Чем программировать cpu122 1r
Перейти к содержимому

Чем программировать cpu122 1r

CN101375285B — 基于用户的网络活动动态调整计算机安全的方法和系统 — Google Patents

Publication number CN101375285B CN101375285B CN2006800385370A CN200680038537A CN101375285B CN 101375285 B CN101375285 B CN 101375285B CN 2006800385370 A CN2006800385370 A CN 2006800385370A CN 200680038537 A CN200680038537 A CN 200680038537A CN 101375285 B CN101375285 B CN 101375285B Authority CN China Prior art keywords user security computing equipment computational resource indicated value Prior art date 2005-10-20 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.) Expired — Fee Related Application number CN2006800385370A Other languages English ( en ) Other versions CN101375285A ( zh Inventor C·R·科利 J·贾纳吉拉曼 L·E·乌尔曼 Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.) International Business Machines Corp Original Assignee International Business Machines Corp Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.) 2005-10-20 Filing date 2006-10-03 Publication date 2011-09-07 2006-10-03 Application filed by International Business Machines Corp filed Critical International Business Machines Corp 2009-02-25 Publication of CN101375285A publication Critical patent/CN101375285A/zh 2011-09-07 Application granted granted Critical 2011-09-07 Publication of CN101375285B publication Critical patent/CN101375285B/zh Status Expired — Fee Related legal-status Critical Current 2026-10-03 Anticipated expiration legal-status Critical

Links

Images

Classifications

    • H — ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L — TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00 — Network architectures or network communication protocols for network security
    • H04L63/20 — Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • G — PHYSICS
    • G06 — COMPUTING; CALCULATING OR COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00 — Digital computers in general; Data processing equipment in general
    • G — PHYSICS
    • G06 — COMPUTING; CALCULATING OR COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00 — Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G — PHYSICS
    • G06 — COMPUTING; CALCULATING OR COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00 — Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50 — Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52 — Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53 — Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • G — PHYSICS
    • G06 — COMPUTING; CALCULATING OR COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00 — Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50 — Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55 — Detecting local intrusion or implementing counter-measures
    • G06F21/554 — Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • H — ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L — TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00 — Network architectures or network communication protocols for network security
    • H04L63/10 — Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102 — Entity profiles
    • H — ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L — TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00 — Network architectures or network communication protocols for network security
    • H04L63/10 — Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105 — Multiple levels of security
    • G — PHYSICS
    • G06 — COMPUTING; CALCULATING OR COUNTING
    • G06F — ELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00 — Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21 — Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149 — Restricted operating environment
    • H — ELECTRICITY
    • H04 — ELECTRIC COMMUNICATION TECHNIQUE
    • H04L — TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00 — Network architectures or network communication protocols for network security
    • H04L63/14 — Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408 — Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425 — Traffic logging, e.g. anomaly detection

    Abstract

    Description

    基于用户的网络活动动态调整计算机安全的方法和系统
    本发明涉及一种改进的数据处理系统,并且特别地,涉及一种用于计算机安全的方法和装置。
    因此,通过这样的方式来改进数据处理系统上的计算安全会是有利的,即允许计算机安全过程相对于不同用户继续以灵活的方式实现,而又确保相对于一个用户实现或激活的计算机安全过程并不导致对于另一个用户的计算漏洞。
    优选地,本发明提供了一种方法,其进一步包括:监控关于由所述第二用户使用的计算资源的网络活动;过滤关于由所述第二用户使用的计算资源的网络活动;以及记录关于由所述第二用户使用的计算资源的有问题的网络活动。
    优选地,本发明提供了一种方法,其进一步包括:采用第一可配置策略,其指示用于过滤所述网络活动的规则和/或条件。
    优选地,本发明提供了一种方法,其进一步包括:检查所述第二用户的所记录的有问题的网络活动;以及基于来自检查到的所记录的有问题的网络活动的信息,确定所述第二用户安全级别指示值。
    优选地,本发明提供了一种方法,其进一步包括:采用第二可配置策略,其指示用于确定所述第二用户安全级别指示值的规则和/或条件。
    优选地,本发明提供了一种方法,其进一步包括:采用第三可配置策略,其指示用于调整所述第一计算设备上的计算资源的计算安全级别指示值的规则和/或条件。
    优选地,本发明提供了一种方法,其进一步包括:基于所调整的计算安全级别指示值,确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数。
    优选地,本发明提供了一种方法,其进一步包括:采用第四可配置策略,其指示用于确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数的规则和/或条件。
    优选地,本发明提供了一种方法,其进一步包括:将修改的安全相关参数从集中式安全管理应用发送至所述第一计算设备上的网络安全代理。
    优选地,本发明提供了一种方法,其进一步包括:通知所述第一用户对所述第一计算设备的重新配置。
    优选地,本发明提供了一种方法,其进一步包括:从所述数据处理系统的外部源检索所述第二用户安全级别指示值。
    优选地,本发明提供了一种计算机程序产品,其进一步包括:用于基于所调整的计算安全级别指示值来确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数的装置。
    优选地,本发明提供了一种装置,其进一步包括:用于基于所调整的计算安全级别指示值来确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数的装置。
    下面将参照附图,并且仅通过例子的方式来详细描述本发明的实施例,其中:
    图1A描绘了可以在其中实现本发明的典型分布式数据处理系统;
    图1B描绘了可以在数据处理系统内使用的典型计算机体系结构,其中,在该数据处理系统中可以实现本发明;
    图2描绘了示出典型企业数据处理系统的框图;
    图3描绘了示出合并了本发明的动态安全调整特征的数据处理系统的概况的框图;
    图4A-4B依照本发明描绘了示出对设备的计算安全级别的动态调整的一对时间线(timelines);
    图4C-4D描绘了示出在给定用户的用户安全级别与给定计算资源的计算安全级别之间的逆反关系的示图;
    图5依照本发明的实施例描绘了示出用于收集对用户安全级别的确定造成影响的信息的过程的流程图;
    图6依照本发明的实施例描绘了示出在其中分析先前记录的用户活动以便影响对特定用户的用户安全级别的确定的过程的流程图;
    图7A-7G描绘了示出在数据处理系统中用于支持安全级别的动态调整的组件的一组框图;以及
    图8依照本发明的实施例描绘了示出在其中网络上的用户活动可以触发对网络内的现用资源的计算安全级别值的动态调整的过程的流程图。
    一般而言,可以包括或涉及本发明的设备包括种类繁多的数据处理技术。因此,如同背景技术,在较为详细地描述本发明之前,描述了分布式数据处理系统内的硬件和软件组件的典型组织。

    在所描绘的例子中,分布式数据处理系统100可以包括具有网络101的因特网,其表示使用各种协议(例如,轻量级目录访问协议(LDAP)、传输控制协议/网际协议(TCP/IP)、文件传送协议(FTP)、超文本传输协议(HTTP)、无线应用协议(WAP)等)来相互通信的全世界网络和网关的集合。当然,举例来说,分布式数据处理系统100还可以包括多个不同类型的网络,例如内联网、局域网(LAN)或广域网(WAN)。举例来说,服务器102直接支持客户机109和网络110(其合并了无线通信链路)。启用网络的电话111通过无线链路112连接至网络110,并且PDA 113通过无线链路114连接至网络110。电话111和PDA 113还可以使用适当的技术(例如,Bluetooth TM (蓝牙)无线技术)通过无线链路115直接在它们之间传送数据,以便创建所谓的个人区域网(PAN)或个人ad-hoc(特定的)网络。以类似的方式,PDA 113可以通过无线通信链路116向PDA107传送数据。

    本发明可以在各种硬件平台上实现;图1A旨在作为不同计算环境的例子,而并不作为对本发明的体系结构的限制。
    本领域的普通技术人员可以理解,图1B中的硬件可以取决于系统实现而变化。举例来说,系统可以具有一个或多个处理器,例如,基于

    Figure S2006800385370D00081

    除了能够在各种硬件平台上实现之外,本发明还可以在各种软件环境中实现。典型的操作系统可以用于控制每个数据处理系统内的程序执行。举例来说,一个设备可以运行

    Figure S2006800385370D00082

    操作系统,而另一个设备含有简单

    Figure S2006800385370D00083

    认证服务器214可以支持各种认证机制,例如用户名/口令、X.509证书或安全令牌;多个认证服务器可以专用于专门的认证方法。授权服务器216可以采用授权数据库218,其含有诸如访问控制列表220、授权策略222这样的信息、关于用户注册表224内的用户的信息,以及关于用户组或角色226的信息。使用该信息,授权服务器216向代理服务器214提供对于是否应当允许继续进行对访问计算资源的特定请求(即,响应于来自客户机206的请求,是否应当准许访问受控计算资源)的指示。安全顺应服务器(security compliance server)228实施IT安全以及与用户及其系统相关联的其它管理活动。

    可以将特定的计算任务描述为由功能单元实现。功能单元可以由例程、子例程、过程、子过程、程序、函数、方法、面向对象的对象、软件模块、小应用程序(applet)、插件、ActiveX TM 控件、脚本或用于实现计算任务的软件或固件的一些其它的组件来表示。

    Claims ( 13 )

