Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model

Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model

An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of manag...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Verghese Thukalan V, Kirner Paul J, Nakashima Roy N, Gupta Mukesh, Glenn Matthew K
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Verghese Thukalan V
Kirner Paul J
Nakashima Roy N
Gupta Mukesh
Glenn Matthew K
description An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9923928B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9923928B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9923928B23</originalsourceid><addsrcrecordid>eNqNzjEOwjAMheEuDAi4gy_QJV3oCAjEDsyVm7olIomr2BHqzsFpJQ7A9Jb_k966-ByyckClDgaKlFAdR-Ae0FoSActRE3tI2ZNAzwmyELgICJ0TTa7Ni42kb04vCBhxoEBRQSZRCqBP1MXILDy25MsWZRYje2cnCNyR3xarHr3Q7rebAi7n--la0sgNyYh2vqbN41bXpqrN_miqP5IvH-BKzg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model</title><source>esp@cenet</source><creator>Verghese Thukalan V ; Kirner Paul J ; Nakashima Roy N ; Gupta Mukesh ; Glenn Matthew K</creator><creatorcontrib>Verghese Thukalan V ; Kirner Paul J ; Nakashima Roy N ; Gupta Mukesh ; Glenn Matthew K</creatorcontrib><description>An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2018</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180320&amp;DB=EPODOC&amp;CC=US&amp;NR=9923928B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20180320&amp;DB=EPODOC&amp;CC=US&amp;NR=9923928B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Verghese Thukalan V</creatorcontrib><creatorcontrib>Kirner Paul J</creatorcontrib><creatorcontrib>Nakashima Roy N</creatorcontrib><creatorcontrib>Gupta Mukesh</creatorcontrib><creatorcontrib>Glenn Matthew K</creatorcontrib><title>Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model</title><description>An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2018</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNzjEOwjAMheEuDAi4gy_QJV3oCAjEDsyVm7olIomr2BHqzsFpJQ7A9Jb_k966-ByyckClDgaKlFAdR-Ae0FoSActRE3tI2ZNAzwmyELgICJ0TTa7Ni42kb04vCBhxoEBRQSZRCqBP1MXILDy25MsWZRYje2cnCNyR3xarHr3Q7rebAi7n--la0sgNyYh2vqbN41bXpqrN_miqP5IvH-BKzg</recordid><startdate>20180320</startdate><enddate>20180320</enddate><creator>Verghese Thukalan V</creator><creator>Kirner Paul J</creator><creator>Nakashima Roy N</creator><creator>Gupta Mukesh</creator><creator>Glenn Matthew K</creator><scope>EVB</scope></search><sort><creationdate>20180320</creationdate><title>Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model</title><author>Verghese Thukalan V ; Kirner Paul J ; Nakashima Roy N ; Gupta Mukesh ; Glenn Matthew K</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9923928B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2018</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Verghese Thukalan V</creatorcontrib><creatorcontrib>Kirner Paul J</creatorcontrib><creatorcontrib>Nakashima Roy N</creatorcontrib><creatorcontrib>Gupta Mukesh</creatorcontrib><creatorcontrib>Glenn Matthew K</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Verghese Thukalan V</au><au>Kirner Paul J</au><au>Nakashima Roy N</au><au>Gupta Mukesh</au><au>Glenn Matthew K</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model</title><date>2018-03-20</date><risdate>2018</risdate><abstract>An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9923928B2
source esp@cenet
subjects ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Automated generation of access control rules for use in a distributed network management system that uses a label-based policy model
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-19T07%3A50%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Verghese%20Thukalan%20V&rft.date=2018-03-20&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9923928B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true