CN105683943B - 使用基于逻辑多维标签的策略模型的分布式网络安全 - Google Patents

使用基于逻辑多维标签的策略模型的分布式网络安全 Download PDF

Info

Publication number
CN105683943B
CN105683943B CN201480060318.7A CN201480060318A CN105683943B CN 105683943 B CN105683943 B CN 105683943B CN 201480060318 A CN201480060318 A CN 201480060318A CN 105683943 B CN105683943 B CN 105683943B
Authority
CN
China
Prior art keywords
managed
actors
server
managed server
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480060318.7A
Other languages
English (en)
Chinese (zh)
Other versions
CN105683943A (zh
Inventor
P·J·柯纳
D·R·库克
J·G·范德利
M·K·格伦
M·格普塔
A·S·鲁宾
J·B·斯科特
T·V·弗格塞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Illumio Inc
Original Assignee
Illumio Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/474,916 external-priority patent/US9882919B2/en
Application filed by Illumio Inc filed Critical Illumio Inc
Publication of CN105683943A publication Critical patent/CN105683943A/zh
Application granted granted Critical
Publication of CN105683943B publication Critical patent/CN105683943B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Multi Processors (AREA)
CN201480060318.7A 2013-11-04 2014-09-08 使用基于逻辑多维标签的策略模型的分布式网络安全 Active CN105683943B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201361899468P 2013-11-04 2013-11-04
US61/899,468 2013-11-04
US14/474,916 2014-09-02
US14/474,916 US9882919B2 (en) 2013-04-10 2014-09-02 Distributed network security using a logical multi-dimensional label-based policy model
PCT/US2014/054505 WO2015076904A2 (en) 2013-11-04 2014-09-08 Distributed network security using a logical multi-dimensional label-based policy model

Publications (2)

Publication Number Publication Date
CN105683943A CN105683943A (zh) 2016-06-15
CN105683943B true CN105683943B (zh) 2019-08-23

Family

ID=53180366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480060318.7A Active CN105683943B (zh) 2013-11-04 2014-09-08 使用基于逻辑多维标签的策略模型的分布式网络安全

Country Status (5)

Country Link
EP (1) EP3066581B1 (enExample)
JP (1) JP6491221B2 (enExample)
CN (1) CN105683943B (enExample)
TW (1) TWI526872B (enExample)
WO (1) WO2015076904A2 (enExample)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10608945B2 (en) 2016-02-27 2020-03-31 Illumio, Inc. Creating rules for labeled servers in a distributed network management system
TWI630488B (zh) * 2017-08-04 2018-07-21 中華電信股份有限公司 支援多樣性端對端網路隔離的虛擬私人網路服務供裝系統
US20210021471A1 (en) * 2019-07-15 2021-01-21 Microsoft Technology Licensing, Llc Techniques for managing virtual networks
US12111921B2 (en) * 2022-03-10 2024-10-08 Denso Corporation Incident response according to risk score
CN119254513B (zh) * 2024-10-16 2025-10-10 紫金山实验室 基于轻量化架构的拟态防御方法、系统、设备、介质和产品

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998054644A1 (en) * 1997-05-29 1998-12-03 3Com Corporation Multilayer firewall system
CN101411156A (zh) * 2004-05-12 2009-04-15 阿尔卡特朗讯 对网络入侵者的自动阻止
CN101595465A (zh) * 2007-01-26 2009-12-02 微软公司 系统管理策略的确认、发布和实施

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
EP1157524B1 (en) * 1999-03-03 2007-12-19 Ultradns, Inc. Scalable and efficient domain name resolution
GB2393607B (en) * 2001-06-27 2004-12-08 Arbor Networks Method and a system for monitoring control signal traffic over a computer network
US7849502B1 (en) * 2006-04-29 2010-12-07 Ironport Systems, Inc. Apparatus for monitoring network traffic
US8925101B2 (en) * 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US8813227B2 (en) * 2011-03-29 2014-08-19 Mcafee, Inc. System and method for below-operating system regulation and control of self-modifying code
WO2012160809A1 (en) * 2011-05-23 2012-11-29 Nec Corporation Communication system, control device, communication method, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998054644A1 (en) * 1997-05-29 1998-12-03 3Com Corporation Multilayer firewall system
CN101411156A (zh) * 2004-05-12 2009-04-15 阿尔卡特朗讯 对网络入侵者的自动阻止
CN101595465A (zh) * 2007-01-26 2009-12-02 微软公司 系统管理策略的确认、发布和实施

Also Published As

Publication number Publication date
TWI526872B (zh) 2016-03-21
TW201531880A (zh) 2015-08-16
JP6491221B2 (ja) 2019-03-27
CN105683943A (zh) 2016-06-15
EP3066581B1 (en) 2019-06-26
JP2017502620A (ja) 2017-01-19
EP3066581A4 (en) 2017-08-23
WO2015076904A2 (en) 2015-05-28
WO2015076904A3 (en) 2015-08-20
EP3066581A2 (en) 2016-09-14

Similar Documents

Publication Publication Date Title
US11503042B2 (en) Distributed network security using a logical multi-dimensional label-based policy model
US10819590B2 (en) End-to-end policy enforcement in the presence of a traffic midpoint device
US10212191B2 (en) Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model
US10693718B2 (en) Updating management instructions for bound services in a distributed network management system
CN105247508B (zh) 使用基于逻辑多维度标签的策略模型的分布式网络管理
CN105683943B (zh) 使用基于逻辑多维标签的策略模型的分布式网络安全

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant