Method and system for identification of security vulnerabilities

US 10,528,745 B2
Filed: 05/04/2018
Issued: 01/07/2020
Est. Priority Date: 10/06/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor; and

a memory medium that is coupled to the processor and that includes instructions, when executed by the processor, cause the system to;

analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;

determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;

take remedial action based at least upon the vulnerabilities;

after the remedial action is taken;

repeat a scan of the given application component;

determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;

determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;

determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and

adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing an electronic device may include a processor and a memory. The memory may be communicatively coupled to the processor and include instructions. The instructions, when loaded and executed by the processor, cause the processor to scan data including one or more application components to uniquely identify elements therein, determine from a given application component additional components to be accessed by the given application component, scan the additional components to uniquely identify elements therein, determine whether the additional components include any known vulnerabilities, associate one or more known vulnerabilities of the additional components with the given application component, record the known vulnerabilities and the given application component. The given application component may be uniquely identified.

24 Citations

View as Search Results

39 Claims

1. A system, comprising:
- a processor; and
  
  a memory medium that is coupled to the processor and that includes instructions, when executed by the processor, cause the system to;
  
  analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  take remedial action based at least upon the vulnerabilities;
  
  after the remedial action is taken;
  
  repeat a scan of the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the instructions further cause the system to adjust characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from the system in which the given application component resides, the contextual information including security information.
  - 3. The system of claim 2, wherein, to take the remedial action, the instructions further cause the system to take the remedial action based at least on adjusted vulnerability characterizations.
  - 4. The system of claim 2, wherein, to take the remedial action, the instructions further cause the system to take the remedial action based at least on a security configuration of the system related to the vulnerabilities.
  - 5. The system of claim 2, wherein the instructions further cause the system to:
    - determine a measure of the vulnerabilities; and
      
      rank the vulnerabilities.
  - 6. The system of claim 2, wherein the instructions further cause the system to:
    - determine a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      rank the vulnerabilities.
  - 7. The system of claim 2, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 8. The system of claim 2, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 9. The system of claim 2, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on a determined change in a threat causing at least one of the vulnerabilities.
  - 10. The system of claim 1, wherein the instructions further cause the system to identify pentesting suggestions to further confirm presence of the vulnerabilities based upon identities of the vulnerabilities.
  - 11. The system of claim 1, wherein, to take the remedial action, the instructions further cause the system to take the remedial action in a form of changed intrusion detection or protection rules based upon identities of the vulnerabilities.
  - 12. The system of claim 1, wherein the instructions further cause the system to repeat a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 13. The system of claim 1, wherein the network security device includes a firewall.

14. At least one non-transitory machine readable storage medium that includes instructions that, when executed by a processor of a system, cause the system to:
- analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  take remedial action based at least upon the vulnerabilities;
  
  after the remedial action is taken;
  
  repeat a scan of the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The at least one non-transitory machine readable storage medium of claim 14, wherein the instructions further cause the system to adjust characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from the system in which the given application component resides, the contextual information including security information.
  - 16. The at least one non-transitory machine readable storage medium of claim 15, wherein, to take the remedial action, the instructions further cause the system to take the remedial action based at least on adjusted vulnerability characterizations.
  - 17. The at least one non-transitory machine readable storage medium of claim 15, wherein, to take the remedial action, the instructions further cause the system to take the remedial action based at least on a security configuration of the system related to the vulnerabilities.
  - 18. The at least one non-transitory machine readable storage medium of claim 15, wherein the instructions further cause the system to:
    - determine a measure of the vulnerabilities; and
      
      rank the vulnerabilities.
  - 19. The at least one non-transitory machine readable storage medium of claim 15, wherein the instructions further cause the system to:
    - determine a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      rank the vulnerabilities.
  - 20. The at least one non-transitory machine readable storage medium of claim 15, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 21. The at least one non-transitory machine readable storage medium of claim 15, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 22. The at least one non-transitory machine readable storage medium of claim 15, wherein, to adjust characterizations of the vulnerabilities, the instructions further cause the system to adjust characterizations of the vulnerabilities based at least on a determined change in a threat causing at least one of the vulnerabilities.
  - 23. The at least one non-transitory machine readable storage medium of claim 14, wherein the instructions further cause the system to identify pentesting suggestions to further confirm presence of the vulnerabilities based upon identities of the vulnerabilities.
  - 24. The at least one non-transitory machine readable storage medium of claim 14, wherein, to take the remedial action, the instructions further cause the system to take the remedial action in a form of changed intrusion detection or protection rules based upon identities of the vulnerabilities.
  - 25. The at least one non-transitory machine readable storage medium of claim 14, wherein the instructions further cause the system to repeat a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 26. The at least one non-transitory machine readable storage medium of claim 14, wherein the network security device includes a firewall.

27. A method, comprising:
- analyzing an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determining vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  taking remedial action based at least upon the vulnerabilities;
  
  after the remedial action is taken;
  
  repeating a scan of the given application component;
  
  determining, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determining, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determining from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjusting a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The method of claim 27, further comprising:
    - adjusting characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from the system in which the given application component resides, the contextual information including security information.
  - 29. The method of claim 28, wherein the taking the remedial action includes taking the remedial action based at least on adjusted vulnerability characterizations.
  - 30. The method of claim 28, wherein the taking the remedial action includes taking the remedial action based at least on a security configuration of the system related to the vulnerabilities.
  - 31. The method of claim 28, further comprising:
    - determining a measure of the vulnerabilities; and
      
      ranking the vulnerabilities.
  - 32. The method of claim 28, further comprising:
    - determining a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      ranking the vulnerabilities.
  - 33. The method of claim 28, wherein the adjusting characterizations of the vulnerabilities includes adjusting characterizations of the vulnerabilities based at least on contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 34. The method of claim 28, wherein the adjusting characterizations of the vulnerabilities includes adjusting characterizations of the vulnerabilities based at least on two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 35. The method of claim 28, wherein the adjusting characterizations of the vulnerabilities includes adjusting characterizations of the vulnerabilities based at least on a determined change in a threat causing at least one of the vulnerabilities.
  - 36. The method of claim 27, further comprising:
    - identifying pentesting suggestions to further confirm presence of the vulnerabilities based upon identities of the vulnerabilities.
  - 37. The method of claim 27, wherein the taking the remedial action includes taking the remedial action in a form of changed intrusion detection or protection rules based upon identities of the vulnerabilities.
  - 38. The method of claim 27, further comprising:
    - repeating a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 39. The method of claim 27, wherein the network security device includes a firewall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assured Enterprises, Inc.
Original Assignee
Assured Enterprises, Inc.
Inventors
Li, David
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US15/971,169
Publication Number

US 20180253558A1
Time in Patent Office

613 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Method and system for identification of security vulnerabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identification of security vulnerabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links