Systems and methods for generating policy coverage information for security-enhanced information handling systems

Assignee

• Dell Products L.P. · US

Inventor

• Prashanth Giri · Round Rock, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2141
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An information handling system may include a host system comprising a processor and a management controller communicatively coupled to the processor, the management controller comprising firmware having a security module configured to enforce access control in accordance with a security policy. The security module may be further configured to, with respect to a process: (i) with respect to a firmware process, receive a plurality of access requests from the firmware process, wherein such plurality of access requests is generated as a result of at least one test case being applied to the firmware process; (ii) for each particular request of the plurality of requests, determine if the particular request is permitted in accordance with the security policy and if the particular request is permitted in accordance with the security policy, add an entry to a coverage store, the entry comprising information regarding the particular request; and (iii) compare the coverage store to the security policy to generate a policy coverage data file setting forth security rules of the security policy covered by execution of the plurality of requests.