[go: up one dir, main page]

WO2002014987A8 - An adaptive system and architecture for access control - Google Patents

An adaptive system and architecture for access control

Info

Publication number
WO2002014987A8
WO2002014987A8 PCT/IB2001/001876 IB0101876W WO0214987A8 WO 2002014987 A8 WO2002014987 A8 WO 2002014987A8 IB 0101876 W IB0101876 W IB 0101876W WO 0214987 A8 WO0214987 A8 WO 0214987A8
Authority
WO
WIPO (PCT)
Prior art keywords
access
resources
architecture
access control
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2001/001876
Other languages
French (fr)
Other versions
WO2002014987A2 (en
Inventor
Ofer Gadish
Yuval Baharav
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CAMELOT INFORMATION TECHNOLOGIES Ltd
CAMELOT INFORMATION TECHNOLOGI
Original Assignee
CAMELOT INFORMATION TECHNOLOGIES Ltd
CAMELOT INFORMATION TECHNOLOGI
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CAMELOT INFORMATION TECHNOLOGIES Ltd, CAMELOT INFORMATION TECHNOLOGI filed Critical CAMELOT INFORMATION TECHNOLOGIES Ltd
Priority to AU2001294083A priority Critical patent/AU2001294083A1/en
Publication of WO2002014987A2 publication Critical patent/WO2002014987A2/en
Anticipated expiration legal-status Critical
Publication of WO2002014987A8 publication Critical patent/WO2002014987A8/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • G06F18/231Hierarchical techniques, i.e. dividing or merging pattern sets so as to obtain a dendrogram
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Evolutionary Biology (AREA)
  • Artificial Intelligence (AREA)
  • Automation & Control Theory (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

L'invention concerne un système de sécurité de réseau et un procédé de protection de ressources de réseau à partir d'un accès et/ou d'une utilisation non autorisé(e). Un dispositif agent recueille des données en fonction de toutes les tentatives d'accès aux ressources du réseau et fournit cette information à un dispositif analyseur qui adapte des niveaux de permission de manière à correspondre au moins à l'information nouvellement fournie. Un agent tuteur peut utiliser les niveaux de permission dans le but d'accorder ou de refuser l'accès aux ressources du système. Une telle exécution peut être conduite en fonction de chaque tentative d'accès aux ressources selon une politique de sécurité de réseau. Une unité de contrôle maintient la police de sécurité et engendre des rapports à partir des données fournies par le dispositif agent et le dispositif analyseur.A network security system and method for protecting network resources from unauthorized access and / or use is provided. An agent device collects data based on all attempts to access network resources and provides this information to an analyzer device that adapts permission levels to at least match the newly provided information. A guardian can use permission levels to grant or deny access to system resources. Such an execution can be carried out as a function of each attempt to access resources according to a network security policy. A control unit maintains the security police and generates reports from the data provided by the agent device and the analyzer device.

PCT/IB2001/001876 2000-08-18 2001-08-20 An adaptive system and architecture for access control Ceased WO2002014987A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001294083A AU2001294083A1 (en) 2000-08-18 2001-08-20 An adaptive system and architecture for access control

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US22612800P 2000-08-18 2000-08-18
US60/226,128 2000-08-18
US25957501P 2001-01-04 2001-01-04
US60/259,575 2001-01-04

Publications (2)

Publication Number Publication Date
WO2002014987A2 WO2002014987A2 (en) 2002-02-21
WO2002014987A8 true WO2002014987A8 (en) 2003-09-04

Family

ID=26920229

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/IB2001/001876 Ceased WO2002014987A2 (en) 2000-08-18 2001-08-20 An adaptive system and architecture for access control
PCT/IB2001/001877 Ceased WO2002014988A2 (en) 2000-08-18 2001-08-20 A method and an apparatus for a security policy
PCT/IB2001/001892 Ceased WO2002015122A2 (en) 2000-08-18 2001-08-20 A system and method for a greedy pairwise clustering
PCT/IB2001/001923 Ceased WO2002014989A2 (en) 2000-08-18 2001-08-20 Permission level generation based on adaptive learning

Family Applications After (3)

Application Number Title Priority Date Filing Date
PCT/IB2001/001877 Ceased WO2002014988A2 (en) 2000-08-18 2001-08-20 A method and an apparatus for a security policy
PCT/IB2001/001892 Ceased WO2002015122A2 (en) 2000-08-18 2001-08-20 A system and method for a greedy pairwise clustering
PCT/IB2001/001923 Ceased WO2002014989A2 (en) 2000-08-18 2001-08-20 Permission level generation based on adaptive learning

Country Status (2)

Country Link
AU (4) AU2001294083A1 (en)
WO (4) WO2002014987A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850048B2 (en) 2008-05-13 2014-09-30 At&T Mobility Ii Llc Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management
US8856878B2 (en) 2009-10-15 2014-10-07 At&T Intellectual Property I, L.P Management of access to service in an access point
US8897752B2 (en) 2006-07-12 2014-11-25 At&T Intellectual Property I, L.P. Pico-cell extension for cellular network

