SE547710C2 - A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules - Google Patents

A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules

Info

Publication number
SE547710C2
SE547710C2 SE2450283A SE2450283A SE547710C2 SE 547710 C2 SE547710 C2 SE 547710C2 SE 2450283 A SE2450283 A SE 2450283A SE 2450283 A SE2450283 A SE 2450283A SE 547710 C2 SE547710 C2 SE 547710C2
Authority
SE
Sweden
Prior art keywords
access control
model
control rules
adapting
profiling service
Prior art date
Application number
SE2450283A
Other versions
SE2450283A1 (en
Inventor
Christian Gehrmann
Konrad Eriksson
Original Assignee
Bifrost Security Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bifrost Security Ab filed Critical Bifrost Security Ab
Priority to SE2450283A priority Critical patent/SE547710C2/en
Priority to PCT/EP2024/087204 priority patent/WO2025190530A1/en
Publication of SE2450283A1 publication Critical patent/SE2450283A1/en
Publication of SE547710C2 publication Critical patent/SE547710C2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Stacking Of Articles And Auxiliary Devices (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method for adapting a model to be used in a profiling service is disclosed, the model being configured to output a set of starting access control rules for an access control profile used by the profiling service for defining rules for operational access for a container, the method comprising: receiving a plurality of access control profiles of a plurality of containers and corresponding container build information for the containers; receiving data pertaining to a set of access control rules for the respective access control profiles; arranging the model by providing as inputs the plurality of access control profiles and the container build information; and arranging the model by providing as target outputs the set of access control rules for the respective access control profiles; the model being configured to, in response to receiving a container build information for the container, output the set of starting access control rules.
SE2450283A 2024-03-12 2024-03-12 A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules SE547710C2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
SE2450283A SE547710C2 (en) 2024-03-12 2024-03-12 A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules
PCT/EP2024/087204 WO2025190530A1 (en) 2024-03-12 2024-12-18 A method for adapting a model to be used in a profiling service, a method for determining a set of access control rules, a profiling device, a computer program product, and a cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE2450283A SE547710C2 (en) 2024-03-12 2024-03-12 A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules

Publications (2)

Publication Number Publication Date
SE2450283A1 SE2450283A1 (en) 2025-09-13
SE547710C2 true SE547710C2 (en) 2025-11-11

Family

ID=94129884

Family Applications (1)

Application Number Title Priority Date Filing Date
SE2450283A SE547710C2 (en) 2024-03-12 2024-03-12 A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules

Country Status (2)

Country Link
SE (1) SE547710C2 (en)
WO (1) WO2025190530A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200117817A1 (en) * 2018-10-16 2020-04-16 Accenture Global Solutions Limited Utilizing heuristic and machine learning models to generate a mandatory access control policy for an application
WO2021242160A1 (en) * 2020-05-29 2021-12-02 Christian Gehrmann Generation of container protection profiles
CN114003344A (en) * 2021-11-02 2022-02-01 长沙极光安联信息技术有限公司 Docker-oriented automatic generation method and system for mandatory access control security policy

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534147B (en) * 2016-11-29 2019-08-27 北京元心科技有限公司 Method and device for selecting and applying SELinux security policy in multi-system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200117817A1 (en) * 2018-10-16 2020-04-16 Accenture Global Solutions Limited Utilizing heuristic and machine learning models to generate a mandatory access control policy for an application
WO2021242160A1 (en) * 2020-05-29 2021-12-02 Christian Gehrmann Generation of container protection profiles
CN114003344A (en) * 2021-11-02 2022-02-01 长沙极光安联信息技术有限公司 Docker-oriented automatic generation method and system for mandatory access control security policy

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Huang Chenlin, Wang Keming, Li Yun, Li Jiajian, Liao Qing, 'ASPGen-D: Automatically Generating Fine-grained Apparmor Policies for Docker 2022 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom), 2022-12-17 - 2022-12-19, Melbourne, Australia, 2022-12-17, IEEE, doi:10.1016/j.jisa.2021.102924 *
Loukidis-Andreou Fotis, Giannakopoulos Ioannis, Doka Katerina, Koziris Nectarios, 'Docker-Sec: A Fully Automated Container Security Enhancement Mechanism', 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, doi:10.1109/ICDCS.2018.00169 *
Zhu Hui, Gehrmann Christian, 'Lic-Sec: An enhanced AppArmor Docker security profile generator, Journal of Information Security and Applications, 2021-07-16, ELSEVIER, AMSTERDAM, NL 61, doi:10.1109/ISPA-BDCloud-SocialCom-SustainCom57177.2022.00110 *

Also Published As

Publication number Publication date
SE2450283A1 (en) 2025-09-13
WO2025190530A1 (en) 2025-09-18

Similar Documents

Publication Publication Date Title
Ning et al. Forecast of China’s carbon emissions based on ARIMA method
WO2022020162A3 (en) Machine-learning techniques for factor-level monotonic neural networks
Feng et al. Does trade in services improve carbon efficiency?—Analysis based on international panel data
Liu et al. Zero-waste city pilot and urban green and low-carbon transformation: Quasi-experimental evidence from China
WO2020143849A3 (en) Method and system for optimizing user grouping for advertisement
CN106901394B (en) A kind of method based on Markov process redried leaf tobacco stock's dynamic equilibrium
CN108736465A (en) A kind of future-state electric network model construction method and device
GB2598879A (en) Deep learning approach to computing spans
CN108062598A (en) New situation load potential prediction method under multi-scenario
CN112288170A (en) Optimization analysis method of power plant unit operating conditions based on big data analysis
CN118297266B (en) A method and system for evaluating the flexibility of an integrated energy system
SE547710C2 (en) A method for adapting a model to be used in a profiling service and a method for determining a set of access control rules
CN117634933B (en) A method and device for predicting carbon emission data
WO2023167802A8 (en) Hybrid predictive modeling for control of cell culture
CN102682346B (en) Correcting method of layer load prediction model of power distribution network
CN102109837B (en) Forecast and balance method for tank level of coke oven gas of steel makers
CN120822186A (en) A real-time carbon emission calibration method and system based on multi-source heterogeneous data fusion
Liu et al. Manufacturing service innovation and foreign trade upgrade model based on internet of things and industry 4.0
CN114091325A (en) Power distribution station load prediction method and system based on multi-model layered learning
CN119944684A (en) A multi-regional interconnected power grid resource scheduling method and system based on big data
Geng et al. Quantitative evaluation method of user-side resource adaptability for power grid different regulation demands
CN116523278A (en) Intelligent energy management platform-based energy complementary optimization method and system
CN115333115B (en) Discrete continuous reactive power cooperative control method and device
Zhang et al. Carbon emission reduction strategy of the construction supply chain under the cost-sharing contract
Yumei et al. Research on the Identification of factors in traditional enterprise transformation and upgrading and technological innovation Base on Hidde Markov Model