Computer system vulnerability analysis apparatus and method
First Claim
1. A computerized method of determining vulnerability of a computing system, the method comprising:
- identifying a component, addressable in the computing system, and decoding first addresses directed thereto controlling at least one of control and configuration of the component;
selecting second addresses as a subset of the first addresses; and
for each selected second address, performing the following steps;
selecting, the each selected second address as a target address,accessing the target address,determining that the accessing the target address causes a system failure, andremoving access to the target address.
0 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods to evaluate computing systems'"'"' vulnerability implement a series of steps wherein a system may be selected, and a specific component identified. Obtaining component information may include methods for accessing its configuration address space. Creation of a list of control or configuration addresses is followed by filtering to identify documented, reserved addresses, documented reserved test addresses, and undocumented addresses. A filtered subset is tested by accessing each address contained in the subset, and verifying continuity of operation of the tested component, then accesses by reading, writing, or both to subset addresses to classify as benign to component and system. Failure may constitute data damage, component damage, system damage, component failure, or system failure.
9 Citations
19 Claims
-
1. A computerized method of determining vulnerability of a computing system, the method comprising:
-
identifying a component, addressable in the computing system, and decoding first addresses directed thereto controlling at least one of control and configuration of the component; selecting second addresses as a subset of the first addresses; and for each selected second address, performing the following steps; selecting, the each selected second address as a target address, accessing the target address, determining that the accessing the target address causes a system failure, and removing access to the target address. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An article comprising a computer readable, non-transitory medium storing data structures comprising executables programmed to execute on a hardware processor and operational data processable by the executables, the data structures comprising:
-
first code executable to identify a component, addressable in a computing system and effective to decode first addresses directed thereto for at least one of controlling and configuring the component; second code executable to select second addresses as a subset of the first addresses; and third code executable to perform, for each of the second addresses, selecting the each second address as a target address, accessing the target address, determining that the accessing the target address causes a system failure, and removing access to the target address. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a processor instantiated in hardware operably connected in a computing system; a component addressable in the computer system; a configuration address space corresponding to the component, referencing at least one of an internal register, internal memory, and IP port, of the component; a computer-readable, non-transitory, storage medium operably connected to the processor; a set of instructions, executable to access the configuration address space; the set further comprising component access methods specific to the component, the set being effective to access second addresses selected from at least one of a reserved address, reserved test address, and undocumented address; the processor, programmed to detect a system failure corresponding to accessing at least one second addresses of the second addresses; and the processor, programmed to remove access to the at least one second address that caused the system failure. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification