System and method of defining the security vulnerabilities of a computer system
First Claim
Patent Images
1. A method of defining the security vulnerability of a computer system, comprising:
- specifying an attack representing a recognized vulnerability of the computer system;
specifying at least one attribute of the specified attack;
specifying at least one policy definition with respect to detecting the vulnerability of the specified attack; and
specifying a remedy for the specified vulnerability.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention comprises a method of defining security conditions of a computer system for the purpose of detecting vulnerabilities. The method comprises the steps of specifying a attack representing a recognized vulnerability of the computer system, specifying at least one attribute of the specified attack, specifying at least one policy definition with respect to detecting the vulnerability of the specified attack, specifying at least one attribute of the specified policy definition, and specifying a remedy for the specified vulnerability.
185 Citations
27 Claims
-
1. A method of defining the security vulnerability of a computer system, comprising:
-
specifying an attack representing a recognized vulnerability of the computer system;
specifying at least one attribute of the specified attack;
specifying at least one policy definition with respect to detecting the vulnerability of the specified attack; and
specifying a remedy for the specified vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of defining a security vulnerability condition of a system, comprising:
-
specifying a name of a vulnerability associated with the system;
specifying at least one attribute of the specified vulnerability;
specifying a remedy for the vulnerability according to the specified computing platform;
specifying a policy definition with respect to the specified vulnerability; and
specifying at least one attribute of the specified policy definition. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system of defining security vulnerabilities of a computer system, comprising:
-
a vulnerability description file containing a definition of at least one vulnerability, a definition of at least one policy item for the vulnerability;
an interpreter operable to parse the at least one vulnerability definition and at least one policy item definition in the vulnerability description file and organize the parsed definitions pursuant to a predetermined format; and
a data storage operable to store the parsed and organized at least one vulnerability and at least one policy item definition, wherein the data storage is accessible by at least one vulnerability scanner application. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification