TWI561040B - Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model - Google Patents
Automated generation of access control rules for use in a distributed network management system that uses a label-based policy modelInfo
- Publication number
- TWI561040B TWI561040B TW103138237A TW103138237A TWI561040B TW I561040 B TWI561040 B TW I561040B TW 103138237 A TW103138237 A TW 103138237A TW 103138237 A TW103138237 A TW 103138237A TW I561040 B TWI561040 B TW I561040B
- Authority
- TW
- Taiwan
- Prior art keywords
- label
- management system
- access control
- network management
- distributed network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201361899468P | 2013-11-04 | 2013-11-04 | |
| US201462066835P | 2014-10-21 | 2014-10-21 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201521406A TW201521406A (zh) | 2015-06-01 |
| TWI561040B true TWI561040B (en) | 2016-12-01 |
Family
ID=53005140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW103138237A TWI561040B (en) | 2013-11-04 | 2014-11-04 | Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model |
Country Status (6)
| Country | Link |
|---|---|
| US (3) | US9485279B2 (zh) |
| EP (1) | EP3066815B1 (zh) |
| JP (2) | JP6276417B2 (zh) |
| CN (1) | CN105684391B (zh) |
| TW (1) | TWI561040B (zh) |
| WO (1) | WO2015066369A1 (zh) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI696090B (zh) * | 2017-10-24 | 2020-06-11 | 香港商阿里巴巴集團服務有限公司 | 模型訓練方法、檢測url的方法及裝置 |
Families Citing this family (53)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8732476B1 (en) * | 2006-04-13 | 2014-05-20 | Xceedium, Inc. | Automatic intervention |
| US9497224B2 (en) | 2011-08-09 | 2016-11-15 | CloudPassage, Inc. | Systems and methods for implementing computer security |
| US8412945B2 (en) | 2011-08-09 | 2013-04-02 | CloudPassage, Inc. | Systems and methods for implementing security in a cloud computing environment |
| US9124640B2 (en) | 2011-08-09 | 2015-09-01 | CloudPassage, Inc. | Systems and methods for implementing computer security |
| US9882919B2 (en) | 2013-04-10 | 2018-01-30 | Illumio, Inc. | Distributed network security using a logical multi-dimensional label-based policy model |
| CA2903411C (en) | 2013-04-10 | 2018-09-04 | Illumio, Inc. | Distributed network management system using a logical multi-dimensional label-based policy model |
| US20160065575A1 (en) * | 2013-04-28 | 2016-03-03 | Zte Corporation | Communication Managing Method and Communication System |
| US9088541B2 (en) | 2013-05-31 | 2015-07-21 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
| US9912549B2 (en) | 2013-06-14 | 2018-03-06 | Catbird Networks, Inc. | Systems and methods for network analysis and reporting |
| US11196636B2 (en) | 2013-06-14 | 2021-12-07 | Catbird Networks, Inc. | Systems and methods for network data flow aggregation |
| US9769174B2 (en) | 2013-06-14 | 2017-09-19 | Catbird Networks, Inc. | Systems and methods for creating and modifying access control lists |
| US9397892B2 (en) | 2013-11-04 | 2016-07-19 | Illumio, Inc. | Managing servers based on pairing keys to implement an administrative domain-wide policy |
| RU2679179C1 (ru) | 2014-09-05 | 2019-02-06 | Кэтбёрд Нэтворкс, Инк. | Системы и способы для создания и модификации списков управления доступом |
| US9906497B2 (en) | 2014-10-06 | 2018-02-27 | Cryptzone North America, Inc. | Multi-tunneling virtual network adapter |
| US9148408B1 (en) | 2014-10-06 | 2015-09-29 | Cryptzone North America, Inc. | Systems and methods for protecting network devices |
| CN106156604A (zh) * | 2015-03-26 | 2016-11-23 | 中兴通讯股份有限公司 | 网页更新方法、系统及网页服务器 |
| US10448244B2 (en) * | 2015-04-28 | 2019-10-15 | Fortinet, Inc. | Deployment and configuration of access points |
