WO2002014987A8 - An adaptive system and architecture for access control - Google Patents
An adaptive system and architecture for access controlInfo
- Publication number
- WO2002014987A8 WO2002014987A8 PCT/IB2001/001876 IB0101876W WO0214987A8 WO 2002014987 A8 WO2002014987 A8 WO 2002014987A8 IB 0101876 W IB0101876 W IB 0101876W WO 0214987 A8 WO0214987 A8 WO 0214987A8
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- access
- resources
- architecture
- access control
- network
- Prior art date
Links
- 230000003044 adaptive effect Effects 0.000 title 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
- G06F18/231—Hierarchical techniques, i.e. dividing or merging pattern sets so as to obtain a dendrogram
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Abstract
L'invention concerne un système de sécurité de réseau et un procédé de protection de ressources de réseau à partir d'un accès et/ou d'une utilisation non autorisé(e). Un dispositif agent recueille des données en fonction de toutes les tentatives d'accès aux ressources du réseau et fournit cette information à un dispositif analyseur qui adapte des niveaux de permission de manière à correspondre au moins à l'information nouvellement fournie. Un agent tuteur peut utiliser les niveaux de permission dans le but d'accorder ou de refuser l'accès aux ressources du système. Une telle exécution peut être conduite en fonction de chaque tentative d'accès aux ressources selon une politique de sécurité de réseau. Une unité de contrôle maintient la police de sécurité et engendre des rapports à partir des données fournies par le dispositif agent et le dispositif analyseur.A network security system and method for protecting network resources from unauthorized access and / or use is provided. An agent device collects data based on all attempts to access network resources and provides this information to an analyzer device that adapts permission levels to at least match the newly provided information. A guardian can use permission levels to grant or deny access to system resources. Such an execution can be carried out as a function of each attempt to access resources according to a network security policy. A control unit maintains the security police and generates reports from the data provided by the agent device and the analyzer device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2001294083A AU2001294083A1 (en) | 2000-08-18 | 2001-08-20 | An adaptive system and architecture for access control |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US22612800P | 2000-08-18 | 2000-08-18 | |
US60/226,128 | 2000-08-18 | ||
US25957501P | 2001-01-04 | 2001-01-04 | |
US60/259,575 | 2001-01-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002014987A2 WO2002014987A2 (en) | 2002-02-21 |
WO2002014987A8 true WO2002014987A8 (en) | 2003-09-04 |
Family
ID=26920229
Family Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2001/001876 WO2002014987A2 (en) | 2000-08-18 | 2001-08-20 | An adaptive system and architecture for access control |
PCT/IB2001/001923 WO2002014989A2 (en) | 2000-08-18 | 2001-08-20 | Permission level generation based on adaptive learning |
PCT/IB2001/001892 WO2002015122A2 (en) | 2000-08-18 | 2001-08-20 | A system and method for a greedy pairwise clustering |
PCT/IB2001/001877 WO2002014988A2 (en) | 2000-08-18 | 2001-08-20 | A method and an apparatus for a security policy |
Family Applications After (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2001/001923 WO2002014989A2 (en) | 2000-08-18 | 2001-08-20 | Permission level generation based on adaptive learning |
PCT/IB2001/001892 WO2002015122A2 (en) | 2000-08-18 | 2001-08-20 | A system and method for a greedy pairwise clustering |
PCT/IB2001/001877 WO2002014988A2 (en) | 2000-08-18 | 2001-08-20 | A method and an apparatus for a security policy |
Country Status (2)
Country | Link |
---|---|
AU (4) | AU2001294083A1 (en) |
