首页> 外国专利> Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance

Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance

机译：用于将权限使用与安全策略进行协调以优化策略和监视持续合规性的技术

页面导航

摘要
著录项
相似文献

摘要

In one aspect, a method for managing a security policy having multiple policy items includes the steps of: (a) mapping permissions to the policy items which apply to usage of the permissions so as to determine which of the permissions are granted to groups of users by each of the policy items; (b) identifying at least one of the policy items mapped in step (a) that is in violation of least privilege based on a comparison of an actual permission usage with the security policy; (c) identifying at least one of the policy items mapped in step (a) that increases operational risk; (d) verifying that policy constructs in the security policy are consistent with policy constructs inferred from the actual permission usage; and (e) identifying optimizations of the security policy based on output from one or more of steps (a)-(d).

机译：在一个方面，一种用于管理具有多个策略项的安全策略的方法包括以下步骤：（a）将权限映射到适用于使用权限的策略项，以便确定将哪些权限授予用户组根据每个保单项目; （b）基于实际许可使用情况与安全策略的比较，识别在步骤（a）中映射的至少一项违反最小特权的策略项; （c）识别步骤（a）中映射的至少一项政策项目，这些政策项目会增加操作风险; （d）验证安全策略中的策略构造与从实际权限使用中推断出的策略构造一致; （e）根据步骤（a）-（d）中一个或多个步骤的输出，确定安全策略的优化。

著录项

公开/公告号US9246945B2

专利类型
公开/公告日2016-01-26

原文格式PDF
申请/专利权人 INTERNATIONAL BUSINESS MACHINES CORPORATION;
展开▼

申请/专利号US201313904350
发明设计人 WILFRIED TEIKEN;IAN M. MOLLOY;SURESH N. CHARI;YOUNGJA PARK;
展开▼

申请日2013-05-29
分类号G06F21/00;H04L29/06;G06F21/31;G06F21/60;
国家 US
入库时间 2022-08-21 14:29:06

相似文献

专利
外文文献
中文文献