WO2002014987A8 - An adaptive system and architecture for access control - Google Patents

An adaptive system and architecture for access control

Info

Publication number
WO2002014987A8
WO2002014987A8 PCT/IB2001/001876 IB0101876W WO0214987A8 WO 2002014987 A8 WO2002014987 A8 WO 2002014987A8 IB 0101876 W IB0101876 W IB 0101876W WO 0214987 A8 WO0214987 A8 WO 0214987A8
Authority
WO
WIPO (PCT)
Prior art keywords
access
resources
architecture
access control
network
Prior art date
Application number
PCT/IB2001/001876
Other languages
French (fr)
Other versions
WO2002014987A2 (en
Inventor
Ofer Gadish
Yuval Baharav
Original Assignee
Camelot Information Technologi
Ofer Gadish
Yuval Baharav
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Camelot Information Technologi, Ofer Gadish, Yuval Baharav filed Critical Camelot Information Technologi
Priority to AU2001294083A priority Critical patent/AU2001294083A1/en
Publication of WO2002014987A2 publication Critical patent/WO2002014987A2/en
Publication of WO2002014987A8 publication Critical patent/WO2002014987A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/231Hierarchical techniques, i.e. dividing or merging pattern sets so as to obtain a dendrogram
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Abstract

L'invention concerne un système de sécurité de réseau et un procédé de protection de ressources de réseau à partir d'un accès et/ou d'une utilisation non autorisé(e). Un dispositif agent recueille des données en fonction de toutes les tentatives d'accès aux ressources du réseau et fournit cette information à un dispositif analyseur qui adapte des niveaux de permission de manière à correspondre au moins à l'information nouvellement fournie. Un agent tuteur peut utiliser les niveaux de permission dans le but d'accorder ou de refuser l'accès aux ressources du système. Une telle exécution peut être conduite en fonction de chaque tentative d'accès aux ressources selon une politique de sécurité de réseau. Une unité de contrôle maintient la police de sécurité et engendre des rapports à partir des données fournies par le dispositif agent et le dispositif analyseur.A network security system and method for protecting network resources from unauthorized access and / or use is provided. An agent device collects data based on all attempts to access network resources and provides this information to an analyzer device that adapts permission levels to at least match the newly provided information. A guardian can use permission levels to grant or deny access to system resources. Such an execution can be carried out as a function of each attempt to access resources according to a network security policy. A control unit maintains the security police and generates reports from the data provided by the agent device and the analyzer device.

PCT/IB2001/001876 2000-08-18 2001-08-20 An adaptive system and architecture for access control WO2002014987A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001294083A AU2001294083A1 (en) 2000-08-18 2001-08-20 An adaptive system and architecture for access control

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US22612800P 2000-08-18 2000-08-18
US60/226,128 2000-08-18
US25957501P 2001-01-04 2001-01-04
US60/259,575 2001-01-04

Publications (2)

Publication Number Publication Date
WO2002014987A2 WO2002014987A2 (en) 2002-02-21
WO2002014987A8 true WO2002014987A8 (en) 2003-09-04

Family

ID=26920229

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/IB2001/001876 WO2002014987A2 (en) 2000-08-18 2001-08-20 An adaptive system and architecture for access control
PCT/IB2001/001923 WO2002014989A2 (en) 2000-08-18 2001-08-20 Permission level generation based on adaptive learning
PCT/IB2001/001892 WO2002015122A2 (en) 2000-08-18 2001-08-20 A system and method for a greedy pairwise clustering
PCT/IB2001/001877 WO2002014988A2 (en) 2000-08-18 2001-08-20 A method and an apparatus for a security policy

Family Applications After (3)

Application Number Title Priority Date Filing Date
PCT/IB2001/001923 WO2002014989A2 (en) 2000-08-18 2001-08-20 Permission level generation based on adaptive learning
PCT/IB2001/001892 WO2002015122A2 (en) 2000-08-18 2001-08-20 A system and method for a greedy pairwise clustering
PCT/IB2001/001877 WO2002014988A2 (en) 2000-08-18 2001-08-20 A method and an apparatus for a security policy

Country Status (2)

Country Link
AU (4) AU2001294083A1 (en)
WO (4) WO2002014987A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850048B2 (en) 2008-05-13 2014-09-30 At&T Mobility Ii Llc Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management
US8856878B2 (en) 2009-10-15 2014-10-07 At&T Intellectual Property I, L.P Management of access to service in an access point
US8897752B2 (en) 2006-07-12 2014-11-25 At&T Intellectual Property I, L.P. Pico-cell extension for cellular network