| US9866519B2 (en) | 2015-10-16 | 2018-01-09 | Cryptzone North America, Inc. | Name resolving in segmented networks |
| US9736120B2 (en) | 2015-10-16 | 2017-08-15 | Cryptzone North America, Inc. | Client network access provision by a network traffic manager |
| WO2017105452A1 (en) * | 2015-12-17 | 2017-06-22 | Hewlett Packard Enterprise Development Lp | Reduced orthogonal network policy set selection |
| US10198595B2 (en) * | 2015-12-22 | 2019-02-05 | Walmart Apollo, Llc | Data breach detection system |
| US10412048B2 (en) | 2016-02-08 | 2019-09-10 | Cryptzone North America, Inc. | Protecting network devices by a firewall |
| US9560015B1 (en) | 2016-04-12 | 2017-01-31 | Cryptzone North America, Inc. | Systems and methods for protecting network devices by a firewall |
| US10536338B2 (en) * | 2016-07-07 | 2020-01-14 | International Business Machines Corporation | Networking connection resolution assistant |
| US10320617B2 (en) * | 2016-09-12 | 2019-06-11 | Illumio, Inc. | Representation of servers in a distributed network information management system for efficient aggregation of information |
| US10205736B2 (en) | 2017-02-27 | 2019-02-12 | Catbird Networks, Inc. | Behavioral baselining of network systems |
| CN107332851A (zh) * | 2017-07-07 | 2017-11-07 | 深信服科技股份有限公司 | 一种虚拟环境中流量控制的配置方法及系统 |
| US10127833B1 (en) * | 2017-11-10 | 2018-11-13 | Sorenson Ip Holdings Llc | Video relay service, communication system, and related methods for providing remote assistance to a sign language interpreter during a communication session |
| US11190544B2 (en) * | 2017-12-11 | 2021-11-30 | Catbird Networks, Inc. | Updating security controls or policies based on analysis of collected or created metadata |
| US20190222610A1 (en) | 2018-01-18 | 2019-07-18 | Illumio, Inc. | User-Based Visibility and Control of a Segmentation Policy |
| US11075936B2 (en) | 2018-02-22 | 2021-07-27 | Illumio, Inc. | Generating vulnerability exposure scores in a segmented computing environment |
| US11075937B2 (en) | 2018-02-22 | 2021-07-27 | Illumio, Inc. | Generating a segmentation policy based on vulnerabilities |
| US11677627B2 (en) * | 2018-06-29 | 2023-06-13 | Forescout Technologies, Inc. | Dynamic segmentation management |
| US11271812B2 (en) | 2018-06-29 | 2022-03-08 | Forescout Technologies, Inc. | Segmentation management including visualization, configuration, simulation, or a combination thereof |
| US10826942B2 (en) * | 2018-08-10 | 2020-11-03 | Servicenow, Inc. | Creating security incident records using a remote network management platform |
| CN109413063B (zh) * | 2018-10-23 | 2022-01-18 | 中国平安人寿保险股份有限公司 | 一种基于大数据的白名单更新方法、装置及电子设备 |
| US10681056B1 (en) | 2018-11-27 | 2020-06-09 | Sailpoint Technologies, Inc. | System and method for outlier and anomaly detection in identity management artificial intelligence systems using cluster based analysis of network identity graphs |
| US10341430B1 (en) | 2018-11-27 | 2019-07-02 | Sailpoint Technologies, Inc. | System and method for peer group detection, visualization and analysis in identity management artificial intelligence systems using cluster based analysis of network identity graphs |
| US10826828B2 (en) | 2018-11-28 | 2020-11-03 | Nokia Technologies Oy | Systems and methods for encoding and decoding IoT messages |
| CN111488179A (zh) * | 2019-01-28 | 2020-08-04 | 上海哔哩哔哩科技有限公司 | 规则系统及其构建方法以及业务系统及其应用方法 |
| US10523682B1 (en) | 2019-02-26 | 2019-12-31 | Sailpoint Technologies, Inc. | System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems |
| US10554665B1 (en) | 2019-02-28 | 2020-02-04 | Sailpoint Technologies, Inc. | System and method for role mining in identity management artificial intelligence systems using cluster based analysis of network identity graphs |
| JP7255679B2 (ja) * | 2019-06-17 | 2023-04-11 | 日本電気株式会社 | 攻撃グラフ加工装置、方法およびプログラム |
