The present invention relates in general to security in digital processing systems and more specifically to a system for automated setting of access permissions in a computer network.
Security is a paramount concern for many networks. A primary goal of a network administrator is to ensure the integrity of a network, so that users of computer systems on the network are able to perform their work without interference, unwanted monitoring, or unauthorized use of the network's resources.
One common approach to enforcing network security is to define security “policies” that dictate how a human user, device or process can use various network and computer resources. For example, a security policy may require a process to obtain a cryptographic key or security ticket prior to being able to use a network shared resource such as a printer, database, input/output port, etc. Different users, devices and processes can have different types of access privileges, or rights. Each instance of an access right is an access permission that can be either granted or denied with respect to a particular resource.
One type of problem that arises in larger networks, where many users are each running many different software programs, is in the initial configuration of access permissions of the many different resources. A configuration program is used to establish rights of application programs within the network, by asking the user to specify the correct or expected behavior of each application program at a time of installing the application program or upon first executing a particular function in the application program. For example, if the application program being installed is a communication program (e.g., real-time chat function), then the configuration program would ask the user whether the communication program should have permission to communicate directly over the Internet. The permission to perform Internet accesses is obtained by first presenting the user with a query at the time of installation, such as by displaying the question “Is it ok for this program to access the Internet?” The user can set the access rights for the communication program with respect to the Internet resource by answering “yes” to grant the access permission or “no” to deny the access permission. This is an approach that is taken, for example, in products such as “ZoneAlarm” by Zone Labs of San Francisco, Calif.
Although the above approach can work well for many types of installations, it has proven to be difficult to reliably configure programs by asking each user to configure the permissions manually. This is because, for a new installation, there can be dozens of new applications that are newly installed for each of hundreds of users. Each application can have several or many questions. In practice users do not pay close enough attention to the burdensome requests for permission settings and will provide the answer that they think will result in the least amount of additional questions or difficulty. Usually this means that the will user just answer “yes” to every query. In other cases, a user may earnestly try to provide accurate and considered answers but may not be knowledgeable enough to correctly configure the access permissions. This inability of a user to correctly set access permissions can lead to improper network security or incorrect operation of application programs. User mis-configuration may require intervention by the network or system administrator or can lead to other problems.
Another approach to improving configuration of applications' permissions for network security has attempted to analyze the operating behavior of the various applications to determine what might be accepted behavior. Then, permissions are granted according to access policies set by a human administrator. However, crafting meaningful security policies for a wide variety of applications is time-consuming. In large networks there are too many applications for which to define specific policies, so network administrators tend to very broadly grant permissions. This approach is also susceptible to mistaking a malfeasant program (“malware,” e.g., a virus, Trojan horse, key-logger, etc.) as a legitimate program and granting access permissions to the malware.