System and method for vulnerability remediation verification

US 10,503,909 B2
Filed: 10/31/2014
Issued: 12/10/2019
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a vulnerability remediation verification sub-system executed by a processor, the vulnerability remediation verification system to determine whether a vulnerability identified in a computer has been eliminated, and comprising;

a remediation scheduler to;

determine, based on the vulnerability identified in the computer, operations to be performed to eliminate the vulnerability; and

schedule performance of the operations by remediation processors; and

;

a reconciliation engine to determine;

whether the operations have been successfully performed; and

whether the operations have been performed by authorized remediation processors;

a vulnerability monitor to;

generate a vulnerability token that includes information that;

specifies the location of the vulnerability;

specifies the vulnerability; and

specifies the time by which remediation is to completed;

wherein the remediation scheduler is further to;

generate a remediation token that is separate from the vulnerability token, the remediation token comprising information provided by the reconciliation engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In remediating a computer vulnerability, operations to be performed to correct the vulnerability are identified. Remediation processors are scheduled to perform the operations. Whether the vulnerability has been corrected is determined by: determining whether the operations have been performed successfully; and determining whether the operations have been performed by authorized remediation processors.

63 Citations

16 Claims

1. A system, comprising:
- a vulnerability remediation verification sub-system executed by a processor, the vulnerability remediation verification system to determine whether a vulnerability identified in a computer has been eliminated, and comprising;
  
  a remediation scheduler to;
  
  determine, based on the vulnerability identified in the computer, operations to be performed to eliminate the vulnerability; and
  
  schedule performance of the operations by remediation processors; and
  
  ;
  
  a reconciliation engine to determine;
  
  whether the operations have been successfully performed; and
  
  whether the operations have been performed by authorized remediation processors;
  
  a vulnerability monitor to;
  
  generate a vulnerability token that includes information that;
  
  specifies the location of the vulnerability;
  
  specifies the vulnerability; and
  
  specifies the time by which remediation is to completed;
  
  wherein the remediation scheduler is further to;
  
  generate a remediation token that is separate from the vulnerability token, the remediation token comprising information provided by the reconciliation engine.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the vulnerability monitor is further to:
    - pass the vulnerability token to the reconciliation engine, wherein the reconciliation engine is to;
      
      extract the information from the vulnerability token; and
      
      provide the information to the remediation scheduler.
  - 3. The system of claim 2, wherein the remediation scheduler is to:
    - identify the remediation processors to perform the operations;
      
      generate the remediation token comprising;
      
      the information provided by the reconciliation engine;
      
      a field for recording each action, corresponding to one of the operations, performed by a remediation processor;
      
      a field for recording a result of testing each action by the remediation processor performing the action;
      
      a field for verifying the identity of each remediation processor performing an action corresponding to one of the operations;
      
      a field for verifying identity of the remediation scheduler;
      
      pass the remediation token to one of the identified remediation processors; and
      
      pass the remediation token to the reconciliation engine on completion of the operations.
  - 4. The system of claim 3, wherein the reconciliation engine is to:
    - establish whether remediation of the vulnerability is successful based on the information contained in the remediation token, and as part of establishing whether the remediation is successful to;
      
      verify that each of the operations to be performed has been completed prior to a deadline time specified by the vulnerability monitor;
      
      verify that each of the operations has been successfully performed based on the result of testing recorded in the remediation token;
      
      verify that each of the operations was performed by authorized remediation processors based on the identity of each remediation processor recorded in the remediation token; and
      
      verify the identity of the remediation scheduler based on the identity of the remediation scheduler recorded in the remediation token.
  - 5. The system of claim 1, wherein the remediation processors are to:
    - perform the operations; and
      
      provide notifications to the reconciliation engine of completion of each of the operations, andthe reconciliation engine is to track progress towards completion of remediation based on the notifications.

6. A method, comprising:
- identifying, by a processor, a vulnerability in a computer;
  
  identifying, based on the vulnerability, operations to be performed to correct the vulnerability;
  
  identifying a time by which remediation of the vulnerability is to be completed;
  
  generating a vulnerability token that includes information that;
  
  specifies a location of the vulnerability;
  
  specifies the vulnerability;
  
  specifies the time by which remediation of the vulnerability is to be completed;
  
  scheduling performance of the operations by remediation processors;
  
  determining whether the vulnerability has been corrected by;
  
  determining whether the operations have been performed successfully; and
  
  determining whether the operations have been performed by authorized remediation processors; and
  
  generating a remediation token that is separate from the vulnerability token, the remediation token comprising;
  
  a field for recording each action performed by an authorized remediation processor.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, further comprising:
    - passing the vulnerability token to a reconciliation process, and in the reconciliation process;
      
      extracting the information from the vulnerability token; and
      
      providing the information to a remediation scheduler.
  - 8. The method of claim 7, further comprising:
    - in the remediation processors;
      
      performing the operations; and
      
      providing notifications to the reconciliation process of completion of each of the operations,tracking, by the reconciliation process, progress towards completion of remediation based on the notifications.
  - 9. The method of claim 7, further comprising:
    - identifying the remediation processors to perform the operations;
      
      generating the remediation token comprising;
      
      the information provided by the reconciliation process;
      
      a field for recording a result of testing each action by the remediation processor performing the action;
      
      a field for verifying the identity of each remediation processor performing an action corresponding to one of the operations;
      
      a field for verifying identity of the remediation scheduler;
      
      passing the remediation token to one of the identified remediation processors; and
      
      passing the remediation token to the reconciliation process on completion of the operations.
  - 10. The method of claim 9, further comprising:
    - in the reconciliation process;
      
      establishing whether remediation of the vulnerability is successful based the information on contained in the remediation token, and as part of establishing whether the remediation is successful;
      
      verifying that each of the operations to be performed has been performed prior to the time by which remediation is to be completed;
      
      verifying that each of the operations has been successfully performed based on the result of testing recorded in the remediation token;
      
      verifying that each of the operations was performed by authorized remediation processors based on the identity of each remediation processor recorded in the remediation token;
      
      verifying the identity of the remediation scheduler based on the identity of the remediation scheduler recorded in the remediation token.
  - 11. The method of claim 6, the remediation token further comprising:
    - a signature of the authorized remediation processor that performed the operations.

12. A non-transitory computer-readable medium encoded with instructions that when executed cause a processor to:
- select, based on a vulnerability identified in a computer, operations to be performed to remediate the vulnerability;
  
  schedule performance of the operations by remediation logic; and
  
  determine whether the vulnerability has been remediated by;
  
  determining whether the operations have been performed successfully; and
  
  determining whether the operations have been performed by an authorized remediation process; and
  
  track progress towards completion of remediation based on completion of each of the operations,wherein the remediation logic comprises vulnerability token parsing logic and remediation success determination logic.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-readable medium of claim 12, encoded with instructions that when executed cause the processor to:
    - select a time by which the vulnerability is to be remediated; and
      
      generate a vulnerability token that includes information that;
      
      specifies the location of the vulnerability;
      
      specifies the vulnerability;
      
      specifies the time by which the vulnerability is to be remediated; and
      
      identifies a vulnerability monitoring system that selected the operations and generated the vulnerability token; and
      
      pass the vulnerability token to a reconciliation process, and in the reconciliation process;
      
      extract the information from the vulnerability token; and
      
      provide the information to a remediation scheduling process.
  - 14. The computer-readable medium of claim 13, encoded with instructions that when executed cause the processor to:
    - select the remediation process to perform the operations;
      
      generate a remediation token comprising;
      
      the operations to be performed to remediate the vulnerability;
      
      the information provided by the reconciliation process;
      
      a field for recording each action, corresponding to one of the operations, performed by the remediation process;
      
      a field for recording a result of testing each action by the remediation process performing the action;
      
      a field for verifying the identity of each remediation process performing an action corresponding to one of the operations;
      
      a field for verifying identity of the remediation scheduling process;
      
      pass the remediation token to the identified remediation process; and
      
      pass the remediation token to the reconciliation process on completion of the operations.
  - 15. The computer-readable medium of claim 14, encoded with instructions that when executed cause the processor to:
    - in the reconciliation process;
      
      establish whether remediation of the vulnerability is successful based the information on contained in the remediation token, and in establishing whether the remediation is successful;
      
      verify that each of the operations to be performed has been performed prior to the time by which remediation is to be completed;
      
      verify that each of the operations has been successfully performed based on the result of testing recorded in the remediation token;
      
      verify that each of the operations was performed by authorized remediation processes based on the identity of each remediation process recorded in the remediation token;
      
      verify the identity of a remediation scheduler based on the identity of the remediation scheduling process recorded in the remediation token.
  - 16. The computer-readable medium of claim 15, encoded with instructions that when executed cause the processor to:
    - in the remediation processes;
      
      perform the operations; and
      
      provide notifications to the reconciliation process of completion of each of the operations,track, by the reconciliation process, progress towards completion of remediation based on the notifications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Schmidt, Peter, Kalibjian, Jeff
Primary Examiner(s)
Su, Sarah

Application Number

US15/500,898
Publication Number

US 20170220808A1
Time in Patent Office

1,866 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/004   Error avoidance G06F11/07 a...

G06F 21/00   Security arrangements for p...

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

System and method for vulnerability remediation verification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for vulnerability remediation verification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links