| CN110647527B (zh) * | 2019-08-30 | 2022-11-01 | 北京百度网讯科技有限公司 | 基于大数据的无效标签清除方法及装置、设备与可读介质 |
| US11677637B2 (en) | 2019-12-03 | 2023-06-13 | Dell Products L.P. | Contextual update compliance management |
| US11461677B2 (en) | 2020-03-10 | 2022-10-04 | Sailpoint Technologies, Inc. | Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems |
| US10862928B1 (en) | 2020-06-12 | 2020-12-08 | Sailpoint Technologies, Inc. | System and method for role validation in identity management artificial intelligence systems using analysis of network identity graphs |
| US10938828B1 (en) | 2020-09-17 | 2021-03-02 | Sailpoint Technologies, Inc. | System and method for predictive platforms in identity management artificial intelligence systems using analysis of network identity graphs |
| US11196775B1 (en) | 2020-11-23 | 2021-12-07 | Sailpoint Technologies, Inc. | System and method for predictive modeling for entitlement diffusion and role evolution in identity management artificial intelligence systems using network identity graphs |
| US11295241B1 (en) | 2021-02-19 | 2022-04-05 | Sailpoint Technologies, Inc. | System and method for incremental training of machine learning models in artificial intelligence systems, including incremental training using analysis of network identity graphs |
| US12118110B2 (en) * | 2021-04-02 | 2024-10-15 | Strata Identity, Inc. | Identity query language systems and methods |
| US11227055B1 (en) | 2021-07-30 | 2022-01-18 | Sailpoint Technologies, Inc. | System and method for automated access request recommendations |
| US12081438B2 (en) * | 2021-10-11 | 2024-09-03 | Hewlett Packard Enterprise Development Lp | Automatic policy engine selection |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040199792A1 (en) * | 2002-11-04 | 2004-10-07 | Godfrey Tan | Role grouping |
| US20100106655A1 (en) * | 2001-07-26 | 2010-04-29 | Bernd Schneider | CPW method with application in a CPW enterprise architecture engine |
| US20110209195A1 (en) * | 2010-02-22 | 2011-08-25 | Avaya Inc. | Flexible security boundaries in an enterprise network |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6023765A (en) | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
| US7925666B1 (en) * | 2005-10-06 | 2011-04-12 | Hewlett-Packard Development Company, L.P. | System and method for managing the application of access control lists on network devices |
| US7743167B2 (en) * | 2005-11-23 | 2010-06-22 | Oracle America, Inc. | Method and system for servicing requests in a dynamic cluster |
| US8428556B2 (en) * | 2007-07-10 | 2013-04-23 | Nec Corporation | Communication management system, communication management terminal device, communication management method and communication management program |
| US20090165078A1 (en) * | 2007-12-20 | 2009-06-25 | Motorola, Inc. | Managing policy rules and associated policy components |
| JP5035182B2 (ja) | 2008-08-27 | 2012-09-26 | 富士通株式会社 | アクセス制御システム、アクセス制御方法、アクセス制御プログラム、及びアクセス制御プログラムを記録した記録媒体 |
| US8644468B2 (en) * | 2010-12-15 | 2014-02-04 | International Business Machines Corporation | Carrying out predictive analysis relating to nodes of a communication network |
| CA2903411C (en) | 2013-04-10 | 2018-09-04 | Illumio, Inc. | Distributed network management system using a logical multi-dimensional label-based policy model |
| GB2520044A (en) * | 2013-11-07 | 2015-05-13 | Clearswift Ltd | Policy enforcement |
-
2014
- 2014-10-30 CN CN201480060313.4A patent/CN105684391B/zh active Active
- 2014-10-30 EP EP14856997.3A patent/EP3066815B1/en active Active
- 2014-10-30 US US14/528,879 patent/US9485279B2/en active Active
- 2014-10-30 WO PCT/US2014/063239 patent/WO2015066369A1/en active Application Filing
- 2014-10-30 JP JP2016552245A patent/JP6276417B2/ja active Active
