists.
상세보기
Shostack Adam ; Allouch David,ILX, Computer security.
상세보기
Duxbury Paul (Sandbach GB2), Computer system security.
상세보기
Lu, Leonard L.; Hsing, Deh-phone K.; Cheng, Bo-Chao; Wu, Tsong-Ho, Content-aware application switch and methods thereof.
상세보기
Hirsch Thomas S. (Bedford MA) Bianchi Richard S. (Billerica MA) Perry Ron B. (Wilton NH) Buck Kenneth J. (Tyngsboro MA), Copy file mechanism for transferring files between a host system and an emulated file system.
상세보기
Bapat Subodh (Fort Lauderdale FL), Dynamic translation of network management primitives to queries to a database.
상세보기
Coley Christopher D. ; Wesinger ; Jr. Ralph E., Firewall system for protecting network elements connected to a public network.
상세보기
Botz Patrick Samuel ; Moskalik Thomas Michael ; Snyder Devon Daniel ; Woodbury Carol Jean, Generic user authentication for network computers.
상세보기
Nerlikar Virupax M. (Plano TX), Information management and security system.
상세보기
Hurst,Dennis Wayne; Barrall,Darrin Ray; Sima,Caleb Ikaki, Internet security analysis system and process.
상세보기
Flowers,John S.; Stracener,Thomas C., Interoperability of vulnerability and intrusion detection systems.
상세보기
Daniel M. Teal, Intrusion detection system and method having dynamically loaded signatures.
상세보기
Teal, Daniel M., Intrusion detection system and method having dynamically loaded signatures.
상세보기
Curtis Bryce Allen, Method and apparatus for creating a secure connection between a java applet and a web server.
상세보기
Abraham Dalen M. ; Barnes Todd A. ; Bouche Paul F. ; Bougetz Thomas P. ; Gosselin Tracy A. ; Grieve Mark G. ; Langdon Brent A. ; Allison Robert C. ; Nikkel Michael S., Method and apparatus for managing internetwork and intranetwork activity.
상세보기
Lang Gerald S. (812 Downs Dr. Silver Spring MD 20904), Method and apparatus for protecting material on storage media and for transferring material on storage media to various.
상세보기
Cerrone, David Francis; Czarnecki, David Anthony; Vivier, Barbara Jean, Method and apparatus for secure data file uploading.
상세보기
Raanan Gil,ILX ; Moran Tal,ILX ; Galant Yoron ; El-Hanani Yuval,ILX ; Reshef Eran, Method and system for extracting application protocol characteristics.
상세보기
Rechef Eran,ILX ; Raanan Gil,ILX ; Solan Eilon,ILX, Method and system for maintaining restricted operating environments for application programs or operating systems.
상세보기
Reshef Eran,ILX ; Raanan Gil,ILX ; Solan Eilon,ILX, Method and system for protecting operations of trusted internal networks.
상세보기
Hodges Vernon ; O'Donnell Shawn, Method and system for providing automated updating and upgrading of antivirus applications using a computer network.
상세보기
Green,Stuart D.; Brown,Scott G.; Crain,Jonathan M.; Van Myers,Jeffrey; Perry,Carl A.; Yax,Marcus L., Method for communication security and apparatus therefor.
상세보기
Gasser Morrie (Saugus MA) Goldstein Andrew C. (Hudson MA) Kaufman Charles W. (Northborough MA) Lampson Butler W. (Cambridge MA), Method for delegating authorization from one entity to another through the use of session encryption keys.
상세보기
Gasser Morrie (Saugus MA) Goldstein Andrew C. (Hudson MA) Kaufman Charles W. (Northborough MA), Method for performing group exclusion in hierarchical group structures.
상세보기
Bogrett, Steven W., Modular method and system for performing database queries.
상세보기
Nessett Danny M. ; Sherer William Paul, Multilayer firewall system.
상세보기
Bruno Richard Frank ; Katseff Howard Paul ; Markowitz Robert Edward ; Perea Carlos Alberto ; Robinson Bethany Scott ; Suresh Sethuraman ; Williams Hugh L., Network access to internet and stored multimedia services from a terminal supporting the H.320 protocol.
상세보기
Heinrich, Nicolas, Overall risk in a system.
상세보기
Thebaut Suzanne ; Scott Walter ; Rustici Eric ; Kaikini Prasan ; Lewis Lundy ; Malik Rajiv ; Sycamore Steve ; Dev Roger ; Ibe Oliver ; Aggarwal Ajay ; Wohlers Todd, Policy management and conflict resolution in computer networks.
상세보기
Grimm Robert ; Bershad Brian N., Process for transparently enforcing protection domains and access control as well as auditing operations in software components.
상세보기
Ross Jay B. (Pennington NJ), Protocol converter for a secure FAX transmission system.
상세보기
Autrey Kevin ; Gessel Robert J., Protocol interface gateway and method of connecting an emulator to a network.
상세보기
Mousseau Gary P. (Waterloo CAX) Lazaridis Mihal (Waterloo CAX) Little Herb A. (Waterloo CAX) Barnstijn Michael A. (Waterloo CAX), Remote control of gateway functions in a wireless data communication network.
상세보기
Jacobs Dwayne C. (Austin TX) Wangler James A. (Cedar Park TX), Remote password administration for a computer network among a plurality of nodes sending a password update message to al.
상세보기
Subramanian, Siva; Lavian, Tal I., Routing architecture including a compute plane configured for high-speed processing of packets to provide application layer support.
상세보기
Elgamal Taher (Palo Alto CA) Hickman Kipp E. B. (Los Altos CA), Secure socket layer application program apparatus and method.
상세보기
Golan Gilad,ILX, Security monitor.
상세보기
Lisa M. Lippert ; Joel M. Soderberg ; Saveen V. Reddy, Standard database queries within standard request-response protocols.
상세보기
Touboul Shlomo,ILX ; Gal Nachshon,ILX, System and method for attaching a downloadable security profile to a downloadable.
상세보기
Brown Ross M. ; Greenberg Richard G., System and method for controlling access to data entities in a computer network.
상세보기
Kimura Nobuko,JPX ; Onodera Takashi,JPX ; Yokoshi Noriyuki,JPX, System and method for converting communication protocols.
상세보기
Epstein, Jeremy; Thomas, Linda, System and method for increasing the resiliency of firewall systems.
상세보기
Moriconi Mark ; Qian Shelly, System and method for maintaining security in a distributed computer network.
상세보기
Touboul Shlomo,ILX, System and method for protecting a computer and a network from hostile downloadables.
상세보기
Deo Vinay (Redmond WA), System and method for protecting unauthorized access to data contents.
상세보기
Cohen, Gideon; Meiseles, Moshe; Reshef, Eran, System and method for risk detection and analysis in a computer network.
상세보기
Hericourt, Olivier, System and method to manage data to a plurality of proxy servers through a router by application level protocol and an authorized list.
상세보기
Booth, III, Earl Hardin; Lingafelt, Charles Steven; Nguyen, Phuong Thanh; Temoshenko, Leo; Wang, Xiaogang, System and method to monitor and determine if an active IPSec tunnel has become disabled.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., System and methods for secure transaction management and electronic rights protection.
상세보기
Schneck Paul B. ; Abrams Marshall D., System for controlling access and distribution of digital property.
상세보기
Reshef, Eran; El-Hanany, Yuval; Raanan, Gil; Tsarfati, Tom, System for determining web application vulnerabilities.
상세보기
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
상세보기
Schneider David S. ; Lipstone Laurence R. ; Jensen Daniel ; Ribet Michael B., Techniques for eliminating redundant access checking by access filters.
상세보기
Nakano Kazuo (Aichi JPX), Terminal control system.
상세보기
Beebe Todd ; Collier Mark D. ; Conyers Doug ; Hamlett Chris ; Faustino Stephen, Tightly integrated cooperative telecommunications firewall and scanner with distributed capabilities.
상세보기
Balasubramaniam,Chandrasekar; Kannan,Ravi; Revashetti,Siddaraya Basappa; Sampath,Srivats; Katchapalayam,Babu, Uniform resource locator (URL)-based secure download system and method.
상세보기
Okamoto Toshio,JPX ; Shimbo Atsushi,JPX ; Ishiyama Masahiro,JPX, User identification data management scheme for networking computer systems using wide area network.
상세보기
Ji Shuang (Foster City CA) Chen Eva (Cupertino CA), Virus detection and removal apparatus for computer networks.
상세보기
Rosenthal David S. H. (Palo Alto CA), X window security system.
상세보기

