Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance
In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) i...
Saved in:
| Main Authors | , , , |
|---|---|
| Format | Patent |
| Language | English |
| Published |
26.01.2016
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d). |
|---|---|
| AbstractList | In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d). |
| Author | PARK YOUNGJA CHARI SURESH N MOLLOY IAN M TEIKEN WILFRIED |
| Author_xml | – fullname: MOLLOY IAN M – fullname: CHARI SURESH N – fullname: PARK YOUNGJA – fullname: TEIKEN WILFRIED |
| BookMark | eNqNjDsOwjAQBV1Awe8OewGaEJDSgkD0hDqyzCZZKd41_ggFibuToByA6k3xZpZqxsK4UJ8STcv0TBigFg8ejbChjrgBh95SCCQMKegG4UWxhYAmeYo9OOnI9D9rQnGRLL11HBXND7DCFMWPsSEbiZOkMKB1HWk2uFbzWncBN9OuFFzO5em6RScVBqcNMsbqfiuy_FDk-2O2--PyBVDiS7o |
| ContentType | Patent |
| DBID | EVB |
| DatabaseName | esp@cenet |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: EVB name: esp@cenet url: http://worldwide.espacenet.com/singleLineSearch?locale=en_EP sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Medicine Chemistry Sciences Physics |
| ExternalDocumentID | US9246945B2 |
| GroupedDBID | EVB |
| ID | FETCH-epo_espacenet_US9246945B23 |
| IEDL.DBID | EVB |
| IngestDate | Fri Jul 19 11:46:13 EDT 2024 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-epo_espacenet_US9246945B23 |
| Notes | Application Number: US201313904350 |
| OpenAccessLink | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20160126&DB=EPODOC&CC=US&NR=9246945B2 |
| ParticipantIDs | epo_espacenet_US9246945B2 |
| PublicationCentury | 2000 |
| PublicationDate | 20160126 |
| PublicationDateYYYYMMDD | 2016-01-26 |
| PublicationDate_xml | – month: 01 year: 2016 text: 20160126 day: 26 |
| PublicationDecade | 2010 |
| PublicationYear | 2016 |
| RelatedCompanies | INTERNATIONAL BUSINESS MACHINES CORPORATION |
| RelatedCompanies_xml | – name: INTERNATIONAL BUSINESS MACHINES CORPORATION |
| Score | 3.010306 |
| Snippet | In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which... |
| SourceID | epo |
| SourceType | Open Access Repository |
| SubjectTerms | CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| Title | Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance |
| URI | https://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20160126&DB=EPODOC&locale=&CC=US&NR=9246945B2 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1La4NAEB5C-ry1aUvSF3so3qTG6BYPUogmhEIeNEnJLaxmBQ9ZpSo99b93ZmvSXlq8yIoLuzqzM7Pf9y3AQ8J7iSU2limE45pOFHPTe5KJKaM4soXY2JZLbOTxhI-WzsvKXTUg3XFhtE7ohxZHRIuK0d5L7a_znyJWqLGVxWOUYlP2PFz4oVFnx11ML2xuhH1_MJuG08AIAn85NyavPqYZ3HPcPnrrA4qiSWZ_8NYnUkr-e0UZnsHhDDtT5Tk0pGrBSbA7eK0Fx-N6v7sFRxqgGRfYWBthcQGfi53uasEw5GQ6p41T4pWznLAtBGxVrCLIGKM6KyvqQ-pYrlWA9Vv1bYYuY1tzMZlQG7bVRk7VPkYw9lRVWVWwb-Q5_SGXwIaDRTAycUTr_eytl_P92HtX0FSZkm1gmJtKm0uM_wRJ8CWeZYteN3YFXhLjhg50_uzm-p9nN3BKn4GKFDa_hWb5Xsk7XLbL6F5P-BeH0qIA |
| link.rule.ids | 230,309,786,891,25594,76906 |
| linkProvider | European Patent Office |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV1LT4NAEJ409VFvWjXW5x4MNyKlQNMDMSm0qdpXLDW9NQssCYcCEYgn_7szK61eNFzIEjbZhZmdmf2-bwHuI6sTaTzUVM4NUzX8wFJ7XRGpwg98nfNQ10xiI0-m1mhpPK_MVQ3iLRdG6oR-SHFEtKgA7b2Q_jr7KWK5EluZP_gxNqWPQ892lSo7bmN6oVuK27cH85k7cxTHsZcLZfpqY5ph9Qyzj956r0vivBQ5vfWJlJL9XlGGx7A_x86S4gRqImlCw9kevNaEw0m1392EAwnQDHJsrIwwP4VPb6u7mjMMOZnMaYOYeOUsI2wLAVsTVhJkjFGdleXVIXUskyrA8q3qNkWXsam4mIwnIdtII6dqHyMYe5yUaZmzb-Q5_SFnwIYDzxmpOKL1bvbWy8Vu7J1zqCdpIi6AYW4qdEtg_MdJgi_qaTrvtAOT4yUwbmhB689uLv95dgeNkTcZr8dP05crOKJPQgUL3bqGevFeihtcwgv_Vk7-F0WapO0 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=Techniques+for+reconciling+permission+usage+with+security+policy+for+policy+optimization+and+monitoring+continuous+compliance&rft.inventor=MOLLOY+IAN+M&rft.inventor=CHARI+SURESH+N&rft.inventor=PARK+YOUNGJA&rft.inventor=TEIKEN+WILFRIED&rft.date=2016-01-26&rft.externalDBID=B2&rft.externalDocID=US9246945B2 |