- 2014-11-04 TW TW103138237A patent/TWI561040B/zh active
-
2016
- 2016-10-03 US US15/283,590 patent/US9923928B2/en active Active
-
2018
- 2018-01-11 JP JP2018002654A patent/JP6470433B2/ja active Active
- 2018-02-07 US US15/891,214 patent/US10212191B2/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100106655A1 (en) * | 2001-07-26 | 2010-04-29 | Bernd Schneider | CPW method with application in a CPW enterprise architecture engine |
| US20040199792A1 (en) * | 2002-11-04 | 2004-10-07 | Godfrey Tan | Role grouping |
| US20110209195A1 (en) * | 2010-02-22 | 2011-08-25 | Avaya Inc. | Flexible security boundaries in an enterprise network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI696090B (zh) * | 2017-10-24 | 2020-06-11 | 香港商阿里巴巴集團服務有限公司 | 模型訓練方法、檢測url的方法及裝置 |
Also Published As
| Publication number | Publication date |
|---|---|
| US20150128211A1 (en) | 2015-05-07 |
| US10212191B2 (en) | 2019-02-19 |
| CN105684391A (zh) | 2016-06-15 |
| WO2015066369A1 (en) | 2015-05-07 |
| US9485279B2 (en) | 2016-11-01 |
| US9923928B2 (en) | 2018-03-20 |
| US20180167417A1 (en) | 2018-06-14 |
| US20170026418A1 (en) | 2017-01-26 |
| EP3066815A4 (en) | 2017-08-02 |
| JP6276417B2 (ja) | 2018-02-07 |
| JP2018088686A (ja) | 2018-06-07 |
| JP6470433B2 (ja) | 2019-02-13 |
| TW201521406A (zh) | 2015-06-01 |
| EP3066815A1 (en) | 2016-09-14 |
| EP3066815B1 (en) | 2019-12-04 |
| JP2016540463A (ja) | 2016-12-22 |
| CN105684391B (zh) | 2019-06-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI561040B (en) | Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model | |
| EP2984580A4 (en) | DISTRIBUTED NETWORK MANAGEMENT SYSTEM USING LABEL-BASED LOGIC MULTIDIMENSIONAL POLICY MODEL | |
| TWI560554B (en) | Pairing in a distributed network management system that uses a logical multi-dimensional label-based policy model | |
| EP2995041A4 (en) | CONTROL AND MANAGEMENT OF VIRTUAL BUSINESS ACCESS POINT | |
| GB201516370D0 (en) | Creating rules for use in third-party tag management systems | |
| EP3050245A4 (en) | CENTRALIZED GUIDANCE MANAGEMENT FOR SECURITY KEYS | |
| ZA201504431B (en) | Systems and methods for accessing a network | |
| EP3084613A4 (en) | Management of storage in a storage network | |
| HUE043236T2 (hu) | Hálózatkezelés | |
| EP2951778A4 (en) | METHODS AND SYSTEMS FOR AN ONLINE ONLINE SOCIAL NETWORK BASED ON A LOCATION | |
| EP2992428A4 (en) | PRIORITIZING A RECONSTITUTION OF DATA STORED IN A DISPERSED STORAGE NETWORK | |
| SG11201601780UA (en) | Collaborative financial management | |
| EP3024174A4 (en) | SYSTEM, ENTITY AND METHOD OF TROUBLESHOOTING | |
| PT3028358T (pt) | Sistema e método de gestão de energia em microredes e método para controlar a operação de uma microrede | |
| PL2826277T3 (pl) | Sieć hierarchiczna i zarządzanie interferencjami | |
| SG11201404593SA (en) | Energy management server, energy management method, and program | |
| HUE039035T2 (hu) | Rendszerek és eljárások ütközés menedzselésére szomszédságtudatos hálózatban | |
| EP2953230A4 (en) | ENERGY MANAGEMENT SYSTEM, ENERGY MANAGEMENT PROCESS, PROGRAM AND SERVER | |
| EP2887222A4 (en) | ADMINISTRATIVE SYSTEM AND ADMINISTRATIVE PROGRAM | |
| EP2946457A4 (en) | COORDINATED CONTROL METHOD FOR DISTRIBUTION NETWORK WITH DISTRIBUTED ENERGY RESOURCES AND ELECTRIC VEHICLES AND ITS CONTROL SYSTEM | |
| GB201513849D0 (en) | Storage management calculator, and storage management method | |
| EP2993930A4 (en) | AREA MANAGEMENT PROCESS AND CORE NETWORK CONTROL | |
| GB201322440D0 (en) | Transforming rules into generalised rules in a rule management system | |
| EP3000210A4 (en) | WEIGHTED INGESTION RULE MANAGEMENT IN A CONTENT BROADCAST NETWORK | |
| GB201522546D0 (en) | Power management in a power over data network |