Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-12-21
2001-05-22
Etienne, Ario (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S241000, C709S223000, C709S201000
Reexamination Certificate
active
06237036
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method of and a device for generating an access-control list, and particularly relates to a method of and a device for generating an access-control list based on inputting of access-control rules so that a system can execute the generated access-control list with an aim of insuring security of the operation system.
Recent increases in diversity of services and severity of competition in the information-communication industry have resulted in more emphasis being placed on enhancement of operation systems so as to satisfy customer needs. In order to promptly respond to the customer needs, networking of operation systems should be extended beyond the framework of a simple network and connection of elements thereof so as to encompass services allowing customers and operators to access information stored in any devices of a service providing system. Along such extension of networking, types of works that operators attend to are diversified, resulting in an expansion in scale and complexity of a network-management system (NMS).
As relations between the NMS and operators become complicated, management of the relations become more and more important. One of the important issues is how to insure security. Namely, security needs to be established and maintained by imposing access controls, which regulate which operator can perform what operations with respect to which network resources or NMS. Such access controls are preferably flexible enough to cope with an expansion of the network, an extension and modification of the NMS, reorganization,
2. Description of the Related Art
FIG. 1
is an illustrative drawing showing relations between NMS networks and operator responsibilities.
In NMS networks, sections which attend to network operations are classified into a plurality of different levels. At the top level, a network-management center has operators working as network-management personnel, NMS-management personnel, system-management personnel, etc., who control network operations nationwide. At the second level from the top, a sub-network-management center has operators working as network-management personnel, NMS-management personnel, customer-service personnel, etc., who control network operations on a regional/prefectural basis. At the bottom level, a regional network (switch-board office) has operators working as system-installation/maintenance personal and so on. Such NMS networking as described above makes it possible for the operators to access various NMSs and network resources.
As the NMS networking diversifies operator responsibilities, it becomes increasingly important to manage the relations between the NMS
etwork resources and the operators. One of the important issues is the management of operator authority.
Operator authority is generally determined based on:
a) position titles (e.g., service-maintenance staff, nationwide-NMS-management staff, and so on);
b) organizational structures (e.g., responsible for network-element maintenance within an assigned area, responsible for NMS management within offices, and so on);
c) property of managed objects (e.g. responsible for management of paths crossing area borders).
Relations between the authority and the NMS
etwork resources can be managed by imposing access control which is executable by the operation system. However, operability in maintenance of access-control rules, which forms a basis of the access control, is an issue that needs to be attended to. Also, performance of the access control on a distributed system and an influence on the operator operations are other issues that needs to be attended to.
FIG. 2A
is a table chart showing access-control guidelines (security guidelines) which forms a basis of the access-control rules.
A table of
FIG. 2A
shows relations between job assignment and responsibility (accessible information). In the figure, the symbol “A” indicates an “authorized” status, and the symbol “N” signifies a “non-authorized” status. Further, the symbol “Cn” indicates restrictions attached to the access-control rules. For example, “C1” means that access is authorized only when a managed object is placed within the assigned area. Also, “C2” means that access is authorized only when the managed object is in the assigned area or resides across the boundary between the assigned area and another area.
According to the access-control guidelines shown in
FIG. 2A
, the system-management staff can access all the managed objects. The assigned-area-NW-management staff cannot attend to the NMS-NW control (network control relating to the NMS), but can attend to the NW control within the assigned area and across borders between the assigned area and another area. Further, the assigned-area-NMS-management staff cannot handle the NW control and the NW monitoring, but can attend to the NMS-NW control within the assigned area and across borders between the assigned area and another area. The customer-service staff can only handle service monitoring which relates to customers.
Such access-control guidelines as described above is manually converted into a description describing the access control rules that are executable by the system, and, then , is input to the system.
In this case, relations between managers and managed objects in a distributed management system needs to be controlled. Management policy is a scheme that achieves this objective (M. Sloman, “policy Driven Management for Distributed Systems”, Journal of Network and Systems Management, Vol. 2, pp. 333-360, 1994, a disclosure of which is hereby incorporated by reference).
Management policy includes two types policies. One is authorization policy which relates to authorization of message exchange, and the other is obligation policy which relates to obligation of message exchange. Here, a close look is taken at the authorization policy since it directly relates to the access control.
The authorization policy can describe a group of manager objects (i.e., a manager domain), a group of a managed-target objects (i.e., a target domain), a set of operation messages exchanged between the manager domain and the target domain, constraint conditions imposed upon exchange of messages, etc. The following is a syntax of an authorization policy.
[“A+”¦“A−”]Manager“{”Action“}”Target when Condition Here, “A+” is an authorization policy, and “A−” is a negative authorization policy. “Manager” and “Target” are domain names. “Action” is a message name, and “Condition” is a description regarding restrictions.
In what follows, examples of descriptions of authorization policies (access-control rules) will be shown.
A+ John{subscribe}bridge_failure_event
This authorization policy (A+) describes that John can subscribe a failure event that occurs in a bridge device.
A− Students{reboot}teaching_workstations
This negative authorization policy (A−) describes that students cannot reboot workstations that are provided for educational purposes.
A+ x:Managers{read}development_directory
when x.location=planning_office
This authorization policy (A+) has a constraint condition attached thereto, and describes that manager x can read a development directory only when manager x is in a planning office.
In this manner, access-control rules based on the management policy permits use of constraint conditions (C:Condition). In general, however, a machine process for recognizing the constraint conditions involves complex tasks, and is a rather difficult process. Because of this, an interpreter which generates an access-control list (ACL) executable by the system does not actually translate the constraint conditions C attached to the access-control rules. The constraint conditions C are merely permitted to accompany the access-control rules.
FIG. 2B
is an illustrative drawing showing an example of an organizational structure of an NMS network system.
In
FIG. 2B
, an access manager 2 belongs a division
Chujo Takafumi
Fukuda Ken-ichi
Ueno Hitoshi
Etienne Ario
Fujitsu Limited
Helfgott & Karas P.C.
LandOfFree
Method and device for generating access-control lists does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and device for generating access-control lists, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and device for generating access-control lists will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2541105