WO (4) | WO2002014987A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8850048B2 (en) | 2008-05-13 | 2014-09-30 | At&T Mobility Ii Llc | Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management |
US8856878B2 (en) | 2009-10-15 | 2014-10-07 | At&T Intellectual Property I, L.P | Management of access to service in an access point |
US8897752B2 (en) | 2006-07-12 | 2014-11-25 | At&T Intellectual Property I, L.P. | Pico-cell extension for cellular network |
Families Citing this family (57)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003203140A (en) * | 2001-10-30 | 2003-07-18 | Asgent Inc | Method for grasping situation of information system and device used in the same |
WO2003063449A1 (en) * | 2002-01-18 | 2003-07-31 | Metrowerks Corporation | System and method for monitoring network security |
EP1339199A1 (en) * | 2002-02-22 | 2003-08-27 | Hewlett-Packard Company | Dynamic user authentication |
CA2478128A1 (en) | 2002-03-06 | 2003-09-12 | Peregrine Systems, Inc. | Method and system for a network management console |
FR2838207B1 (en) * | 2002-04-08 | 2006-06-23 | France Telecom | INFORMATION EXCHANGE SYSTEM WITH CONDITIONED ACCESS TO AN INFORMATION TRANSFER NETWORK |
US7302488B2 (en) * | 2002-06-28 | 2007-11-27 | Microsoft Corporation | Parental controls customization and notification |
ATE540373T1 (en) * | 2002-11-29 | 2012-01-15 | Sap Ag | METHOD AND COMPUTER SYSTEM FOR PROTECTING ELECTRONIC DOCUMENTS |
CN1417690A (en) * | 2002-12-03 | 2003-05-14 | 南京金鹰国际集团软件系统有限公司 | Application process audit platform system based on members |
US10110632B2 (en) * | 2003-03-31 | 2018-10-23 | Intel Corporation | Methods and systems for managing security policies |
US8266699B2 (en) | 2003-07-01 | 2012-09-11 | SecurityProfiling Inc. | Multiple-path remediation |
US9118711B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9100431B2 (en) | 2003-07-01 | 2015-08-04 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US9350752B2 (en) | 2003-07-01 | 2016-05-24 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9118709B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US8984644B2 (en) | 2003-07-01 | 2015-03-17 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9118708B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Multi-path remediation |
US9118710B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | System, method, and computer program product for reporting an occurrence in different manners |
US20070113272A2 (en) | 2003-07-01 | 2007-05-17 | Securityprofiling, Inc. | Real-time vulnerability monitoring |
DE602004018718D1 (en) * | 2003-08-19 | 2009-02-12 | France Telecom | Method and system for assessing the security of electronic devices and access control to resources |
DE10348729B4 (en) | 2003-10-16 | 2022-06-15 | Vodafone Holding Gmbh | Setup and procedures for backing up protected data |
FR2864657B1 (en) * | 2003-12-24 | 2006-03-24 | Trusted Logic | METHOD FOR PARAMETRABLE SECURITY CONTROL OF COMPUTER SYSTEMS AND EMBEDDED SYSTEMS USING THE SAME |
US7907934B2 (en) | 2004-04-27 | 2011-03-15 | Nokia Corporation | Method and system for providing security in proximity and Ad-Hoc networks |
JP4643204B2 (en) | 2004-08-25 | 2011-03-02 | 株式会社エヌ・ティ・ティ・ドコモ | Server device |
EP1811387A4 (en) * | 2004-08-25 | 2016-04-13 | Nec Corp | Information communication device, and program execution environment control method |
US7979889B2 (en) | 2005-01-07 | 2011-07-12 | Cisco Technology, Inc. | Methods and apparatus providing security to computer systems and networks |
US7193872B2 (en) | 2005-01-28 | 2007-03-20 | Kasemsan Siri | Solar array inverter with maximum power tracking |
US7661111B2 (en) | 2005-10-13 | 2010-02-09 | Inernational Business Machines Corporation | Method for assuring event record integrity |
KR20080078713A (en) * | 2005-12-13 | 2008-08-27 | 인터디지탈 테크날러지 코포레이션 | Method and system for protecting user data in a node |
US7882560B2 (en) | 2005-12-16 | 2011-02-01 | Cisco Technology, Inc. | Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing |
US8495743B2 (en) | 2005-12-16 | 2013-07-23 | Cisco Technology, Inc. | Methods and apparatus providing automatic signature generation and enforcement |
US9286469B2 (en) | 2005-12-16 | 2016-03-15 | Cisco Technology, Inc. | Methods and apparatus providing computer and network security utilizing probabilistic signature generation |
US8413245B2 (en) | 2005-12-16 | 2013-04-02 | Cisco Technology, Inc. | Methods and apparatus providing computer and network security for polymorphic attacks |
CN101350054B (en) | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | Method and apparatus for automatically protecting computer noxious program |
CN101350052B (en) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | Method and apparatus for discovering malignancy of computer program |
US8626223B2 (en) | 2008-05-07 | 2014-01-07 | At&T Mobility Ii Llc | Femto cell signaling gating |
US8719420B2 (en) | 2008-05-13 | 2014-05-06 | At&T Mobility Ii Llc | Administration of access lists for femtocell service |
US20100041365A1 (en) | 2008-06-12 | 2010-02-18 | At&T Mobility Ii Llc | Mediation, rating, and billing associated with a femtocell service framework |
CN102308302A (en) | 2009-02-10 | 2012-01-04 | 日本电气株式会社 | Policy management apparatus, policy management system, and method and program used for the same |
US8713056B1 (en) * | 2011-03-30 | 2014-04-29 | Open Text S.A. | System, method and computer program product for efficient caching of hierarchical items |
US10229222B2 (en) | 2012-03-26 | 2019-03-12 | Greyheller, Llc | Dynamically optimized content display |
US10225249B2 (en) * | 2012-03-26 | 2019-03-05 | Greyheller, Llc | Preventing unauthorized access to an application server |
US8959657B2 (en) * | 2013-03-14 | 2015-02-17 | Appsense Limited | Secure data management |
US9355261B2 (en) | 2013-03-14 | 2016-05-31 | Appsense Limited | Secure data management |
US9215251B2 (en) | 2013-09-11 | 2015-12-15 | Appsense Limited | Apparatus, systems, and methods for managing data security |
US10104124B2 (en) | 2014-03-19 | 2018-10-16 | Nippon Telegraph And Telephone Corporation | Analysis rule adjustment device, analysis rule adjustment system, analysis rule adjustment method, and analysis rule adjustment program |
US9787685B2 (en) | 2014-06-24 | 2017-10-10 | Xiaomi Inc. | Methods, devices and systems for managing authority |
CN104125335B (en) * | 2014-06-24 | 2017-08-25 | 小米科技有限责任公司 | Right management method, apparatus and system |
WO2023170635A2 (en) * | 2022-03-10 | 2023-09-14 | Orca Security LTD. | System and methods for a machine-learning adaptive permission reduction engine |
WO2018160407A1 (en) | 2017-03-01 | 2018-09-07 | Carrier Corporation | Compact encoding of static permissions for real-time access control |
EP3590100B1 (en) | 2017-03-01 | 2022-08-31 | Carrier Corporation | Spatio-temporal topology learning for detection of suspicious access behavior |
EP3590102A1 (en) | 2017-03-01 | 2020-01-08 | Carrier Corporation | Access control request manager based on learning profile-based access pathways |
CN106778314A (en) * | 2017-03-01 | 2017-05-31 | 全球能源互联网研究院 | A kind of distributed difference method for secret protection based on k means |
US10764299B2 (en) * | 2017-06-29 | 2020-09-01 | Microsoft Technology Licensing, Llc | Access control manager |
US10831787B2 (en) * | 2017-06-30 | 2020-11-10 | Sap Se | Security of a computer system |
US11115421B2 (en) * | 2019-06-26 | 2021-09-07 | Accenture Global Solutions Limited | Security monitoring platform for managing access rights associated with cloud applications |
US11501257B2 (en) * | 2019-12-09 | 2022-11-15 | Jpmorgan Chase Bank, N.A. | Method and apparatus for implementing a role-based access control clustering machine learning model execution module |
WO2021071539A1 (en) * | 2020-01-15 | 2021-04-15 | Futurewei Technologies, Inc. | Secure and accountable data access |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6049797A (en) * | 1998-04-07 | 2000-04-11 | Lucent Technologies, Inc. | Method, apparatus and programmed medium for clustering databases with categorical attributes |
