CONFINING LATERAL TRAVERSAL WITHIN A COMPUTER NETWORK

Confining lateral traversal within a network. An authorization request identifies a credential, a protected first resource, and an identifier of a protected second resource for which authorization is requested. A lateral traversal policy associated with the second resource is identified, which const...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	PHIPPEN, Elizabeth Anne, RINGER, George Kenneth, BACON, Jeffrey Ryan, DEVAN, Satish, STATIA, Jeromy Scott, RASLER, Douglas Anthony, JUNG, Bum Su, DAWSON, Daniel James, DAVIS, Aaron Richard, CURTIS, Darrin Earl
Format:	Patent
Sprache:	eng ; fre ; ger
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC COMMUNICATION TECHNIQUE ELECTRIC DIGITAL DATA PROCESSING ELECTRICITY PHYSICS TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	Confining lateral traversal within a network. An authorization request identifies a credential, a protected first resource, and an identifier of a protected second resource for which authorization is requested. A lateral traversal policy associated with the second resource is identified, which constrains access to the second resource to only resources that belong to a subset of resources including the second resource. When it is determined that the credential is configured for access to the second resource, and when it is determined that the first resource belongs to the subset of resources including the second resource, an authorization token is issued, which authorizes the credential to access the second resource via the first resource. Alternatively, when it is determined that the credential is granted access to the second resource, and when it is determined that the first resource is outside of the particular subset of resources, the authorization request is denied.