    1.一种用于使得关于数据处理系统中的一组计算资源的操作安全的方法,所述方法包括:
    在正由第一用户使用的第一计算设备上采用计算资源,其中第一用户安全级别指示值与所述第一用户相关联;
    在正由第二用户使用的第二计算设备上采用计算资源,其中第二用户安全级别指示值与所述第二用户相关联;以及
    2.根据权利要求1所述的方法,其进一步包括:
    监控关于由所述第二用户使用的计算资源的网络活动;
    过滤关于由所述第二用户使用的计算资源的网络活动;以及
    记录关于由所述第二用户使用的计算资源的有问题的网络活动。
    3.根据权利要求2所述的方法,其进一步包括:
    采用第一可配置策略,所述第一可配置策略指示用于过滤所述网络活动的规则和/或条件。
    4.根据权利要求2所述的方法,其进一步包括:
    检查所述第二用户的所记录的有问题的网络活动;以及
    基于来自检查到的所记录的有问题的网络活动的信息,确定所述第二用户安全级别指示值。
    5.根据权利要求4所述的方法,其进一步包括:
    采用第二可配置策略,所述第二可配置策略指示用于确定所述第二用户安全级别指示值的规则和/或条件。
    6.根据权利要求1所述的方法,其进一步包括:
    采用第三可配置策略,所述第三可配置策略指示用于调整所述第一计算设备上的计算资源的计算安全级别指示值的规则和/或条件。
    7.根据权利要求1所述的方法,其进一步包括:
    基于所调整的计算安全级别指示值,确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数。
    8.根据权利要求7所述的方法,其进一步包括:
    采用第四可配置策略,所述第四可配置策略指示用于确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数的规则和/或条件。
    9.根据权利要求1所述的方法,其进一步包括:
    将修改的安全相关参数从集中式安全管理应用发送至所述第一计算设备上的网络安全代理。
    10.根据权利要求1所述的方法,其进一步包括:
    通知所述第一用户对所述第一计算设备的重新配置。
    11.根据权利要求1所述的方法,其进一步包括:
    从所述数据处理系统的外部源检索所述第二用户安全级别指示值。
    12.一种用于使得关于数据处理系统中的一组计算资源的操作安全的装置,所述装置包括:
    用于在正由第一用户使用的第一计算设备上采用计算资源的装置,其中第一用户安全级别指示值与所述第一用户相关联;
    用于在正由第二用户使用的第二计算设备上采用计算资源的装置,其中第二用户安全级别指示值与所述第二用户相关联;以及
    13.根据权利要求12所述的装置,其进一步包括:
    用于基于所调整的计算安全级别指示值来确定用于重新配置所述第一计算设备上的计算资源的修改的安全相关参数的装置。

    CN2006800385370A 2005-10-20 2006-10-03 基于用户的网络活动动态调整计算机安全的方法和系统 Expired — Fee Related CN101375285B ( zh )

    Applications Claiming Priority (3)

    Application Number Priority Date Filing Date Title
    US11/255,153 US7627893B2 ( en )

    2005-10-20 2005-10-20 Method and system for dynamic adjustment of computer security based on network activity of users
    US11/255,153

    2005-10-20
    PCT/EP2006/066996 WO2007045554A2 ( en )

    2005-10-20 2006-10-03 Method and system for dynamic adjustment of computer security based on network activity of users

    Publications (2)

    Publication Number Publication Date
    CN101375285A CN101375285A ( zh ) 2009-02-25
    CN101375285B true CN101375285B ( zh ) 2011-09-07

    Family

    ID=37667681

    Family Applications (1)

    Application Number Title Priority Date Filing Date
    CN2006800385370A Expired — Fee Related CN101375285B ( zh ) 2005-10-20 2006-10-03 基于用户的网络活动动态调整计算机安全的方法和系统

    Country Status (8)

    Country Link
    US ( 2 ) US7627893B2 ( zh )
    EP ( 1 ) EP1949291A2 ( zh )
    JP ( 1 ) JP5078898B2 ( zh )
    KR ( 1 ) KR101019988B1 ( zh )
    CN ( 1 ) CN101375285B ( zh )
    CA ( 1 ) CA2625718C ( zh )
    TW ( 1 ) TWI394059B ( zh )
    WO ( 1 ) WO2007045554A2 ( zh )

    Families Citing this family (101)

