| CPC H04L 63/1433 (2013.01) [H04L 63/1416 (2013.01); H04L 63/145 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method for providing a security access-control policy to a network, the method comprising:
defining a model, the model including a plurality of matrices, the plurality of matrices comprising:
an attack matrix representing an attacker's accessibility within the network,
a mission matrix representing one or more mission availability needs, and
a policy rule matrix representing candidate security policy rules;
determining one or more objectives and one or more constraints, the one or more objectives being one or more variables that enhance accessibility to network resources and reduce cyberattack risks, and the one or more constraints being one or more variables that characterize resource limitations or minimum mission availability requirements within a network environment;
forming an optimization problem using the one or more objectives and the one or more constraints; and
solving the optimization problem comprising:
determining one or more candidate security policies using the plurality of matrices in the model, wherein the one or more candidate security policies meet the one or more constraints,
determining a score for each of the one or more candidate security policies in meeting the one or more objectives,
determining a highest score, and
selecting the security access-control policy from the one or more candidate security policies, wherein the selection is determined from the one or more candidate security policies that has the highest score.
|