AUTOMATED AND ADAPTIVE MODEL-DRIVEN SECURITY SYSTEM AND METHOD FOR OPERATING THE SAME

摘要

A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

主权项

1. A method of managing implementation of policies in an information technologies system, the method comprising:
receiving into a processor at least one policy function stored in at least one memory; receiving into the processor at least one refinement template from the at least one memory; receiving into the processor at least one available policy function from the at least one memory; receiving into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, and being received in a format that is not machine-enforceable at an enforcement entity of the IT system; based on the received policy input, automatically or semi-automatically generating via the processor a machine-enforceable rule and/or configuration by filling the at least one refinement template, the machine-enforceable rule and/or configuration including the at least one available policy function and being compliant with the received policy input; and distributing, via the processor, the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.