DETAILED ACTION
Claims 1-20 have been examined and are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2014/0033267 to Aciicmez (hereinafter “Aciicmez”) and further in view of US Pat. No. 12/452245 to Gacek et al. (hereinafter “Gacek”).
As to Claim 1, Aciicmez discloses a method comprising:
determining, from historical activity data, paired activity data associated with an identity, the paired activity data comprising task and resource pairs, a task and resource pair indicating a task performed by the identity and a resource on which the task was performed (Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100);
determining, for a particular candidate access control assignment of a plurality of candidate access control assignments, an over-privileging cost based on a permission and resource scope granted by the particular candidate access control assignment and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle);
determining, for the identity, a set of recommended access control assignments as a subset of the plurality of candidate access control assignments with a lowest aggregate over-privileging cost whose combined permissions and resource scopes cover at least a predetermined [percentage] of the paired activity data (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system);
generating, based on the set of recommended access control assignments, a recommended assignment state for the particular candidate access control assignment (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject); and
performing a responsive action based on the recommended assignment state (Paragraph [0037] of Aciicmez discloses When a subject makes an access attempt on an object, the access control module 150 determines whether to allow or deny the access attempt based on the type of the object, the type of the subject, and the security policy information 151 maintained).
Aciicmez does not explicitly disclose percentage.
However, Gacek discloses this. Column 2 lines 1-10 of Gacek disclose generate candidate access control policies, rank those candidate access control policies based on a coverage percentage of access request logs included in the data set, and select a candidate access control policy with a highest coverage score as an access control policy for an access control policy set.
It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the access control system as disclosed by Aciicmez, with using a percentage as disclosed by Gacek. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Aciicmez and Gacek are directed toward access controls system and as such it would be obvious to use the techniques of one in the other. Gacek discloses using such a metric is well known in access control systems to analyze policy effectiveness and as such would be obvious to implement in Aciicmez.
As to Claim 2, Aciicmez-Gacek discloses the method of claim 1, wherein the recommended assignment state comprises at least one of:
excepting the particular candidate access control assignment from being assigned to the identity, assigning the particular candidate access control assignment to the identity on a permanent basis, or assigning the particular candidate access control assignment to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 3, Aciicmez-Gacek discloses the method of claim 1, wherein said determining, for the particular candidate access control assignment, the over-privileging cost comprises:
determining, for the particular access control assignment, a first over-privileging cost based on permissions and a resource scopes granted by the particular candidate access control assignment on a permanent basis, and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100); and
determining, for the particular access control assignment, a second over-privileging cost based on the permitted tasks and the resource scopes granted by the particular candidate access control assignment on an on-demand basis, and a frequency or pattern of task and resource pairs in the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100);
wherein determining the set of recommended access control assignments comprises: determining, based on the first over-privileging cost and the second over-privileging cost, that a recommended access control assignment of the set of recommended access control assignments should be assigned on at least one of a permanent basis or an on-demand basis (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system).
As to Claim 4, Aciicmez-Gacek discloses the method of claim 3, wherein said determining, for the particular access control assignment, the first over-privileging cost comprises at least one of: determining the first over-privileging cost based on a permission type of the permitted tasks granted by the particular candidate access control assignment; determining the first over-privileging cost based on a data type of the resource scopes granted by the particular candidate access control assignment; determining the first over-privileging cost based on a data size of the resource scopes granted by the particular candidate access control assignment; or determining the first over-privileging cost based on a presence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle.).
As to Claim 5, Aciicmez-Gacek discloses the method of claim 3, wherein said determining, for the particular access control assignment, the second over-privileging cost comprises at least one of: determining the second over-privileging cost based on a frequency of occurrence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment; or determining the second over-privileging cost based on a pattern of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100).
As to Claim 6, Aciicmez-Gacek discloses the method of claim 1, wherein said performing the action comprises at least one of: providing, to a user, a recommendation to keep a current access control assignment currently assigned to the identity; providing, to a user, a recommendation to reassign, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; providing, to a user, a recommendation to reassign, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; providing, to a user, a recommendation to replace a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments on a permanent basis; providing, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments on a permanent basis; providing, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis; automatically reassigning, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; automatically reassigning, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; automatically replacing a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments; automatically assigning a recommended access control assignment in the set of recommended access control assignments to the identity on a permanent basis; or automatically assigning a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 7, Aciicmez-Gacek discloses the method of claim 1, wherein the plurality of candidate access control assignments comprise at least one of: a built-in role associated with a first cloud platform provider and a first resource scope, the built-in role associated with a first set of role permissions to perform a first set of tasks on resources associated with the first resource scope; a built-in policy associated with a second cloud platform provider, the built-in policy associated with a first set of policy permissions to perform a second set of tasks, and a first set of policy resources on which the second set of tasks may be performed; a customer-defined role and a second resource scope, the customer-defined role associated with a second set of role permissions to perform a third set of tasks on resources associated with the second resource scope; or a customer-defined policy associated, the customer-defined policy associated with a second set of policy permissions to perform a fourth set of tasks, and a second set of policy resources on which the fourth set of tasks may be performed (Paragraph [0037] of Aciicmez discloses Type enforcement (TE) is an example MAC model. In type enforcement, each subject and each object is associated with a corresponding type. In this specification, a type is a security label used to identify an entity. In one embodiment, the security policy information 151 maintained is a label-based type enforcement security policy. For example, the security policy information 151 maintained may indicate which types of objects each type of subject may access and perform operations (e.g., read, write, execute, append) on. When a subject makes an access attempt on an object, the access control module 150 determines whether to allow or deny the access attempt based on the type of the object, the type of the subject, and the security policy information 151 maintained).
As to Claim 8, Aciicmez-Gacek discloses the method of claim 1, further comprising: determining a current over-privileging metric indicative of a proportion of permissions and resource scopes granted by the current access control assignment that lack a corresponding task and resource pair in the paired activity data; determining a potential over-privileging metric indicative of a proportion of permissions and resource scopes granted by the set of recommended access control assignments that lack a corresponding task and resource pair in the paired activity data; and determining an over-privileging reduction metric based on the current over-privileging metric and the potential over-privileging metric, wherein said performing the action is further based on the over-privileging reduction metric (Paragraph [0045] of Aciicmez discloses a revision to the recommended security policy information 151 is necessary (e.g., a performance constraint is not met or an access control requirement needs to be relaxed or tightened because of an update to the computing system 100), the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 9, Aciicmez discloses a system comprising: a processor; and a memory device comprising program code structured to cause the processor to:
determine, from historical activity data, paired activity data associated with an identity, the paired activity data comprising task and resource pairs, a task and resource pair indicating a task performed by the identity and a resource on which the task was performed (Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100);
determine, for a particular candidate access control assignment of a plurality of candidate access control assignments, an over-privileging cost based on a permitted task and resource scope granted by the particular candidate access control assignment and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle);
determine, for the identity, a set of recommended access control assignments as a subset of the plurality of candidate access control assignments with a lowest aggregate over-privileging cost whose combined permissions and resource scopes cover at least a predetermined [percentage] of the paired activity data (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system);
generate, based on the set of recommended access control assignments, a recommended assignment state for the particular candidate access control assignment (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject); and
perform a responsive action based on the recommended assignment state (Paragraph [0037] of Aciicmez discloses When a subject makes an access attempt on an object, the access control module 150 determines whether to allow or deny the access attempt based on the type of the object, the type of the subject, and the security policy information 151 maintained).
Aciicmez does not explicitly disclose percentage.
However, Gacek discloses this. Column 2 lines 1-10 of Gacek disclose generate candidate access control policies, rank those candidate access control policies based on a coverage percentage of access request logs included in the data set, and select a candidate access control policy with a highest coverage score as an access control policy for an access control policy set.
Examiner recites the same rationale to combine used for claim 1.