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003203140A (en) * 2001-10-30 2003-07-18 Asgent Inc Method for grasping situation of information system and device used in the same
WO2003063449A1 (en) * 2002-01-18 2003-07-31 Metrowerks Corporation System and method for monitoring network security
EP1339199A1 (en) * 2002-02-22 2003-08-27 Hewlett-Packard Company Dynamic user authentication
CA2478128A1 (en) 2002-03-06 2003-09-12 Peregrine Systems, Inc. Method and system for a network management console
FR2838207B1 (en) * 2002-04-08 2006-06-23 France Telecom INFORMATION EXCHANGE SYSTEM WITH CONDITIONED ACCESS TO AN INFORMATION TRANSFER NETWORK
US7302488B2 (en) * 2002-06-28 2007-11-27 Microsoft Corporation Parental controls customization and notification
ATE540373T1 (en) * 2002-11-29 2012-01-15 Sap Ag METHOD AND COMPUTER SYSTEM FOR PROTECTING ELECTRONIC DOCUMENTS
CN1417690A (en) * 2002-12-03 2003-05-14 南京金鹰国际集团软件系统有限公司 Application process audit platform system based on members
US10110632B2 (en) * 2003-03-31 2018-10-23 Intel Corporation Methods and systems for managing security policies
US8266699B2 (en) 2003-07-01 2012-09-11 SecurityProfiling Inc. Multiple-path remediation
US9118711B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
DE602004018718D1 (en) * 2003-08-19 2009-02-12 France Telecom Method and system for assessing the security of electronic devices and access control to resources
DE10348729B4 (en) 2003-10-16 2022-06-15 Vodafone Holding Gmbh Setup and procedures for backing up protected data
FR2864657B1 (en) * 2003-12-24 2006-03-24 Trusted Logic METHOD FOR PARAMETRABLE SECURITY CONTROL OF COMPUTER SYSTEMS AND EMBEDDED SYSTEMS USING THE SAME
US7907934B2 (en) 2004-04-27 2011-03-15 Nokia Corporation Method and system for providing security in proximity and Ad-Hoc networks
JP4643204B2 (en) 2004-08-25 2011-03-02 株式会社エヌ・ティ・ティ・ドコモ Server device
EP1811387A4 (en) * 2004-08-25 2016-04-13 Nec Corp Information communication device, and program execution environment control method
US7979889B2 (en) 2005-01-07 2011-07-12 Cisco Technology, Inc. Methods and apparatus providing security to computer systems and networks
US7193872B2 (en) 2005-01-28 2007-03-20 Kasemsan Siri Solar array inverter with maximum power tracking
US7661111B2 (en) 2005-10-13 2010-02-09 Inernational Business Machines Corporation Method for assuring event record integrity
KR20080078713A (en) * 2005-12-13 2008-08-27 인터디지탈 테크날러지 코포레이션 Method and system for protecting user data in a node
US7882560B2 (en) 2005-12-16 2011-02-01 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8495743B2 (en) 2005-12-16 2013-07-23 Cisco Technology, Inc. Methods and apparatus providing automatic signature generation and enforcement
US9286469B2 (en) 2005-12-16 2016-03-15 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic signature generation
US8413245B2 (en) 2005-12-16 2013-04-02 Cisco Technology, Inc. Methods and apparatus providing computer and network security for polymorphic attacks
CN101350054B (en) 2007-10-15 2011-05-25 北京瑞星信息技术有限公司 Method and apparatus for automatically protecting computer noxious program
CN101350052B (en) 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 Method and apparatus for discovering malignancy of computer program
US8626223B2 (en) 2008-05-07 2014-01-07 At&T Mobility Ii Llc Femto cell signaling gating
US8719420B2 (en) 2008-05-13 2014-05-06 At&T Mobility Ii Llc Administration of access lists for femtocell service
US20100041365A1 (en) 2008-06-12 2010-02-18 At&T Mobility Ii Llc Mediation, rating, and billing associated with a femtocell service framework
CN102308302A (en) 2009-02-10 2012-01-04 日本电气株式会社 Policy management apparatus, policy management system, and method and program used for the same
US8713056B1 (en) * 2011-03-30 2014-04-29 Open Text S.A. System, method and computer program product for efficient caching of hierarchical items
US10229222B2 (en) 2012-03-26 2019-03-12 Greyheller, Llc Dynamically optimized content display
US10225249B2 (en) * 2012-03-26 2019-03-05 Greyheller, Llc Preventing unauthorized access to an application server
US8959657B2 (en) * 2013-03-14 2015-02-17 Appsense Limited Secure data management
US9355261B2 (en) 2013-03-14 2016-05-31 Appsense Limited Secure data management
US9215251B2 (en) 2013-09-11 2015-12-15 Appsense Limited Apparatus, systems, and methods for managing data security
US10104124B2 (en) 2014-03-19 2018-10-16 Nippon Telegraph And Telephone Corporation Analysis rule adjustment device, analysis rule adjustment system, analysis rule adjustment method, and analysis rule adjustment program
US9787685B2 (en) 2014-06-24 2017-10-10 Xiaomi Inc. Methods, devices and systems for managing authority
CN104125335B (en) * 2014-06-24 2017-08-25 小米科技有限责任公司 Right management method, apparatus and system
WO2023170635A2 (en) * 2022-03-10 2023-09-14 Orca Security LTD. System and methods for a machine-learning adaptive permission reduction engine
WO2018160407A1 (en) 2017-03-01 2018-09-07 Carrier Corporation Compact encoding of static permissions for real-time access control
EP3590100B1 (en) 2017-03-01 2022-08-31 Carrier Corporation Spatio-temporal topology learning for detection of suspicious access behavior
EP3590102A1 (en) 2017-03-01 2020-01-08 Carrier Corporation Access control request manager based on learning profile-based access pathways
CN106778314A (en) * 2017-03-01 2017-05-31 全球能源互联网研究院 A kind of distributed difference method for secret protection based on k means
US10764299B2 (en) * 2017-06-29 2020-09-01 Microsoft Technology Licensing, Llc Access control manager
US10831787B2 (en) * 2017-06-30 2020-11-10 Sap Se Security of a computer system
US11115421B2 (en) * 2019-06-26 2021-09-07 Accenture Global Solutions Limited Security monitoring platform for managing access rights associated with cloud applications
US11501257B2 (en) * 2019-12-09 2022-11-15 Jpmorgan Chase Bank, N.A. Method and apparatus for implementing a role-based access control clustering machine learning model execution module
WO2021071539A1 (en) * 2020-01-15 2021-04-15 Futurewei Technologies, Inc. Secure and accountable data access

