Patent attributes
A Policy Enforcement Point (PEP) enforcement module (100) comprises: a monitor (110), (120, 130, 140) for monitoring the output of a policy controlled module or PEP (200) operating within a distributed computer system and a correction performer module (150). The PEP (200) is associated with one or more policies (400) which are applied to the PEP. Each policy specifies a trigger event or events and an action or actions to be performed as a result of the trigger event occurring as well as expected output from the PEP (200) when it performs a specified action or actions. The monitor monitors output produced by the PEP (200) as a result of operating in compliance with a policy, and it compares the monitored output with one or more specified expected outputs specified in the policy. In the event that the comparison indicates a divergence between the expected and observed outputs a correction evaluator (140) evaluates an appropriate corrective action to take and issues a request to the correction performer module to perform such corrective action. The correction performer module (150) then performs the corrective actions as specified by the correction evaluator (140).
