公开(公告)号：US20210367980A1

公开(公告)日：2021-11-25

申请号：US16879360

申请日：2020-05-20

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Samantha Kossey ,  Rebecca Finnin ,  Christine Liu ,  Amy Zwarico ,  Luba Droizman

IPC: H04L29/06 ,  H04L29/08

Abstract: The disclosed technology is directed towards returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers.

公开(公告)号：US11171994B2

公开(公告)日：2021-11-09

申请号：US16817786

申请日：2020-03-13

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jayaraman Ramachandran ,  Rebecca Finnin ,  Jason Godfrey ,  Craig Harvey ,  Daniel Solero

IPC: H04L29/06

Abstract: Concepts and technologies are disclosed herein for tag-based security policy creation in a distributed computing environment. A security management module can receive an inventory event that relates to instantiation of a service. The security management module can identify the service that was instantiated and obtain a tag set that relates to the service. The tag set can include security tags that include a string that identifies a communications link associated with the entities included in the service that was instantiated. The security management module can identify policy rules associated with the security tags. The policy rules can define security for the service that was instantiated. The security management module can compute a security policy for the service and can provide the security policy to the computing environment for implementation.

公开(公告)号：US11349883B2

公开(公告)日：2022-05-31

申请号：US16879360

申请日：2020-05-20

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Samantha Kossey ,  Rebecca Finnin ,  Christine Liu ,  Amy Zwarico ,  Luba Droizman

IPC: H04L29/06 ,  H04L9/40 ,  H04L69/321 ,  H04L67/1001

Abstract: A system and method for returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers.

公开(公告)号：US20200213365A1

公开(公告)日：2020-07-02

申请号：US16817786

申请日：2020-03-13

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jayaraman Ramachandran ,  Rebecca Finnin ,  Jason Godfrey ,  Craig Harvey ,  Daniel Solero

IPC: H04L29/06

Abstract: Concepts and technologies are disclosed herein for tag-based security policy creation in a distributed computing environment. A security management module can receive an inventory event that relates to instantiation of a service. The security management module can identify the service that was instantiated and obtain a tag set that relates to the service. The tag set can include security tags that include a string that identifies a communications link associated with the entities included in the service that was instantiated. The security management module can identify policy rules associated with the security tags. The policy rules can define security for the service that was instantiated. The security management module can compute a security policy for the service and can provide the security policy to the computing environment for implementation.

公开(公告)号：US20220263870A1

公开(公告)日：2022-08-18

申请号：US17661764

申请日：2022-05-03

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Samantha Kossey ,  Rebecca Finnin ,  Christine Liu ,  Amy Zwarico ,  Luba Droizman

IPC: H04L9/40 ,  H04L69/321 ,  H04L67/1001

Abstract: A system and method for returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information is disclosed. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers.

公开(公告)号：US20220083667A1

公开(公告)日：2022-03-17

申请号：US17022210

申请日：2020-09-16

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Nadeem Anwar ,  Rebecca Finnin ,  Meenakshi Gurumoorthy ,  Giselle Gilmore

IPC: G06F21/57 ,  G06F8/75 ,  G06F8/65

Abstract: Concepts and technologies disclosed herein are directed to an open source security vulnerability prioritization scheme. According to one aspect disclosed herein, a software composition analysis system can obtain, from a vulnerability database, security vulnerability data about a set of known security vulnerabilities. The software composition analysis system can identify an application for analysis. The application can call a common library shared among a plurality of applications. The software composition analysis system can identify, based upon the set of known security vulnerabilities, a security vulnerability in the common library. The software composition analysis system can remediate the security vulnerability in the common library.

公开(公告)号：US10594735B2

公开(公告)日：2020-03-17

申请号：US15718347

申请日：2017-09-28

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jayaraman Ramachandran ,  Rebecca Finnin ,  Jason Godfrey ,  Craig Harvey ,  Daniel Solero

IPC: H04L29/06

Abstract: Concepts and technologies are disclosed herein for tag-based security policy creation in a distributed computing environment. A security management module can receive an inventory event that relates to instantiation of a service. The security management module can identify the service that was instantiated and obtain a tag set that relates to the service. The tag set can include security tags that include a string that identifies a communications link associated with the entities included in the service that was instantiated. The security management module can identify policy rules associated with the security tags. The policy rules can define security for the service that was instantiated. The security management module can compute a security policy for the service and can provide the security policy to the computing environment for implementation.

公开(公告)号：US20190098054A1

公开(公告)日：2019-03-28

申请号：US15718347

申请日：2017-09-28

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Jayaraman Ramachandran ,  Rebecca Finnin ,  Jason Godfrey ,  Craig Harvey ,  Daniel Solero

IPC: H04L29/06

CPC classification number: H04L63/20

Abstract: Concepts and technologies are disclosed herein for tag-based security policy creation in a distributed computing environment. A security management module can receive an inventory event that relates to instantiation of a service. The security management module can identify the service that was instantiated and obtain a tag set that relates to the service. The tag set can include security tags that include a string that identifies a communications link associated with the entities included in the service that was instantiated. The security management module can identify policy rules associated with the security tags. The policy rules can define security for the service that was instantiated. The security management module can compute a security policy for the service and can provide the security policy to the computing environment for implementation.