US2008016547A1PendingUtilityA1
System and method for security planning with hard security constraints
Est. expiryJul 11, 2026(expired)· nominal 20-yr term from priority
Inventors:Kay S. AndersonPau-Chen ChengGenady GrabarnikPaul A. KargerMarc LelargeZhen LiuAnton V. RiabovPankaj RohatgiAngela Marie SchuettGrant Wagner
H04L 63/10H04L 63/20
47
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.
Claims
exact text as granted — not AI-modified1 . A method for security planning with hard security constraints, comprising:
receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.
2 . The method of claim 1 , wherein the network is generated using a planning algorithm.
3 . The method of claim 2 , wherein the planning algorithm receives a planning task in Planning Domain Definition Language (PDDL) or Stream Processing Planning Language (SPPL) format.
4 . The method of claim 1 , wherein the hard security constraints are Bell-LaPadula constraints, Biba integrity constraints, Caernarvon model constraints or Role-based access control constraints.
5 . The method of claim 1 , further comprising:
receiving descriptions of the system inputs and processing components.
6 . The method of claim 5 , wherein the descriptions are metadata.
7 . The method of claim 1 , further comprising:
deploying the network that satisfies hard security constraints in a real production system.
8 . The method of claim 1 , wherein the network includes a downgrader.
9 . A method for security planning with access control policies, comprising:
receiving descriptions of available external inputs and processing components; receiving first security-related requirements of a first network to be developed using the available external inputs and processing components; and generating the first network according to the security-related requirements, wherein the first network satisfies access control policies.
10 . The method of claim 9 , wherein generating the first network according to the security-related requirements comprises:
assigning object and subject labels to system inputs and processing components in the first network; and verifying access control policies for the system inputs and processing components in the first network.
11 . The method of claim 9 , further comprising:
receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.
12 . The method of claim 11 , further comprising:
deploying the first or second networks that satisfy the access control policies in a real production system.
13 . The method of claim 11 , wherein the first or second networks that satisfy the access control policies are newly generated networks or modifications of existing networks.
14 . The method of claim 9 , further comprising:
translating privacy constraints into access control policies.
15 . A computer program product comprising a computer useable medium having computer program logic recorded thereon for security planning with hard security constraints, the computer program logic comprising:
program code for receiving security-related requirements of a network to be developed using system inputs and processing components; and program code for generating the network according to the security-related requirements, wherein the network satisfies hard security constraints.
16 . The computer program product of claim 15 , further comprising:
program code for receiving descriptions of the system inputs and processing components.
17 . The computer program product of claim 15 , further comprising:
program code for deploying the network that satisfies hard security constraints in a real production system.
18 . A computer program product comprising a computer useable medium having computer program logic recorded thereon for security planning with access control policies, the computer program logic comprising:
program code for receiving descriptions of available external inputs and processing components; program code for receiving first security-related requirements of a first network to be developed using the available external inputs and processing components; and program code for generating the first network according to the security-related requirements, wherein the first network satisfies access control policies.
19 . The computer program product of claim 18 , further comprising:
program code for receiving second security-related requirements of a second network to be developed using the available external inputs and processing components; and program code for generating the second network according to the second security-related requirements, wherein the second network satisfies the access control policies.
20 . The computer program product of claim 19 , further comprising:
program code for deploying the first or second networks that satisfy the access control policies in a real production system.
21 . The computer program product of claim 18 , further comprising:
program code for translating privacy constraints into access control policies.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.