Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for merging security policies

A security policy and security event technology, applied in the field of security systems, can solve the problems of complex security policy interaction, error-prone, time-consuming security policy, etc.

Inactive Publication Date: 2010-05-26
MICROSOFT TECH LICENSING LLC
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the combination of security policies can be time-consuming and error-prone since signatures can be very complex, and the interaction effects between different security policies can also be complex and subtle.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for merging security policies
  • Method and system for merging security policies
  • Method and system for merging security policies

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] A method and system for composing and enforcing security policies is provided. The collection of security policies to enforce represents the overall security policy of the organization. In one embodiment, a security policy with process set criteria and associated rules is provided to the security system. A process set criterion defines the properties of the process or application to which the associated rule applies. For example, a process set criterion can be a list of application names, or a regular expression defining matching application names. Other attributes of the application that can be used for process set criteria include the name of the directory containing the executable, the developer of the application (eg, Microsoft), registry entries associated with the application, and the like. If a process is executing an application that matches the process set criteria, the associated rule applies to that process. Each rule can have a rule type, condition and ac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method and system for combining and enforcing security policies is provided. The security system is provided with security policies that have process set criteria and associated rules. The securitysystem combines the security policies by generating a rule list of the security policies and associated process set criteria. The rules of the rule list are ordered based on rule type and action of the rule. When a new process is started to execute an application, the security system determines the process set criteria that are satisfied by the application. The security system then identifies therules of the rule list that are associated with the satisfied process set criteria. When a security enforcement event associated with the process occurs, the security system applies each of the rulesassociated with the process to the security enforcement event in an order specified by the rule list.

Description

technical field [0001] The described techniques generally relate to security systems that prevent malicious exploitation of vulnerabilities of software systems. Background technique [0002] Despite the Internet's great success in facilitating communication between computer systems and allowing electronic commerce, computer systems connected to the Internet are almost always attacked by hackers who attempt to disrupt their operation. Many attacks attempt to maliciously exploit the vulnerabilities of software systems, including applications or other computer programs executing on those computer systems. Developers of software systems, as well as administrators of computer systems in enterprises, expend considerable effort and expense to identify and remove vulnerabilities. However, due to the complexity of software systems, it is practically impossible to identify and remove all vulnerabilities before releasing a software system. After releasing a software system, developer...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F1/00G06F21/57G06F21/56
CPCG06F2221/2105G06F21/55G06F21/604G06F15/00G06F1/00
Inventor A·萨缪尔森M·A·艾丹诺夫
Owner MICROSOFT TECH LICENSING LLC