    * Cited by examiner, † Cited by third party

    Publication number Priority date Publication date Assignee Title
    US8407785B2 ( en ) * 2005-08-18 2013-03-26 The Trustees Of Columbia University In The City Of New York Systems, methods, and media protecting a digital data processing device from attack
    US7761914B2 ( en ) * 2005-10-21 2010-07-20 Oracle International Corporation Method and apparatus for facilitating adjustment of an audit state in a computing environment
    US8849858B2 ( en ) 2005-12-29 2014-09-30 Nextlabs, Inc. Analyzing activity data of an information management system
    US8108923B1 ( en ) * 2005-12-29 2012-01-31 Symantec Corporation Assessing risk based on offline activity history
    US8744885B2 ( en ) * 2006-03-28 2014-06-03 Snowflake Itm, Inc. Task based organizational management system and method
    US8555403B1 ( en ) * 2006-03-30 2013-10-08 Emc Corporation Privileged access to managed content
    US8079075B2 ( en ) * 2006-08-25 2011-12-13 Oracle International Corporation Active reverse proxy system
    US8522304B2 ( en ) * 2006-09-08 2013-08-27 Ibahn General Holdings Corporation Monitoring and reporting policy compliance of home networks
    JP4276672B2 ( ja ) * 2006-10-03 2009-06-10 シャープ株式会社 画像処理装置
    US8069408B2 ( en ) * 2006-11-16 2011-11-29 Novell, Inc. Representing extensible markup language (XML) as an executable having conditional authentication or policy logic
    US8590004B2 ( en ) * 2007-02-16 2013-11-19 Forescout Technologies Inc Method and system for dynamic security using authentication server
    EP2009865A1 ( en ) * 2007-06-25 2008-12-31 Alcatel Lucent Method of providing an access control system
    US20090044249A1 ( en ) * 2007-08-10 2009-02-12 International Business Machines Corporation Systems, methods and computer products for a security framework to reduce on-line computer exposure
    US8347359B2 ( en ) * 2007-12-28 2013-01-01 Bruce Backa Encryption sentinel system and method
    US9264669B2 ( en ) * 2008-02-26 2016-02-16 Microsoft Technology Licensing, Llc Content management that addresses levels of functionality
    EP2107518A1 ( en ) * 2008-03-31 2009-10-07 British Telecommunications Public Limited Company Scheduling usage of resources
    US20090276839A1 ( en ) * 2008-05-02 2009-11-05 Fortknock Protection Llc Identity collection, verification and security access control system
    TWI451276B ( zh ) * 2008-06-03 2014-09-01 Intergraph Technologies Co 用以在物件導向企業工程系統中複製複數個物件之方法、裝置及電腦程式產品
    US20100005181A1 ( en ) * 2008-07-07 2010-01-07 Chengdu Huawei Symantec Technologies Co., Ltd. Method and system for controlling a terminal access and terminal for controlling an access
    US20100011432A1 ( en ) * 2008-07-08 2010-01-14 Microsoft Corporation Automatically distributed network protection
    JP5148442B2 ( ja ) * 2008-09-30 2013-02-20 株式会社東芝 脆弱性対応優先度表示装置及びプログラム
    US8275899B2 ( en ) * 2008-12-29 2012-09-25 At&T Intellectual Property I, L.P. Methods, devices and computer program products for regulating network activity using a subscriber scoring system
    EP2211523B1 ( de ) * 2009-01-23 2016-05-04 Siemens Aktiengesellschaft Kommunikationsnetzwerk und Umsetzermodul
    US8392972B2 ( en ) * 2009-02-11 2013-03-05 Sophos Plc Protected access control method for shared computer resources
    US8024482B2 ( en ) * 2009-02-16 2011-09-20 Microsoft Corporation Dynamic firewall configuration
    US9275231B1 ( en ) * 2009-03-10 2016-03-01 Symantec Corporation Method and apparatus for securing a computer using an optimal configuration for security software based on user behavior
    US9426179B2 ( en ) 2009-03-17 2016-08-23 Sophos Limited Protecting sensitive information from a secure data store
    US20100251375A1 ( en ) * 2009-03-24 2010-09-30 G2, Inc. Method and apparatus for minimizing network vulnerability
    US7685629B1 ( en ) 2009-08-05 2010-03-23 Daon Holdings Limited Methods and systems for authenticating users
    US8443202B2 ( en ) 2009-08-05 2013-05-14 Daon Holdings Limited Methods and systems for authenticating users
    US7865937B1 ( en ) 2009-08-05 2011-01-04 Daon Holdings Limited Methods and systems for authenticating users
    CA2675664A1 ( en ) * 2009-08-28 2009-11-05 Ibm Canada Limited — Ibm Canada Limitee Escalation of user identity and validation requirements to counter a threat
    US9742778B2 ( en ) * 2009-09-09 2017-08-22 International Business Machines Corporation Differential security policies in email systems
    JP5503276B2 ( ja ) * 2009-11-18 2014-05-28 キヤノン株式会社 情報処理装置及びそのセキュリティ設定方法
    WO2011063269A1 ( en ) * 2009-11-20 2011-05-26 Alert Enterprise, Inc. Method and apparatus for risk visualization and remediation
    US10019677B2 ( en ) 2009-11-20 2018-07-10 Alert Enterprise, Inc. Active policy enforcement
    US10027711B2 ( en ) 2009-11-20 2018-07-17 Alert Enterprise, Inc. Situational intelligence
    US20110185166A1 ( en ) * 2010-01-28 2011-07-28 Microsoft Corporation Slider Control for Security Grouping and Enforcement
    US8424072B2 ( en ) * 2010-03-09 2013-04-16 Microsoft Corporation Behavior-based security system
    US8826030B2 ( en ) 2010-03-22 2014-09-02 Daon Holdings Limited Methods and systems for authenticating users
    US9246932B2 ( en ) 2010-07-19 2016-01-26 Sitelock, Llc Selective website vulnerability and infection testing
    US8869307B2 ( en ) * 2010-11-19 2014-10-21 Mobile Iron, Inc. Mobile posture-based policy, remediation and access control for enterprise resources
    US9621585B1 ( en ) * 2011-07-25 2017-04-11 Symantec Corporation Applying functional classification to tune security policies and posture according to role and likely activity
    US9055053B2 ( en ) * 2011-08-15 2015-06-09 Bank Of America Corporation Method and apparatus for token-based combining of risk ratings
    US9253197B2 ( en ) 2011-08-15 2016-02-02 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
    US8726361B2 ( en ) 2011-08-15 2014-05-13 Bank Of America Corporation Method and apparatus for token-based attribute abstraction
    KR20140071413A ( ko ) * 2011-09-09 2014-06-11 미쓰비시덴키 가부시키가이샤 프로그래머블 표시기
    EP2756366B1 ( en ) 2011-09-15 2020-01-15 The Trustees of Columbia University in the City of New York Systems, methods, and media for detecting return-oriented programming payloads
    US9787655B2 ( en ) * 2011-12-09 2017-10-10 Airwatch Llc Controlling access to resources on a network
