CPC G06N 5/022 (2013.01) [G06F 16/212 (2019.01); G06F 16/288 (2019.01); G06F 30/20 (2020.01); G06N 5/027 (2013.01); G06Q 10/00 (2013.01); G06Q 10/067 (2013.01); G06F 9/541 (2013.01)] | 73 Claims |
1. A system for securing resources in a computing system through entity aggregation, the system comprising:
a plurality of entities including a user-type entity or user aggregation, a data-type entity or data aggregation, and a process-type entity or process aggregation, wherein each entity of the plurality of entities is associated with a corresponding entity-specific set of access and privilege information that is indicative of computing environment capabilities of the entity and that is derived from a corresponding root certificate of the entity;
an aggregation covenant defining an aggregation-specific set of computing environment capabilities, wherein at least one capability in the aggregation-specific set corresponds to a capability in the entity-specific set;
an aggregation rule configuration module that when executed on at least one processor is adapted to configure at least one rule by which entities of the plurality of entities are aggregated as members of an aggregation associated with the aggregation covenant;
an aggregation configuration module that when executed on at least one processor is adapted to define an instance of at least one of the plurality of entities as a member of the aggregation based on the at least one rule, wherein each member of the aggregation is bound by a combination of capabilities including capabilities of the aggregation-specific set of capabilities and capabilities of the entity-specific set of capabilities for which there are no corresponding capabilities in the aggregation-specific set of capabilities; and
the at least one processor adapted to control operation of at least one member of the aggregation by overriding the capability in the entity-specific set for the at least one member with the corresponding at least one capability in the aggregation-specific set.
|