1. Field of the Invention
The present invention generally relates to computer resource security and, in particular, to a system and method for defining a security profile of a computer and for automatically determining whether enforced security rules within the security profile are likely to cause errors during operation.
2. Related Art
To protect a computer system against vulnerabilities (e.g., attacks from hackers), the computer system is often “locked down” via a security application. As known in the art, a security application locks down a computer system by controlling a machine state or configuration of the computer system such that the computer system (e.g., an operating system within the computer system) enforces a set of security rules that prevent unauthorized users from accessing and/or modifying certain applications, files, and/or other resources within the computer system.
For example, a security application may set the configuration of the computer system such that the computer system enforces a rule that restricts which users may access a particular file. In this regard, the computer system may maintain a list, commonly referred to as an access control list, that identifies which users are authorized to access and/or use various computer resources. To cause the computer system to enforce the foregoing rule, the security application modifies the access control list such that the list indicates which users may access the particular file. When a user attempts to access this file, the computer system first checks the access control list to determine whether or not the user is one of the specified users that may access the file. If the user is one of the specified users, then the computer system allows the access to occur. However, if the user is not one of the specified users, then the computer system prevents the access and displays a message to the user indicating that access to the requested file has been denied.
To enable selection of a desired level of security, the security application normally includes data that defines a list of security rules that may be enforced by a computer system. The security application displays this list of security rules and allows a particular user or set of users, referred to herein as the “system administrator,” to select which of the displayed rules that the system administrator would like enforced by the computer system. The security application, in turn, modifies the machine state or, in other words, the configuration of the computer system such that the computer system enforces the security rules selected by the system administrator.
Note that the security application normally sets the configuration of the computer system, and the computer's operating system enforces the security rules based on the settings controlled by the security application. In other words, the security application causes the operating system to enforce the selected rules by manipulating the configuration of the computer system. Thus, once the security application has set the configuration of the computer system, the security application usually provides no further functionality in enforcing the selected rules. However, when desired, the security application may change the computer system's settings in order to change which rules are enforced by the operating system in response to inputs for changing the security profile from the system administrator.
As described above, the system administrator selects which security rules should be enforced based on inputs from the system administrator, and the degree to which the computer system is locked down by the security application depends on the rules selected by the system administrator. Generally, the more rules that are enforced, the more secure the system becomes and, in other words, the more the system is locked down. Thus, if the system administrator desires to have a more secure computer system, the system administrator typically selects more rules for enforcement and/or selects particular rules that provide a particularly secure environment in areas of interest to the system administrator. However, in general, the compatibility of the computer system decreases as the security of the computer system increases. Therefore, if security is not a high priority to the system administrator, then he or she may select for enforcement fewer rules and/or rules that do not provide a high level of security, thereby reducing the degree to which the computer system is locked down.
Moreover, the degree to which the computer system is locked down by the security application depends on the competing interests of system security and system compatibility. Therefore, the rules selected for enforcement usually vary from computer system to computer system based on the desires of the system administrators in establishing the security profile of each of the computer systems. As used herein, a “security profile” refers to the collective set of security rules that have been selected for locking down a computer system in order to prevent unauthorized users from accessing and/or modifying certain resources within the computer system. Security applications that set the configuration of a computer system to induce the computer system to enforce the selected security rules or that, in other words, set the security profiles of computer systems are well known in the art and are often referred to as “lock down products” or “lock down applications.” Normally, a security application only allows the system administrator or a user designated by the system administrator to change the computer system's security profile.
Since the security profiles of computer systems typically vary from computer system to computer system, most security applications do not provide a standard set of security rules for implementation. In this regard, most security applications list for the system administrator each security rule that may be selected for enforcement. The system administrator then reviews the displayed list of rules and selects the rules that the administrator would like enforced by the computer system and, in other words, added to the security profile of the computer system.
Unfortunately, as the need for more secure systems has increased, the list of security rules from which a system administrator may select in defining a computer system's security profile has increased as well. Indeed, the process of selecting which rules should be included in the computer system's security profile can be a tedious and time consuming process. Furthermore, if the system administrator is not substantially familiar with the ramifications of selecting many of the rules, then it can be difficult for the system administrator to select the appropriate set of rules that provides the computer system with the desired level of security.
More particularly, in defining a security profile for a computer system, the system administrator may select one or more rules that cause problems or errors to occur during operation, depending on the computer system's configuration. For example, the system administrator may select a security rule for enhancing the security of a particular application. However, when enforced, this security rule may unexpectedly and adversely affect the operation of another application. Thus, after activating the security profile, the other application may behave in an undesirable way.
Attempting to discover and remedy the undesirable effects introduced by the system administrator in selecting the security rules can be difficult and/or time consuming. In this regard, the system administrator typically traverses through the list of selected and/or unselected rules in order to determine why the resources of the computer system are not behaving as intended. However, understanding the ramifications of whether or not particular security rules are selected is paramount in such a debugging process, and not all system administrators are familiar enough with the security application and/or the computer system resources in order to make well informed decisions in debugging and/or changing the security profile. Further, in some situations, it is possible that the errors introduced by activating the security profile lock authorized users and even the system administrator out of certain resources of the computer system and, in particular, the security application, thereby making the process of correcting the security application even more difficult and problematic.
Thus, a heretofore unaddressed need exists in the industry for providing a system and method of enabling a system administrator to define a security profile for a computer system while minimizing the likelihood that the security profile, when activated, will introduce undesirable effects.