Patent application number | Description | Published |
20080263662 | SYSTEM AND METHOD FOR FUZZY MULTI-LEVEL SECURITY - An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range. | 10-23-2008 |
20090055890 | SYSTEM AND METHOD FOR SECURITY PLANNING WITH HARD SECURITY CONSTRAINTS - A method for security planning with hard security constraints includes: receiving security-related requirements of a network to be developed using system inputs and processing components; and generating the network according to the security-related requirements, wherein the network satisfies hard security constraints. | 02-26-2009 |
20090282487 | Method of Managing and Mitigating Security Risks Through Planning - An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product. | 11-12-2009 |
20100332422 | Policy Evolution With Machine Learning - A method for constructing a classifier which maps an input vector to one of a plurality of pre-defined classes, the method steps includes receiving a set of training examples as input, wherein each training example is an exemplary input vector belonging to one of the pre-defined classes, learning a plurality of functions, wherein each function maps the exemplary input vectors to a numerical value, and determining a class for the input vector by combining numerical outputs of the functions determined for the input vector. | 12-30-2010 |
20110173084 | Risk Adaptive Information Flow Based Access Control - Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures. | 07-14-2011 |
20130232542 | SYSTEM AND METHOD TO PROVIDE SERVER CONTROL FOR ACCESS TO MOBILE CLIENT DATA - Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item. | 09-05-2013 |
20130232543 | SYSTEM AND METHOD TO PROVIDE SERVER CONTROL FOR ACCESS TO MOBILE CLIENT DATA - Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item. | 09-05-2013 |
20140101753 | Risk Adaptive Information Flow Based Access Control - Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures. | 04-10-2014 |