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003203140A (en) * 2001-10-30 2003-07-18 Asgent Inc Information system status grasping method and device used therefor
WO2003063449A1 (en) * 2002-01-18 2003-07-31 Metrowerks Corporation System and method for monitoring network security
EP1339199A1 (en) * 2002-02-22 2003-08-27 Hewlett-Packard Company Dynamic user authentication
AU2003208222A1 (en) * 2002-03-06 2003-09-16 Peregrine Systems, Inc. Method and system for a network management console
FR2838207B1 (en) * 2002-04-08 2006-06-23 France Telecom INFORMATION EXCHANGE SYSTEM WITH CONDITIONED ACCESS TO AN INFORMATION TRANSFER NETWORK
US7302488B2 (en) 2002-06-28 2007-11-27 Microsoft Corporation Parental controls customization and notification
EP1424618B1 (en) 2002-11-29 2012-01-04 Sap Ag Method and computer system for protecting electronic documents
CN1417690A (en) * 2002-12-03 2003-05-14 南京金鹰国际集团软件系统有限公司 Application process audit platform system based on members
US10110632B2 (en) 2003-03-31 2018-10-23 Intel Corporation Methods and systems for managing security policies
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US8266699B2 (en) 2003-07-01 2012-09-11 SecurityProfiling Inc. Multiple-path remediation
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118711B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
ATE419588T1 (en) * 2003-08-19 2009-01-15 France Telecom METHOD AND SYSTEM FOR ASSESSING THE SECURITY OF ELECTRONIC DEVICES AND CONTROLLING ACCESS TO RESOURCES
DE10348729B4 (en) 2003-10-16 2022-06-15 Vodafone Holding Gmbh Setup and procedures for backing up protected data
FR2864657B1 (en) * 2003-12-24 2006-03-24 Trusted Logic METHOD FOR PARAMETRABLE SECURITY CONTROL OF COMPUTER SYSTEMS AND EMBEDDED SYSTEMS USING THE SAME
US7907934B2 (en) 2004-04-27 2011-03-15 Nokia Corporation Method and system for providing security in proximity and Ad-Hoc networks
JP4643204B2 (en) 2004-08-25 2011-03-02 株式会社エヌ・ティ・ティ・ドコモ Server device
CN101006433B (en) * 2004-08-25 2012-01-11 日本电气株式会社 Information communication device, and program execution environment control method
US7979889B2 (en) 2005-01-07 2011-07-12 Cisco Technology, Inc. Methods and apparatus providing security to computer systems and networks
US7193872B2 (en) 2005-01-28 2007-03-20 Kasemsan Siri Solar array inverter with maximum power tracking
US7661111B2 (en) 2005-10-13 2010-02-09 Inernational Business Machines Corporation Method for assuring event record integrity
KR20080070779A (en) * 2005-12-13 2008-07-30 인터디지탈 테크날러지 코포레이션 Method and system for protecting user data in node
US8495743B2 (en) 2005-12-16 2013-07-23 Cisco Technology, Inc. Methods and apparatus providing automatic signature generation and enforcement
US7882560B2 (en) 2005-12-16 2011-02-01 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8413245B2 (en) 2005-12-16 2013-04-02 Cisco Technology, Inc. Methods and apparatus providing computer and network security for polymorphic attacks
US9286469B2 (en) 2005-12-16 2016-03-15 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic signature generation
CN101350054B (en) 2007-10-15 2011-05-25 北京瑞星信息技术有限公司 Method and apparatus for automatically protecting computer noxious program
CN101350052B (en) 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 Method and apparatus for discovering malignancy of computer program
US8626223B2 (en) 2008-05-07 2014-01-07 At&T Mobility Ii Llc Femto cell signaling gating
US8719420B2 (en) 2008-05-13 2014-05-06 At&T Mobility Ii Llc Administration of access lists for femtocell service
US20100041365A1 (en) 2008-06-12 2010-02-18 At&T Mobility Ii Llc Mediation, rating, and billing associated with a femtocell service framework
JP5482667B2 (en) * 2009-02-10 2014-05-07 日本電気株式会社 Policy management apparatus, policy management system, method and program used therefor
US8713056B1 (en) 2011-03-30 2014-04-29 Open Text S.A. System, method and computer program product for efficient caching of hierarchical items
US10229222B2 (en) 2012-03-26 2019-03-12 Greyheller, Llc Dynamically optimized content display
US10225249B2 (en) * 2012-03-26 2019-03-05 Greyheller, Llc Preventing unauthorized access to an application server
US8959657B2 (en) * 2013-03-14 2015-02-17 Appsense Limited Secure data management
US9355261B2 (en) 2013-03-14 2016-05-31 Appsense Limited Secure data management
US9215251B2 (en) 2013-09-11 2015-12-15 Appsense Limited Apparatus, systems, and methods for managing data security
JP6190518B2 (en) * 2014-03-19 2017-08-30 日本電信電話株式会社 Analysis rule adjustment device, analysis rule adjustment system, analysis rule adjustment method, and analysis rule adjustment program
CN104125335B (en) * 2014-06-24 2017-08-25 小米科技有限责任公司 Right management method, apparatus and system
US9787685B2 (en) 2014-06-24 2017-10-10 Xiaomi Inc. Methods, devices and systems for managing authority
WO2023170635A2 (en) * 2022-03-10 2023-09-14 Orca Security LTD. System and methods for a machine-learning adaptive permission reduction engine
EP3590099A1 (en) 2017-03-01 2020-01-08 Carrier Corporation Compact encoding of static permissions for real-time access control
US10891816B2 (en) 2017-03-01 2021-01-12 Carrier Corporation Spatio-temporal topology learning for detection of suspicious access behavior
CN106778314A (en) * 2017-03-01 2017-05-31 全球能源互联网研究院 A kind of distributed difference method for secret protection based on k means
EP3590102A1 (en) 2017-03-01 2020-01-08 Carrier Corporation Access control request manager based on learning profile-based access pathways
US10764299B2 (en) * 2017-06-29 2020-09-01 Microsoft Technology Licensing, Llc Access control manager
US10831787B2 (en) 2017-06-30 2020-11-10 Sap Se Security of a computer system
US11115421B2 (en) * 2019-06-26 2021-09-07 Accenture Global Solutions Limited Security monitoring platform for managing access rights associated with cloud applications
US11501257B2 (en) * 2019-12-09 2022-11-15 Jpmorgan Chase Bank, N.A. Method and apparatus for implementing a role-based access control clustering machine learning model execution module
CN114981812B (en) * 2020-01-15 2025-08-05 华为技术有限公司 Secure and reliable data access
GB2637148A (en) * 2024-01-10 2025-07-16 Ibm User access group discovery

