US2008016547A1PendingUtilityA1

System and method for security planning with hard security constraints

47
Assignee: IBMPriority: Jul 11, 2006Filed: Jul 11, 2006Published: Jan 17, 2008
Est. expiryJul 11, 2026(expired)· nominal 20-yr term from priority
H04L 63/10H04L 63/20
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.

Claims

exact text as granted — not AI-modified
1 . A method for security planning with hard security constraints, comprising:
 receiving security-related requirements of a network to be developed using system inputs and processing components; and   generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.   
   
   
       2 . The method of  claim 1 , wherein the network is generated using a planning algorithm. 
   
   
       3 . The method of  claim 2 , wherein the planning algorithm receives a planning task in Planning Domain Definition Language (PDDL) or Stream Processing Planning Language (SPPL) format. 
   
   
       4 . The method of  claim 1 , wherein the hard security constraints are Bell-LaPadula constraints, Biba integrity constraints, Caernarvon model constraints or Role-based access control constraints. 
   
   
       5 . The method of  claim 1 , further comprising:
 receiving descriptions of the system inputs and processing components.   
   
   
       6 . The method of  claim 5 , wherein the descriptions are metadata. 
   
   
       7 . The method of  claim 1 , further comprising:
 deploying the network that satisfies hard security constraints in a real production system.   
   
   
       8 . The method of  claim 1 , wherein the network includes a downgrader. 
   
   
       9 . A method for security planning with access control policies, comprising:
 receiving descriptions of available external inputs and processing components;   receiving first security-related requirements of a first network to be developed using the available external inputs and processing components; and generating the first network according to the security-related requirements, wherein the first network satisfies access control policies.   
   
   
       10 . The method of  claim 9 , wherein generating the first network according to the security-related requirements comprises:
 assigning object and subject labels to system inputs and processing components in the first network; and   verifying access control policies for the system inputs and processing components in the first network.   
   
   
       11 . The method of  claim 9 , further comprising:
 receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and   generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.   
   
   
       12 . The method of  claim 11 , further comprising:
 deploying the first or second networks that satisfy the access control policies in a real production system.   
   
   
       13 . The method of  claim 11 , wherein the first or second networks that satisfy the access control policies are newly generated networks or modifications of existing networks. 
   
   
       14 . The method of  claim 9 , further comprising:
 translating privacy constraints into access control policies.   
   
   
       15 . A computer program product comprising a computer useable medium having computer program logic recorded thereon for security planning with hard security constraints, the computer program logic comprising:
 program code for receiving security-related requirements of a network to be developed using system inputs and processing components; and   program code for generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.   
   
   
       16 . The computer program product of  claim 15 , further comprising:
 program code for receiving descriptions of the system inputs and processing components.   
   
   
       17 . The computer program product of  claim 15 , further comprising:
 program code for deploying the network that satisfies hard security constraints in a real production system.   
   
   
       18 . A computer program product comprising a computer useable medium having computer program logic recorded thereon for security planning with access control policies, the computer program logic comprising:
 program code for receiving descriptions of available external inputs and processing components;   program code for receiving first security-related requirements of a first network to be developed using the available external inputs and processing components; and   program code for generating the first network according to the security-related requirements, wherein the first network satisfies access control policies.   
   
   
       19 . The computer program product of  claim 18 , further comprising:
 program code for receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and   program code for generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.   
   
   
       20 . The computer program product of  claim 19 , further comprising:
 program code for deploying the first or second networks that satisfy the access control policies in a real production system.   
   
   
       21 . The computer program product of  claim 18 , further comprising:
 program code for translating privacy constraints into access control policies.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.