US 12,170,668 B2
Network security path identification and validation
Michal Trembacz, Wexford (IE); and Gianstefano Monni, Nuoro (IT)
Assigned to Salesforce, Inc., San Francisco, CA (US)
Filed by Salesforce, Inc., San Francisco, CA (US)
Filed on Mar. 8, 2022, as Appl. No. 17/689,820.
Prior Publication US 2023/0291736 A1, Sep. 14, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 41/0893 (2022.01); H04L 41/12 (2022.01)
CPC H04L 63/101 (2013.01) [H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 63/18 (2013.01); H04L 63/20 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A non-transitory machine-readable storage medium that provides instructions that, if executed by a set of one or more processors, are configurable to cause said set of one or more processors to perform operations comprising:
generating, based on node-related classification features of respective nodes of a plurality of nodes of a network and edge-related classification features of respective communicative couplings of a plurality of communicative couplings between respective nodes of the network, an access control graph (ACG) that relates to the network;
identifying, based on the ACG, one or more paths between a first node of the plurality of nodes and a second node of the plurality of nodes, wherein a path of the one or more paths includes one or more communicative couplings between the first node and the second node;
identifying whether respective paths of the one or more paths comply with a pre-defined security policy set related to the network, the identifying including comparing respective classifications of respective communicative couplings of the path with a class specified by the pre-defined security policy set; and
outputting an indication of compliance of the one or more paths.