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6049797A (en) * 1998-04-07 2000-04-11 Lucent Technologies, Inc. Method, apparatus and programmed medium for clustering databases with categorical attributes

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8897752B2 (en) 2006-07-12 2014-11-25 At&T Intellectual Property I, L.P. Pico-cell extension for cellular network
US8850048B2 (en) 2008-05-13 2014-09-30 At&T Mobility Ii Llc Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management
US8856878B2 (en) 2009-10-15 2014-10-07 At&T Intellectual Property I, L.P Management of access to service in an access point

Also Published As

Publication number Publication date
AU2001294083A1 (en) 2002-02-25
WO2002014988A2 (en) 2002-02-21
WO2002015122A3 (en) 2003-12-04
AU2001294089A1 (en) 2002-02-25
WO2002014989A2 (en) 2002-02-21
WO2002014989A8 (en) 2003-03-06
WO2002014988A8 (en) 2003-04-24
WO2002014987A2 (en) 2002-02-21
AU2001294110A1 (en) 2002-02-25
AU2001294084A1 (en) 2002-02-25
WO2002015122A2 (en) 2002-02-21

Similar Documents

Publication Publication Date Title
WO2002014987A8 (en) An adaptive system and architecture for access control
Moore et al. Attack modeling for information security and survivability
Stoneburner Sp 800-33. underlying technical models for information technology security
US7962960B2 (en) Systems and methods for performing risk analysis
CN101512490B (en) Securing data in a networked environment
US20010025311A1 (en) Access control system
WO2000041542A3 (en) System for allocating resources in a communication system
ATE268967T1 (en) METHOD AND SYSTEM FOR ENFORCEMENT OF A COMMUNICATIONS SECURITY PROCEDURES
WO2006073837A3 (en) Method and apparatus of adaptive network policy management for wireless mobile computers
ATE453277T1 (en) METHOD AND DEVICE FOR TRANSMITTING DATA SUBJECT TO CONFIDENTIALITY RESTRICTIONS
WO2004070547A3 (en) Method and device for monitoring data traffic and preventing unauthorized access to a network
Yu et al. Enterprise digital rights management: Solutions against information theft by insiders
Lee Essays about computer security
Cerf Guidelines for Internet measurement activities
Dixon With nowhere to hide: Workers are scrambling for privacy in the digital age
Huang et al. Advanced OSGi security layer
KR20070090460A (en) Computer and network forensics system
Doddrell Information security and the Internet
Cisco Introduction
Kastenberg Changing the paradigm of Internet access from government information systems: a solution to the need for the DoD to take time-sensitive action on the Niprnet
KR20040027682A (en) The Method of To Provide Against Virus, Hacking and Wrong Usage of File By Using Transformed File Driver
TWI802804B (en) Information security management system for multiple information security software
National Computer Security Center (US) Glossary of Computer Security Terms
Zendra et al. The race for cybersecurity
El Kalam et al. Intrusion detection and security policy framework for distributed environments

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

D17 Declaration under article 17(2)a
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP