CPC H04L 63/101 (2013.01) [H04L 41/0893 (2013.01); H04L 41/12 (2013.01); H04L 63/18 (2013.01); H04L 63/20 (2013.01)] | 21 Claims |
1. A non-transitory machine-readable storage medium that provides instructions that, if executed by a set of one or more processors, are configurable to cause said set of one or more processors to perform operations comprising:
generating, based on node-related classification features of respective nodes of a plurality of nodes of a network and edge-related classification features of respective communicative couplings of a plurality of communicative couplings between respective nodes of the network, an access control graph (ACG) that relates to the network;
identifying, based on the ACG, one or more paths between a first node of the plurality of nodes and a second node of the plurality of nodes, wherein a path of the one or more paths includes one or more communicative couplings between the first node and the second node;
identifying whether respective paths of the one or more paths comply with a pre-defined security policy set related to the network, the identifying including comparing respective classifications of respective communicative couplings of the path with a class specified by the pre-defined security policy set; and
outputting an indication of compliance of the one or more paths.
|