As to Claim 10, Aciicmez-Gacek discloses the system of claim 9, wherein the recommended assignment state comprises at least one of: excepting the particular candidate access control assignment from being assigned to the identity, assigning the particular candidate access control assignment to the identity on a permanent basis, or assigning the particular candidate access control assignment to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 11, Aciicmez-Gacek discloses the system of claim 9, wherein, to determine, for the particular candidate access control assignment, the over-privileging cost, the program code is further structured to cause the processor to: determine, for the particular access control assignment, a first over-privileging cost based on permissions and a resource scopes granted by the particular candidate access control assignment on a permanent basis, and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100); and determine, for the particular access control assignment, a second over-privileging cost based on the permitted tasks and the resource scopes granted by the particular candidate access control assignment on an on-demand basis, and a frequency or pattern of task and resource pairs in the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100); wherein, to determine the set of recommended access control assignments, the program code is further structured to cause the processor to: determine, based on the first over-privileging cost and the second over-privileging cost, that a recommended access control assignment of the set of recommended access control assignments should be assigned on at least one of a permanent basis or an on-demand basis (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system).
As to Claim 12, Aciicmez-Gacek discloses the system of claim 11, wherein, to determine, for the particular access control assignment, the first over-privileging cost, the program code is further structured to cause the processor to perform at least one of: determine the first over-privileging cost based on a permission type of the permitted tasks granted by the particular candidate access control assignment; determine the first over-privileging cost based on a data type of the resource scopes granted by the particular candidate access control assignment; determine the first over-privileging cost based on a data size of the resource scopes granted by the particular candidate access control assignment; or determine the first over-privileging cost based on a presence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle.).
As to Claim 13, Aciicmez-Gacek discloses the system of claim 11, wherein, to determine, for the particular access control assignment, the second over-privileging cost, the program code is further structured to cause the processor to perform at least one of: determine the second over-privileging cost based on a frequency of occurrence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment; or determine the second over-privileging cost based on a pattern of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100).
As to Claim 14, Aciicmez-Gacek discloses the system of claim 9, wherein, to perform the action, the program code is further structured to cause the processor to perform at least one of: provide, to a user, a recommendation to keep a current access control assignment currently assigned to the identity; provide, to a user, a recommendation to reassign, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; provide, to a user, a recommendation to reassign, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; provide, to a user, a recommendation to replace a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments on a permanent basis; provide, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments on a permanent basis; provide, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis; automatically reassign, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; automatically reassign, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; automatically replace a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments; automatically assign a recommended access control assignment in the set of recommended access control assignments to the identity on a permanent basis; or automatically assign a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 15, Aciicmez discloses a computer-readable storage medium comprising computer-executable instructions that, when executed by a processor, cause the processor to:
determine, from historical activity data, paired activity data associated with an identity, the paired activity data comprising task and resource pairs, a task and resource pair indicating a task performed by the identity and a resource on which the task was performed (Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100);
determine, for a particular candidate access control assignment of a plurality of candidate access control assignments, an over-privileging cost based on a permitted task and resource scope granted by the particular candidate access control assignment and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle);
determine, for the identity, a set of recommended access control assignments as a subset of the plurality of candidate access control assignments with a lowest aggregate over-privileging cost whose combined permissions and resource scopes cover at least a predetermined percentage of the paired activity data (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system);
generate, based on the set of recommended access control assignments, a recommended assignment state for the particular candidate access control assignment (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject); and
perform a responsive action based on the recommended assignment state (Paragraph [0037] of Aciicmez discloses When a subject makes an access attempt on an object, the access control module 150 determines whether to allow or deny the access attempt based on the type of the object, the type of the subject, and the security policy information 151 maintained).
Aciicmez does not explicitly disclose percentage.
However, Gacek discloses this. Column 2 lines 1-10 of Gacek disclose generate candidate access control policies, rank those candidate access control policies based on a coverage percentage of access request logs included in the data set, and select a candidate access control policy with a highest coverage score as an access control policy for an access control policy set.
Examiner recites the same rationale to combine used for claim 1.
As to Claim 16, Aciicmez-Gacek discloses the computer-readable storage medium of claim 15, wherein the recommended assignment state comprises at least one of: excepting the particular candidate access control assignment from being assigned to the identity, assigning the particular candidate access control assignment to the identity on a permanent basis, or assigning the particular candidate access control assignment to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
As to Claim 17, Aciicmez-Gacek discloses the computer-readable storage medium of claim 15, wherein, to determine, for the particular candidate access control assignment, the over-privileging cost, the computer-executable instructions, when executed by the processor, further cause the processor to: determine, for the particular access control assignment, a first over-privileging cost based on permissions and a resource scopes granted by the particular candidate access control assignment on a permanent basis, and the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100); and determine, for the particular access control assignment, a second over-privileging cost based on the permitted tasks and the resource scopes granted by the particular candidate access control assignment on an on-demand basis, and a frequency or pattern of task and resource pairs in the paired activity data (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100); wherein, to determine the set of recommended access control assignments, the computer-executable instructions, when executed by the processor, further cause the processor to: determine, based on the first over-privileging cost and the second over-privileging cost, that a recommended access control assignment of the set of recommended access control assignments should be assigned on at least one of a permanent basis or an on-demand basis (Paragraph [0006] of Aciicmez discloses generating a security recommendation for a computing system including at least one resource and at least one subject. Paragraph [0082] of Aciicmez discloses an overall cost associated with a type enforcement configuration is represented by the equation Cost = aCs + bCp) wherein a and b are pre-determined for meeting specific performance and security requirements of the computing system).
As to Claim 18, Aciicmez-Gacek discloses the computer-readable storage medium of claim 17, wherein, to determine, for the particular access control assignment, the first over-privileging cost, the computer-executable instructions, when executed by the processor, further cause the processor to perform at least one of: determine the first over-privileging cost based on a permission type of the permitted tasks granted by the particular candidate access control assignment; determine the first over-privileging cost based on a data type of the resource scopes granted by the particular candidate access control assignment; determine the first over-privileging cost based on a data size of the resource scopes granted by the particular candidate access control assignment; or determine the first over-privileging cost based on a presence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle.).
As to Claim 19, Aciicmez-Gacek discloses the computer-readable storage medium of claim 17, wherein, to determine, for the particular access control assignment, the second over-privileging cost, the computer-executable instructions, when executed by the processor, further cause the processor to perform at least one of: determine the second over-privileging cost based on a frequency of occurrence of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment; or determine the second over-privileging cost based on a pattern of task and resource pairs in the paired activity data that correspond to permissions and resource scopes granted by the particular candidate access control assignment (Paragraph [0078] of Aciicmez discloses different objects 420 and different subjects 410 are grouped into types and domains, respectively, based on the similarity of their access characteristics and access control requirements. For example, two cost factors/metrics may be considered when evaluating a type enforcement configuration: (1) a performance cost representing the effect of the type enforcement configuration on overall system performance of the computing system 100, and (2) a security cost representing deviations from the least-privilege principle. Paragraph [0049] of Aciicmez discloses the monitoring module 211 monitors the computing system 100 by capturing and recording each time a subject of the computing system 100 accesses an object of the computing system 100, and with what access permissions. For example, the monitoring module 211 captures and records system traces like system calls, access attempts, etc. The information captured and recorded by the monitoring module 211 may be maintained in the memory module 215 in the form of log data. The labeling module 214 may be used to generate a unique label for each object of the computing system 100, thereby facilitating the logging of every access/access attempt in the computing system 100).
As to Claim 20, Aciicmez-Gacek discloses the computer-readable storage medium of claim 16, wherein, to perform the action, the computer-executable instructions, when executed by the processor, further cause the processor to perform at least one of: provide, to a user, a recommendation to keep a current access control assignment currently assigned to the identity; provide, to a user, a recommendation to reassign, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; provide, to a user, a recommendation to reassign, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; provide, to a user, a recommendation to replace a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments on a permanent basis; provide, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments on a permanent basis; provide, to a user, a recommendation to assign a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis; automatically reassign, on an on-demand basis, a current access control assignment currently assigned to the identity on a permanent basis; automatically reassign, on a permanent basis, a current access control assignment currently assigned to the identity on an on-demand basis; automatically replace a current access control assignment currently assigned to the identity with at least a portion of the set of recommended access control assignments; automatically assign a recommended access control assignment in the set of recommended access control assignments to the identity on a permanent basis; or automatically assign a recommended access control assignment in the set of recommended access control assignments to the identity on an on-demand basis (Paragraph [0045] of Aciicmez discloses the automated security policy generation system 200 will revise the recommended security policy information 151 using the monitoring and analysis module 210 and/or the policy generation module 220. Therefore, the process of generating recommended security policy information 151 may be iterative).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KEVIN S MAI/Primary Examiner, Art Unit 2499
/PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499