-
2001
- 2001-08-20 WO PCT/IB2001/001876 patent/WO2002014987A2/en active Application Filing
- 2001-08-20 AU AU2001294083A patent/AU2001294083A1/en not_active Abandoned
- 2001-08-20 WO PCT/IB2001/001923 patent/WO2002014989A2/en active Application Filing
- 2001-08-20 AU AU2001294110A patent/AU2001294110A1/en not_active Abandoned
- 2001-08-20 AU AU2001294084A patent/AU2001294084A1/en not_active Abandoned
- 2001-08-20 WO PCT/IB2001/001892 patent/WO2002015122A2/en active Application Filing
- 2001-08-20 AU AU2001294089A patent/AU2001294089A1/en not_active Abandoned
- 2001-08-20 WO PCT/IB2001/001877 patent/WO2002014988A2/en active Application Filing
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8897752B2 (en) | 2006-07-12 | 2014-11-25 | At&T Intellectual Property I, L.P. | Pico-cell extension for cellular network |
US8850048B2 (en) | 2008-05-13 | 2014-09-30 | At&T Mobility Ii Llc | Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management |
US8856878B2 (en) | 2009-10-15 | 2014-10-07 | At&T Intellectual Property I, L.P | Management of access to service in an access point |
Also Published As
Publication number | Publication date |
---|---|
AU2001294083A1 (en) | 2002-02-25 |
WO2002014988A2 (en) | 2002-02-21 |
WO2002015122A3 (en) | 2003-12-04 |
AU2001294089A1 (en) | 2002-02-25 |
WO2002014989A2 (en) | 2002-02-21 |
WO2002014989A8 (en) | 2003-03-06 |
WO2002014988A8 (en) | 2003-04-24 |
WO2002014987A2 (en) | 2002-02-21 |
AU2001294110A1 (en) | 2002-02-25 |
AU2001294084A1 (en) | 2002-02-25 |
WO2002015122A2 (en) | 2002-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2002014987A8 (en) | An adaptive system and architecture for access control | |
Moore et al. | Attack modeling for information security and survivability | |
Stoneburner | Sp 800-33. underlying technical models for information technology security | |
US7962960B2 (en) | Systems and methods for performing risk analysis | |
CN101512490B (en) | Securing data in a networked environment | |
US20010025311A1 (en) | Access control system | |
WO2000041542A3 (en) | System for allocating resources in a communication system | |
ATE268967T1 (en) | METHOD AND SYSTEM FOR ENFORCEMENT OF A COMMUNICATIONS SECURITY PROCEDURES | |
WO2006073837A3 (en) | Method and apparatus of adaptive network policy management for wireless mobile computers | |
ATE453277T1 (en) | METHOD AND DEVICE FOR TRANSMITTING DATA SUBJECT TO CONFIDENTIALITY RESTRICTIONS | |
WO2004070547A3 (en) | Method and device for monitoring data traffic and preventing unauthorized access to a network | |
Yu et al. | Enterprise digital rights management: Solutions against information theft by insiders | |
Lee | Essays about computer security | |
Cerf | Guidelines for Internet measurement activities | |
Dixon | With nowhere to hide: Workers are scrambling for privacy in the digital age | |
Huang et al. | Advanced OSGi security layer | |
KR20070090460A (en) | Computer and network forensics system | |
Doddrell | Information security and the Internet | |
Cisco | Introduction | |
Kastenberg | Changing the paradigm of Internet access from government information systems: a solution to the need for the DoD to take time-sensitive action on the Niprnet | |
KR20040027682A (en) | The Method of To Provide Against Virus, Hacking and Wrong Usage of File By Using Transformed File Driver | |
TWI802804B (en) | Information security management system for multiple information security software | |
National Computer Security Center (US) | Glossary of Computer Security Terms | |
Zendra et al. | The race for cybersecurity | |
El Kalam et al. | Intrusion detection and security policy framework for distributed environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
D17 | Declaration under article 17(2)a | ||
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |