Patent · US Expired

Declarative language for specifying a security policy

US6779120B1 · kind B1 · utility

120Cited by

6References

9Claims

0Family size

Assignee

Securify, Inc. · US

Inventors

Luis Valente · Palo Alto, US
Geoffrey Cooper · Palo Alto, US
Robert Shaw · Los Altos, US
Kieran Gerard Sherlock · Palo Alto, US

Key dates

Filing date	Jan 7, 2000
Grant date	Aug 17, 2004
Priority date	—
Expiry date	Jan 7, 2020

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.