Incrementally Validating Security Policy Code Using Information From An Infrastructure As Code Repository

    公开(公告)号:US20240289259A1

    公开(公告)日:2024-08-29

    申请号:US18657412

    申请日:2024-05-07

    CPC classification number: G06F11/368 G06F11/3664 G06F11/3692 H04L63/20

    Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking.

    EXTENDING A TRUST BOUNDARY BETWEEN CLOUD DOMAINS OF THE SAME ENTITY

    公开(公告)号:US20230247006A1

    公开(公告)日:2023-08-03

    申请号:US17588054

    申请日:2022-01-28

    CPC classification number: H04L63/029 H04L63/0245 H04L63/166 H04L63/20

    Abstract: A network protocol and architecture for extending trust between cloud domains of a same entity comprises adding, by egress logic executing on a first server, authentication information to a packet leaving a first cloud domain of the entity to indicate a source of the packet. The egress logic allows the packet to traverse to a target cloud domain of the entity. Ingress logic executing on a second server at the target cloud domain intercepts the packet and performs validation of the authentication information. Responsive to the authentication information passing validation, the ingress logic determines that the first cloud domain is trusted and allows the packet to proceed to a destination. Responsive to the authentication information failing validation, the ingress logic rejects the packet.

    INCREMENTALLY VALIDATING SECURITY POLICY CODE USING INFORMATION FROM AN INFRASTRUCTURE AS CODE REPOSITORY

    公开(公告)号:US20230244594A1

    公开(公告)日:2023-08-03

    申请号:US17587896

    申请日:2022-01-28

    CPC classification number: G06F11/368 G06F11/3692 G06F11/3664 H04L63/20

    Abstract: In an example, an apparatus may include a validation module configured to identify a security policy update from a security as code repository, wherein the identified security policy update is a candidate for deployment to a production environment having a plurality of attributes defined by an infrastructure as code repository; identify, from the plurality of attributes and using the infrastructure as code repository, individual attributes that correspond to the identified security policy update, wherein the identified individual attributes are identical to a subset of the plurality of attributes; generate a test environment based on the identified individual attributes; following deployment of the identified security policy update to the test environment, check for security exceptions or availability exceptions using the test environment; and output validation results based on a result of the checking. Other embodiments may be disclosed and/or claimed.

Patent Agency Ranking