    US10719537B2 ( en ) 2012-02-09 2020-07-21 Hexagon Technology Center Gmbh Method and apparatus for performing a geometric transformation on objects in an object-oriented environment using a multiple-transaction technique
    US9177129B2 ( en ) * 2012-06-27 2015-11-03 Intel Corporation Devices, systems, and methods for monitoring and asserting trust level using persistent trust log
    US9514407B1 ( en ) * 2012-09-27 2016-12-06 EMC IP Holding Company LLC Question generation in knowledge-based authentication from activity logs
    WO2014075704A1 ( de ) * 2012-11-13 2014-05-22 Siemens Aktiengesellschaft Verfahren und automatisierungsanordnung zur kontrolle des datenverkehrs zwischen datenverarbeitungsgeräten
    JP6318698B2 ( ja ) * 2013-04-10 2018-05-09 株式会社リコー セキュリティ管理システム、セキュリティ管理方法およびプログラム
    US9319221B1 ( en ) * 2013-05-20 2016-04-19 Amazon Technologies, Inc. Controlling access based on recognition of a user
    US9408073B2 ( en ) * 2013-09-11 2016-08-02 Oracle International Corporation Proximity and behavior-based enterprise security using a mobile device
    US9055057B1 ( en ) * 2013-09-23 2015-06-09 Emc Corporation Automatic elevation of system security
    US9246935B2 ( en ) 2013-10-14 2016-01-26 Intuit Inc. Method and system for dynamic and comprehensive vulnerability management
    CN103581186B ( zh ) * 2013-11-05 2016-09-07 中国科学院计算技术研究所 一种网络安全态势感知方法及系统
    US9313281B1 ( en ) 2013-11-13 2016-04-12 Intuit Inc. Method and system for creating and dynamically deploying resource specific discovery agents for determining the state of a cloud computing environment
    US9336119B2 ( en ) * 2013-11-25 2016-05-10 Globalfoundries Inc. Management of performance levels of information technology systems
    US9501345B1 ( en ) 2013-12-23 2016-11-22 Intuit Inc. Method and system for creating enriched log data
    US9323926B2 ( en ) 2013-12-30 2016-04-26 Intuit Inc. Method and system for intrusion and extrusion detection
    US20150304343A1 ( en ) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
    US9325726B2 ( en ) 2014-02-03 2016-04-26 Intuit Inc. Method and system for virtual asset assisted extrusion and intrusion detection in a cloud computing environment
    US9866581B2 ( en ) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
    US10757133B2 ( en ) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
    KR102137089B1 ( ko ) * 2014-02-25 2020-07-23 (주)나루씨큐리티 명령제어채널 탐지장치 및 방법
    US9450820B2 ( en ) * 2014-02-26 2016-09-20 International Business Machines Corporation Dynamic extensible application server management
    US9276945B2 ( en ) 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
    US9245117B2 ( en ) 2014-03-31 2016-01-26 Intuit Inc. Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
    US11294700B2 ( en ) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
    US9374389B2 ( en ) 2014-04-25 2016-06-21 Intuit Inc. Method and system for ensuring an application conforms with security and regulatory controls prior to deployment
    US20150310213A1 ( en ) * 2014-04-29 2015-10-29 Microsoft Corporation Adjustment of protection based on prediction and warning of malware-prone activity
    US9900322B2 ( en ) 2014-04-30 2018-02-20 Intuit Inc. Method and system for providing permissions management
    US9319415B2 ( en ) 2014-04-30 2016-04-19 Intuit Inc. Method and system for providing reference architecture pattern-based permissions management
    US9330263B2 ( en ) 2014-05-27 2016-05-03 Intuit Inc. Method and apparatus for automating the building of threat models for the public cloud
    EP2955899A1 ( en ) * 2014-06-13 2015-12-16 Orange Method and apparatus to regulate a digital security system that controls access to a resource
    US9697385B2 ( en ) 2014-06-20 2017-07-04 Google Inc. Security adjustments in mobile devices
    US10102082B2 ( en ) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
    US9473481B2 ( en ) 2014-07-31 2016-10-18 Intuit Inc. Method and system for providing a virtual asset perimeter
    US9716692B2 ( en ) * 2015-01-01 2017-07-25 Bank Of America Corporation Technology-agnostic application for high confidence exchange of data between an enterprise and third parties
    CN104732160B ( zh ) * 2015-02-03 2018-04-13 武汉风奥软件技术有限公司 一种防止数据库信息内部泄密的控制方法
    US10754931B2 ( en ) 2015-06-05 2020-08-25 Apple Inc. Methods for configuring security restrictions of a data processing system
    US9942237B2 ( en ) * 2015-08-28 2018-04-10 Bank Of America Corporation Determining access requirements for online accounts based on characteristics of user devices
    US9930070B2 ( en ) 2015-11-11 2018-03-27 International Business Machines Corporation Modifying security policies of related resources
    US20170149828A1 ( en ) * 2015-11-24 2017-05-25 International Business Machines Corporation Trust level modifier
    US10360525B1 ( en ) * 2016-02-16 2019-07-23 Wells Fargo Bank, N.A. Timely quality improvement of an inventory of elements
    US20170346837A1 ( en ) * 2016-05-31 2017-11-30 Micro Focus Software Inc. Real-time security modification and control
    EP3532970B1 ( en ) * 2016-10-25 2021-12-01 Michael Ratiner A system and method for securing electronic devices
    US10395016B2 ( en ) * 2017-01-24 2019-08-27 International Business Machines Corporation Communication pattern recognition
    JP6960309B2 ( ja ) * 2017-11-10 2021-11-05 株式会社オービック 情報処理装置、情報処理方法及び情報処理プログラム
    US10839084B2 ( en ) * 2017-12-14 2020-11-17 Forescout Technologies, Inc. Contextual risk monitoring
    CN110677250B ( zh ) 2018-07-02 2022-09-02 阿里巴巴集团控股有限公司 密钥和证书分发方法、身份信息处理方法、设备、介质
    CN110795774B ( zh ) 2018-08-02 2023-04-11 阿里巴巴集团控股有限公司 基于可信高速加密卡的度量方法、设备和系统
    CN110795742B ( zh ) 2018-08-02 2023-05-02 阿里巴巴集团控股有限公司 高速密码运算的度量处理方法、装置、存储介质及处理器
    CN110874478B ( zh ) 2018-08-29 2023-05-02 阿里巴巴集团控股有限公司 密钥处理方法及装置、存储介质和处理器
    CN110875819B ( zh ) * 2018-08-29 2022-09-06 阿里巴巴集团控股有限公司 密码运算处理方法、装置及系统
    CN112417379B ( zh ) * 2020-11-10 2022-02-22 迈普通信技术股份有限公司 一种集群许可证管理方法、装置、授权服务器及存储介质
    US11716340B2 ( en ) * 2021-05-28 2023-08-01 Microsoft Technology Licensing, Llc Threat detection using cloud resource management logs
    US11709611B2 ( en ) 2021-10-26 2023-07-25 SambaNova Systems, Inc. Determining and using memory unit partitioning solutions for reconfigurable dataflow computing systems

