CPC H04L 63/205 (2013.01) | 18 Claims |
1. A computer-implemented method, comprising:
obtaining, at a computing resource service provider, a plurality of security definitions of a mainframe database;
determining, based on the plurality of security definitions:
a first set of security policies corresponding to a first portion of the plurality of security definitions that is associated with control of operating system resources; and
a second set of security policies corresponding to a second portion of the plurality of security definitions that is associated with control of database system resources;
storing the first set of security policies and the second set of security policies in a policy database;
determining a third set of security policies that control access to front-end resources of the computing resource service provider;
store the third set of security policies in the policy database;
obtaining a request to analyze a mainframe application for compliance with a security assurance, wherein the security assurance comprises at least one constraint on use the front-end resources to access at least one of the operating system resources or database system resources;
determining, based on the security assurance, a reference policy;
determining a first propositional logic expression based on the first, second, and third sets of security policies;
determining a second propositional logic expression based on the reference policy;
determining, using a satisfiability modulo theories (SMT) solver, an equivalent result that indicates whether the first propositional logic expression is equally or less permissive than the second propositional logic expression; and
providing an indication of whether the security assurance is satisfied by the plurality of security policies.
|