Exercising security control point (SCP) capabilities on live systems based on internal validation processing

Assignee

• International Business Machines Corporation · US

Inventors

• Ivan Dell'Era · Shirley, US
• Kevin O'Connor · Indianapolis, US
• William J. Rippon · Putnam Valley, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/20
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A security control point (SCP) that protects target computing system is tested in-place and while active. The approach is initiated the SCP receiving and processing one or more “simulated” communication flows. To this end, a test initiator system is configured to generate and transmit communication flows to the SCP being tested. The SCP extracts the encapsulated flow, and then processes that flow through one or more of the SCP's configured protection mechanisms. Thus, the SCP processes the simulated communication flow as though it were a real session, and thus to determine what actions, if any, should be taken with respect to that flow. After processing, the simulated session traffic is shunted or otherwise diverted away from the target computing system. The results of the SCP's processing, however, are output to other systems (e.g., logging or alerting mechanisms), or they are returned to the test initiation system, e.g., for correlation, reporting, and the like.