    Citations (3)

    * Cited by examiner, † Cited by third party

    Publication number Priority date Publication date Assignee Title
    WO2003060800A2 ( en ) * 2002-01-09 2003-07-24 Innerpresence Networks, Inc. Systems and methods for monitoring the availability of assets within a system and enforcing policies governing assets
    WO2003084170A1 ( en ) * 2002-03-28 2003-10-09 British Telecommunications Public Limited Company Method and apparatus for network security
    WO2004063960A1 ( en ) * 2003-01-09 2004-07-29 Innerpresence Networks, Inc. Systems and methods for dynamic policy management

    Family Cites Families (15)

    * Cited by examiner, † Cited by third party

    Publication number Priority date Publication date Assignee Title
    US6047262A ( en ) * 1998-03-02 2000-04-04 Ncr Corporation Method for providing security and enhancing efficiency during operation of a self-service checkout terminal
    US7673323B1 ( en ) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
    US7284267B1 ( en ) * 2001-03-08 2007-10-16 Mcafee, Inc. Automatically configuring a computer firewall based on network connection
    TW583568B ( en ) * 2001-08-27 2004-04-11 Dataplay Inc A secure access method and system
    US8776230B1 ( en ) 2001-10-02 2014-07-08 Mcafee, Inc. Master security policy server
    US7478418B2 ( en ) * 2001-12-12 2009-01-13 Guardian Data Storage, Llc Guaranteed delivery of changes to security policies in a distributed system
    US20040039594A1 ( en ) * 2002-01-09 2004-02-26 Innerpresence Networks, Inc. Systems and methods for dynamically generating licenses in a rights management system
    US7308703B2 ( en ) * 2002-12-18 2007-12-11 Novell, Inc. Protection of data accessible by a mobile device
    US7134015B2 ( en ) * 2003-01-16 2006-11-07 International Business Machines Corporation Security enhancements for pervasive devices
    US7653930B2 ( en ) * 2003-02-14 2010-01-26 Bea Systems, Inc. Method for role and resource policy management optimization
    JP4517578B2 ( ja ) * 2003-03-11 2010-08-04 株式会社日立製作所 ピアツーピア通信装置および通信方法
    US20050015592A1 ( en ) * 2003-07-15 2005-01-20 Jeou-Kai Lin System and method for application and user-based class of security
    KR20050026624A ( ko ) * 2003-09-09 2005-03-15 이상준 정책기반 네트워크를 이용한 피씨의 통합 보안시스템 및방법
    US7565430B2 ( en ) * 2003-10-01 2009-07-21 At&T Intellectual Property I, L.P. Firewall switching system for communication system applications
    JP2005208822A ( ja ) * 2004-01-21 2005-08-04 Seiko Epson Corp 認証装置、携帯端末、電子決済システムおよび認証プログラム
    • 2005
      • 2005-10-20 US US11/255,153 patent/US7627893B2/en not_active Expired — Fee Related
      • 2006-10-03 CA CA2625718A patent/CA2625718C/en active Active
      • 2006-10-03 EP EP06806941A patent/EP1949291A2/en not_active Ceased
      • 2006-10-03 JP JP2008536009A patent/JP5078898B2/ja not_active Expired — Fee Related
      • 2006-10-03 WO PCT/EP2006/066996 patent/WO2007045554A2/en active Application Filing
      • 2006-10-03 KR KR1020087009474A patent/KR101019988B1/ko not_active IP Right Cessation
      • 2006-10-03 CN CN2006800385370A patent/CN101375285B/zh not_active Expired — Fee Related
      • 2006-10-18 TW TW095138442A patent/TWI394059B/zh not_active IP Right Cessation
      • 2008-06-03 US US12/132,260 patent/US7865726B2/en not_active Expired — Fee Related

      Patent Citations (3)

      * Cited by examiner, † Cited by third party

      Publication number Priority date Publication date Assignee Title
      WO2003060800A2 ( en ) * 2002-01-09 2003-07-24 Innerpresence Networks, Inc. Systems and methods for monitoring the availability of assets within a system and enforcing policies governing assets
      WO2003084170A1 ( en ) * 2002-03-28 2003-10-09 British Telecommunications Public Limited Company Method and apparatus for network security
      WO2004063960A1 ( en ) * 2003-01-09 2004-07-29 Innerpresence Networks, Inc. Systems and methods for dynamic policy management

      Also Published As

      Publication number Publication date
      EP1949291A2 ( en ) 2008-07-30
      KR101019988B1 ( ko ) 2011-03-09
      JP2009512922A ( ja ) 2009-03-26
      US7865726B2 ( en ) 2011-01-04
      CN101375285A ( zh ) 2009-02-25
      TW200736953A ( en ) 2007-10-01
      KR20080056734A ( ko ) 2008-06-23
      WO2007045554A2 ( en ) 2007-04-26
      TWI394059B ( zh ) 2013-04-21
      US7627893B2 ( en ) 2009-12-01
      CA2625718C ( en ) 2015-04-21
      WO2007045554A3 ( en ) 2008-08-28
      US20080235771A1 ( en ) 2008-09-25
      US20070094711A1 ( en ) 2007-04-26
      JP5078898B2 ( ja ) 2012-11-21
      CA2625718A1 ( en ) 2007-04-26

      Similar Documents

      Publication Publication Date Title
      CN101375285B ( zh ) 2011-09-07 基于用户的网络活动动态调整计算机安全的方法和系统
      US9338176B2 ( en ) 2016-05-10 Systems and methods of identity and access management
      US20070083915A1 ( en ) 2007-04-12 Method and system for dynamic adjustment of computer security based on personal proximity
      KR102024142B1 ( ko ) 2019-09-23 사용자의 서버접근 패턴 기반 이상 사용자를 탐지 및 제어하는 접근통제 시스템
      Bailey et al. 2011 Self-adaptive authorization framework for policy based RBAC/ABAC models
      Cao et al. 2020 A topology and risk-aware access control framework for cyber-physical space
      CN109150853A ( zh ) 2019-01-04 基于角色访问控制的入侵检测系统及方法
      Alfaqih et al. 2016 Internet of things security based on devices architecture
      Arunkumar et al. 2022 Malicious attack detection approach in cloud computing using machine learning techniques
      Anand et al. 2020 Data security and privacy functions in fog computing for healthcare 4.0
      Kilovaty 2020 Availability’s Law
      Mohammed et al. 2022 Data security and protection: A mechanism for managing data theft and cybercrime in online platforms of educational institutions
      Alshiky et al. 2017 Attribute-based access control (ABAC) for EHR in fog computing environment
      YUSUF et al. 2022 CYBER SECURITY AND ITS IMPLICATION ON LIBRARY USERS’PRIVACY
      Ayele et al. 2023 Threat Actors and Methods of Attack to Social Robots in Public Spaces
      Kraus et al. 2008 Security management process or video surveillance systems in heterogeneous communication networks
      Butler et al. 2011 Graceful privilege reduction in RFID security
      KR20230072648A ( ko ) 2023-05-25 다중 신뢰도 기반 접근통제 시스템
      Sarala et al. 2015 Prediction of Insider Threats for Effective Information Security Risk Assessment
      Mehra 2022 INTRUSION DETECTION SYSTEMS ARCHITECTURE FOR INTERNET BANKING USING ARTIFICIAL IMMUNE SYSTEM
      Sasada et al. 2021 Zero-Trust Access Control Focusing on Imbalanced Distribution in Browser Clickstreams
      Ameta et al. 2023 Machine Learning-Based Intrusion Detection for IOT Devices
      Umrigar et al. 2020 Review of Data Security Frameworks for Secure Cloud Computing
      Galochkin et al. 2022 Complex protection of information in operating systems
      CN115766067A ( zh ) 2023-03-07 一种函数服务管理方法及装置