이 특허를 인용한 특허 (18)

Hudis, Efim; Helman, Yair; Malka, Joseph; Barash, Uri, Adaptive data collection for root-cause analysis and intrusion detection.
상세보기
Neystadt, John; Hudis, Efim; Helman, Yair; Faynburd, Alexandra, Automated collection of forensic evidence associated with a network security incident.
상세보기
Jain, Nitin; Bhalla, Amit; Singh, Anurag; Logandan, Aawardhan; Mukherjee, Sourav, Automated compliance policy enforcement in software systems.
상세보기
Neystadt, John; Hudis, Efim; Helman, Yair; Faynburd, Alexandra, Detecting compromised computers by correlating reputation data with web access logs.
상세보기
Chakraborty, Soumen, Device and method for performance improvement with plurality of subscriber identity module awareness.
상세보기
Hudis, Efim; Helman, Yair; Malka, Joseph; Barash, Uri, Endpoint enabled for enterprise security assessment sharing.
상세보기
Hudis, Efim; Helman, Yair; Malka, Joseph; Barash, Uri, Enterprise security assessment sharing.
상세보기
van Riel, Henri H.; Walsh, Daniel J.; Togami, Jr., Warren I., Merging mandatory access control (MAC) policies in a system with multiple execution containers.
상세보기
Groskop, Michael; Zisapel, Roy, Method and system for generating an enforceable security policy based on application sitemap.
상세보기
Rogers, Jr., Cleon L.; Logan, Glen T., Method of identifying and protecting the integrity of a set of source data.
상세보기
Lukas, Joshua; Ricard, Gary R.; Thompson, Timothy L., Network intrusion detection in a network that includes a distributed virtual switch fabric.
상세보기
Rao, Krishna K.; Visser, Evan Michael; Gaffney, Ian Lawrence; Breidenstein, Walter, Reactive scrubbing for upgrading product value, simplifying process operation and product handling.
상세보기
van Riel, Henri H.; Walsh, Daniel J.; Togami, Jr., Warren I., Reliably terminating processes in a system with confined execution environments.
상세보기
Wanser, Kelly; Antonopoulos, Andreas Markos, System and method for securing virtualized networks.
상세보기
Wanser, Kelly; Antonopoulos, Andreas Markos, System and method for securing virtualized networks.
상세보기
Wanser, Kelly; Antonopoulos, Andreas Markos, System and method for securing virtualized networks.
상세보기
Wanser, Kelly; Antonopoulos, Andreas Markso, System and method for securing virtualized networks.
상세보기
Wanser, Kelly; Antonopoulos, Andreas Markso, System and method for securing virtualized networks.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Method for the automatic setting and updating of a security policy 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (64)

이 특허를 인용한 특허 (18)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Method for the automatic setting and updating of a security policy 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (64)

이 특허를 인용한 특허 (18)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트