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6049797A (en) * 1998-04-07 2000-04-11 Lucent Technologies, Inc. Method, apparatus and programmed medium for clustering databases with categorical attributes

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8897752B2 (en) 2006-07-12 2014-11-25 At&T Intellectual Property I, L.P. Pico-cell extension for cellular network
US8850048B2 (en) 2008-05-13 2014-09-30 At&T Mobility Ii Llc Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management
US8856878B2 (en) 2009-10-15 2014-10-07 At&T Intellectual Property I, L.P Management of access to service in an access point

Also Published As

Publication number Publication date
WO2002014988A8 (en) 2003-04-24
WO2002015122A2 (en) 2002-02-21
AU2001294084A1 (en) 2002-02-25
WO2002015122A3 (en) 2003-12-04
AU2001294083A1 (en) 2002-02-25
WO2002014987A2 (en) 2002-02-21
WO2002014988A2 (en) 2002-02-21
AU2001294089A1 (en) 2002-02-25
WO2002014989A8 (en) 2003-03-06
AU2001294110A1 (en) 2002-02-25
WO2002014989A2 (en) 2002-02-21

Similar Documents

Publication Publication Date Title
WO2002014987A8 (en) An adaptive system and architecture for access control
US7035850B2 (en) Access control system
US7962960B2 (en) Systems and methods for performing risk analysis
WO2000041542A3 (en) System for allocating resources in a communication system
ATE268967T1 (en) METHOD AND SYSTEM FOR ENFORCEMENT OF A COMMUNICATIONS SECURITY PROCEDURES
WO2006073837A3 (en) Method and apparatus of adaptive network policy management for wireless mobile computers
WO2006122091A3 (en) Cascading security architecture
ATE453277T1 (en) METHOD AND DEVICE FOR TRANSMITTING DATA SUBJECT TO CONFIDENTIALITY RESTRICTIONS
WO2004062164A3 (en) Methods and apparatus for managing secured software for a wireless device
US20060137018A1 (en) Method and apparatus to provide secured surveillance data to authorized entities
US7735100B1 (en) Regulating remote registry access over a computer network
Lee Essays about computer security
Dixon With nowhere to hide: Workers are scrambling for privacy in the digital age
Huang et al. Advanced OSGi security layer
CN118094612A (en) A file security access method based on mobile terminal
Meadows An outline of a taxonomy of computer security research and development
Babak et al. Protection of Measurement Information from Unauthorized Access
Kastenberg Changing the paradigm of Internet access from government information systems: a solution to the need for the DoD to take time-sensitive action on the Niprnet
KR20070090460A (en) Computer and Network Integrated Forensic System
Claerhout et al. Privacy protection for HealthGrid applications
KR20040027682A (en) The Method of To Provide Against Virus, Hacking and Wrong Usage of File By Using Transformed File Driver
TWI802804B (en) Information security management system for multiple information security software
Martsenyuk et al. Features of technology of protection against unauthorizedly installed monitoring software products.
McDermott Personal firewalls… One more step towards comprehensive security
Kuhnert et al. The security attack experimentation framework: An approach to test network mitigation strategies in compliance

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

D17 Declaration under article 17(2)a
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP