Patent · US Active

Security policy validation

US11722526B1 · kind B1 · utility

1Cited by

2References

20Claims

0Family size

Assignee

CITIBANK, N.A. · US

Inventors

Ilia Shevrin · Ramat Gan, IL
Mickey Hovel · Ashdod, IL
Max Leibovich · Ramla, IL
Oded Margalit · Ramat Gan, IL
Uri Kahana · Kfar Kara, IL

Key dates

Filing date	Apr 16, 2021
Grant date	Aug 8, 2023
Priority date	—
Expiry date	Sep 14, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A model checking system detects violations and conflicts in security and verification policies by running model checking processes. The system detects privilege escalation attacks in misconfigured identification and access management (“IAM”) policies by modeling security policy documents and IAM actions as logical formulas and then running model checking on the model. The system translates non-Boolean variables, such as string variables, into Boolean variables in order to apply an SAT model checker. The model checker also determines whether a policy violation can be achieved in a finite number of steps by elevating privileges of some compromised principal over multiple iterations of the model checking process, or proves absence thereof.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.