System and method of defining the security vulnerabilities of a computer system

US 20030135749A1
Filed: 10/31/2001
Published: 07/17/2003
Est. Priority Date: 10/31/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of defining the security vulnerability of a computer system, comprising:

specifying an attack representing a recognized vulnerability of the computer system;

specifying at least one attribute of the specified attack;

specifying at least one policy definition with respect to detecting the vulnerability of the specified attack; and

specifying a remedy for the specified vulnerability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention comprises a method of defining security conditions of a computer system for the purpose of detecting vulnerabilities. The method comprises the steps of specifying a attack representing a recognized vulnerability of the computer system, specifying at least one attribute of the specified attack, specifying at least one policy definition with respect to detecting the vulnerability of the specified attack, specifying at least one attribute of the specified policy definition, and specifying a remedy for the specified vulnerability.

185 Citations

27 Claims

1. A method of defining the security vulnerability of a computer system, comprising:
- specifying an attack representing a recognized vulnerability of the computer system;
  
  specifying at least one attribute of the specified attack;
  
  specifying at least one policy definition with respect to detecting the vulnerability of the specified attack; and
  
  specifying a remedy for the specified vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method, as set forth in claim 1, further comprising specifying at least one attribute of the specified policy definition.
  - 3. The method, as set forth in claim 1, further comprising specifying a computing platform of the computer system.
  - 4. The method, as set forth in claim 1, further comprising:
    - specifying a security category of the specified attack; and
      
      specifying at least one policy group with respect to the specified security category.
  - 5. The method, as set forth in claim 1, further comprising specifying a vulnerability scanner executing on the computer system.
  - 6. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying an identification of the severity associated with a breach of the computer system by the attack.
  - 7. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying a description of the attack.
  - 8. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying an explanation of why the specified attack is important.
  - 9. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying how information is to be reported to a user with respect to the specified attack.
  - 10. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying a source of a remedy operable to fix the specified vulnerability.
  - 11. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying information to enable a manual remedy of the specified vulnerability.

12. A method of defining a security vulnerability condition of a system, comprising:
- specifying a name of a vulnerability associated with the system;
  
  specifying at least one attribute of the specified vulnerability;
  
  specifying a remedy for the vulnerability according to the specified computing platform;
  
  specifying a policy definition with respect to the specified vulnerability; and
  
  specifying at least one attribute of the specified policy definition.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method, as set forth in claim 12, further comprising specifying a computing platform of the system.
  - 14. The method, as set forth in claim 12, further comprising:
    - specifying a security category of the specified vulnerability; and
      
      specifying at least one policy group with respect to the specified security category.
  - 15. The method, as set forth in claim 12, further comprising specifying a vulnerability scanner executing on the system.
  - 16. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified vulnerability comprises specifying an identification of the severity associated with a breach of the specified vulnerability.
  - 17. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified vulnerability comprises specifying an explanation of why the specified vulnerability is important.
  - 18. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified vulnerability comprises specifying how information is to be reported to a user in response to detecting the specified vulnerability.
  - 19. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified vulnerability comprises specifying an application operable to respond to a detection of the specified vulnerability.

20. A system of defining security vulnerabilities of a computer system, comprising:
- a vulnerability description file containing a definition of at least one vulnerability, a definition of at least one policy item for the vulnerability;
  
  an interpreter operable to parse the at least one vulnerability definition and at least one policy item definition in the vulnerability description file and organize the parsed definitions pursuant to a predetermined format; and
  
  a data storage operable to store the parsed and organized at least one vulnerability and at least one policy item definition, wherein the data storage is accessible by at least one vulnerability scanner application.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The system, as set forth in claim 20, wherein the data storage is a relational database having a plurality of tables.
  - 22. The system, as set forth in claim 20, wherein the vulnerability description file further comprises a definition of a vulnerability scanner application.
  - 23. The system, as set forth in claim 20, wherein the vulnerability description file further comprises a definition of a security category providing a grouping of the at least one vulnerability, and a definition of a policy group providing a grouping of the at least one policy item.
  - 24. The system, as set forth in claim 20, wherein the vulnerability description file further comprises a definition of at least one attribute of the at least one vulnerability.
  - 25. The system, as set forth in claim 20, wherein the vulnerability description file fuirther comprises an identification of the severity of risk associated with the at least one vulnerability.
  - 26. The system, as set forth in claim 20, wherein the vulnerability description file further comprises a defintion of how information is to be displayed to a user with respect to the at least one vulnerability.
  - 27. The system, as set forth in claim 20, wherein the vulnerability description file further comprises a definition of an application o per able to respond to detecting the at least one vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Anderson, Craig D., Tarquini, Richard P., Schertz, Richard L., Gales, George S.

Application Number

US10/001,410
Publication Number

US 20030135749A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

System and method of defining the security vulnerabilities of a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

185 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of defining the security vulnerabilities of a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

185 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links