Detection of malicious software packages

US 10,055,576 B2
Filed: 10/10/2017
Issued: 08/21/2018
Est. Priority Date: 10/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a processor executing a security tool, a plurality of components contained in a software package comprising one of a java archive (JAR) file, an Android application package, a docker image, a container file, or a virtual machine image;

comparing, by the processor, the plurality of components contained in the software package to a list of known components;

classifying, by the processor, the software package as insecure when at least one of the plurality of compared components matches an insecure component on the list of known components, or as secure when each of the plurality of compared components matches a corresponding secure component on the list of known components;

preventing, by the processor executing the security tool, addition of the software package to a software repository when the software package is classified as insecure; and

in response to the at least one of the plurality of compared components matching the insecure component, providing, by the processor executing the security tool, an interface to enable a user to request the at least one of the plurality of compared components of the software package be added as a secure component on the list of known components.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for a security tool that verifies the security of a software package. An example method may involve identifying a plurality of components contained in a software package comprising one of a JAR file, an Android application package, a docker image, a container file, or a virtual machine image; comparing the components contained in the software package to a list of known components; classifying the software package as insecure when at least one of the components matches an insecure component, or as secure when each of the compared components matches a corresponding secure component on the list of known components; preventing addition of the software package to a software repository when the software package is classified as insecure; and when insecure, providing an interface to enable a user to request the components of the software package be added as a secure component on the list of known components.

Citations

20 Claims

1. A method comprising:
- identifying, by a processor executing a security tool, a plurality of components contained in a software package comprising one of a java archive (JAR) file, an Android application package, a docker image, a container file, or a virtual machine image;
  
  comparing, by the processor, the plurality of components contained in the software package to a list of known components;
  
  classifying, by the processor, the software package as insecure when at least one of the plurality of compared components matches an insecure component on the list of known components, or as secure when each of the plurality of compared components matches a corresponding secure component on the list of known components;
  
  preventing, by the processor executing the security tool, addition of the software package to a software repository when the software package is classified as insecure; and
  
  in response to the at least one of the plurality of compared components matching the insecure component, providing, by the processor executing the security tool, an interface to enable a user to request the at least one of the plurality of compared components of the software package be added as a secure component on the list of known components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein comparing the plurality of components comprises comparing a hashed version of the plurality of components contained in the software package to hashed versions of insecure components on the list of known components.
  - 3. The method of claim 1, wherein the software package is a new software package added to the software repository.
  - 4. The method of claim 1, wherein the plurality of components contained in the software package comprises an archival file contained in the software package.
  - 5. The method of claim 1, wherein the software package comprises a container file and wherein the software repository comprises a container repository.
  - 6. The method of claim 1, wherein the software package comprises a virtual machine image and wherein the software repository comprises a virtual machine repository.
  - 7. The method of claim 1, wherein the software package comprises a docker image file and wherein the software repository comprises one of a docker registry and a docker repository.
  - 8. The method of claim 1 further comprising, allowing, by the processor, addition of the software package to the software repository when the software package is classified as secure.

9. A non-transitory computer readable medium comprising instructions to cause a processor to:
- identify, by the processor executing a security tool, a plurality of components contained in a software package comprising one of a Java archive (JAR) file, an Android application package, a docker image, a container file, or a virtual machine image;
  
  compare, by the processor, the plurality of components contained in the software package to a list of known components;
  
  classify, by the processor, the software package as insecure when at least one of the plurality of compared components matches an insecure component on the list of known components, or as secure when each of the plurality of compared components matches a corresponding secure component on the list of known components;
  
  prevent, by the processor executing the security tool, addition of the software package to a software repository when the software package is classified as insecure; and
  
  in response to the at least one of the plurality of compared components matching the insecure component, provide, by the processor executing the security tool, an interface to enable a user to request the at least one of the plurality of compared components of the software package be added as a secure component on the list of known components.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The non-transitory computer readable medium of claim 9, wherein to compare the plurality of components comprises the processor to compare a hashed version of the plurality of components contained in the software package to hashed versions of insecure components on the list of known components.
  - 11. The non-transitory computer readable medium of claim 9, wherein the plurality of components contained in the software package comprise an archival file contained in the software package.
  - 12. The non-transitory computer readable medium of claim 9, wherein the software package comprises a container file and wherein the software repository comprises a container repository.
  - 13. The non-transitory computer readable medium of claim 9, wherein the software package comprises a virtual machine image and wherein the software repository comprises a virtual machine repository.
  - 14. The non-transitory computer readable medium of claim 9, wherein the software package comprises a docker image file and wherein the software repository comprises one of a docker registry and a docker repository.

15. An apparatus comprising:
- a memory to contain instructions; and
  
  a processor, operatively coupled to the memory, to execute a security tool, the processor to;
  
  identify plurality of components contained in a software package comprising one of a Java archive (JAR) file, an Android application package, a docker image, a container file, or a virtual machine image;
  
  compare the plurality of components contained in the software package to a list of known components;
  
  classify the software package as insecure in response to at least one of the plurality of compared components matching an insecure component on the list of known components, or as secure when each of the plurality of compared components matches a corresponding secure component on the list of known components;
  
  prevent addition of the software package to a software repository when the software package is classified as insecure; and
  
  in response to the at least one of the plurality of compared components matching the insecure component, provide an interface to enable a user to request the at least one of the plurality of compared components of the software package be added as a secure component on the list of known components.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the plurality of components contained in the software package comprises an archival file contained in the software package.
  - 17. The apparatus of claim 15, wherein the software package comprises a container file and wherein the software repository comprises a container repository.
  - 18. The apparatus of claim 15, wherein the software package comprises a virtual machine image and wherein the software repository comprises a virtual machine repository.
  - 19. The apparatus of claim 15, wherein the software package comprises a docker image file and wherein the software repository comprises one of a docker registry and a docker repository.
  - 20. The apparatus of claim 15, the processor further to, allow addition of the software package to the software repository when the software package is classified as secure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Milner, Steve Bradford, Bowes, James Robert
Primary Examiner(s)
Rahman, Mahfuzur
Assistant Examiner(s)
Victoria, Narciso

Application Number

US15/729,304
Publication Number

US 20180032720A1
Time in Patent Office

315 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/564 by virus signature recognition

Detection of malicious software packages

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of malicious software packages

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links