      Legal Events

      Granted publication date: 20110907

      Termination date: 20201003

      Серия XPAC

      XP-9171-WES7

      Контроллер с процессором E3827 1.75 ГГц, 2 Гб DDR3 SDRAM, слот mSATA с 32 Гб SSD, 1 x RS-232, 1 x RS-485, 2 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 1 слот расширения, WES7 SP1

      6119449 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-9371-WES7

      Доступно к заказу

      Контроллер с процессором E3827 1.75 ГГц, 2 Гб DDR3 SDRAM, слот mSATA с 32 Гб SSD, 1 x RS-232, 1 x RS-485, 2 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 3 слота расширения, WES7 SP1

      6119450 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-9771-WES7

      Доступно к заказу

      Контроллер с процессором E3827 1.75 ГГц, 2 Гб DDR3 SDRAM, слот mSATA с 32 Гб SSD, 1 x RS-232, 1 x RS-485, 2 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 7 слотов расширения, WES7 SP1

      6119451 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8131-WES7 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 1 слот расширения, WES7

      6110904 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8331-WES7 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 3 слота расширения, WES7

      6110905 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8731-WES7 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, 7 слотов расширения, WES7

      6110906 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8331-CE6 CR

      Обновлено сегодня в 06:00 по МСК

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 8 Гб CF, 3 слота расширения, Windows CE 6.0

      6110907 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8731-CE6 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 8 Гб CF, 7 слотов расширения, Windows CE 6.0

      6112275 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8131-CE6 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 8 Гб CF, 1 слот расширения, Windows CE 6.0

      6118717 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      XP-8031-WES7 CR

      Доступно к заказу

      Контроллер с процессором x86 dual-core 1 ГГц, 2 Гб DDR3 SDRAM, 32 Гб Flash, 3 x RS-232, 1 x RS-485, 1 x RS-232/485, 1 x VGA, 2 x Gigabit Ethernet (RJ-45), 4 x USB 2.0, 16 Гб CF, без слотов расширения, WES7

      6122066 ICP DAS
      Поле не должно быть пустым или иметь значение «0»

      Программируемые логические контроллеры серий XPAC-8000 и XP-9000-WES7

      XPAC-8000 – это серия программируемых логических контроллеров, которая по производительности процессора и функциональности ОС стоит на вершине модельной пирамиды контроллеров ICP DAS. Программируемый контроллер XP-8000 фактически является встраиваемым персональным компьютером для управления технологическими процессами, построенным на базе процессора AMD LX 800 с частотой 500 МГц. Данные ПЛК предлагаются в двух вариантах ОС:

      1. ОС Windows Embedded Standard 2009, которая, по сути, является версией широко распространённой ОС Windows XP, оптимизированной для встраиваемых PC-платформ. XP-совместимая ОС позволяет использовать многообразие уже имеющихся Windows-приложений, включая ПО на основе SCADA-пакетов.

      2. ОС Windows Embedded CE 6.0 – оптимизирована для решения задач реального времени.
      Разработка нового ПО для контроллеров XPAC-8000 может производиться в среде Microsoft Visual Studio.NET, Delphi и C++Builder. Процесс разработки ПО ничем не отличается от написания Windows-приложений для обычного ПК.

      Серия программируемых контроллеров XPAC-8000 располагает дополнительными свойствами, позволяющими строить на её основе высоконадёжные системы управления. Среди этих свойств можно отметить дублированный LAN-интерфейс, дублированный вход питания, энергонезависимую SRAM-память и др.

      Контроллеры производства компании ICP DAS XPAC-8000 позволяют осуществлять локальный ввод-вывод аналоговых и дискретных сигналов посредством модулей серии I-87000W (с последовательной шиной) и более быстродействующих – серии I-8000W (с параллельной шиной), для которых на контроллере в зависимости от модели предусмотрено 0, 3 или 7 слотов расширения.

      Таким образом, контроллер XPAC-8000 выступает в качестве альтернативного решения для систем локального сбора данных на основе ПК и плат расширения. Системы распределённого ввода-вывода для XP-8000 могут быть построены на основе интерфейсов RS-232/RS-485 или Ethernet. Возможно также построение сетей сбора данных на основе альтернативных интерфейсов, таких как CAN, FRnet и др.

      Как и полноценный ПК, XPAC-8000 имеет встроенный VGA-порт, а также USB-интерфейс. Таким образом, подключая LCD-дисплей, клавиатуру и мышь (или сенсорную панель), пользователь может работать с HMI- или SCADA-приложениями, как на стандартном ПК. Контроллеры XP-8000 могут поставляться с предустановленными программными опциями ISaGRAF 3 (программирование на языках FBD, LD, ST, FBD, SFC) и InduSoft (SCADA-пакет).

      + В этом разделе представлены ПЛК серии XP-8000 производства компании ICP DAS. Все устройства сертифицированы и соответствуют требованиям стандартов и норм.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *