System and method of defining the security condition of a computer system

US 20030159060A1
Filed: 10/31/2001
Published: 08/21/2003
Est. Priority Date: 10/31/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of defining the security condition of a computer system, comprising:

specifying an identity of an attack;

specifying at least one attribute of the specified attack;

specifying at least one policy definition with respect to the specified attack; and

specifying at least one attribute of the specified policy definition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention comprises a method of defining security conditions of a computer system. The method comprises the steps of specifying an identity of attack, specifying at least one attribute of the specified attack, and specifying at least one policy definition with respect to the specified attack, specifying at least one attribute of the specified policy definition.

Citations

29 Claims

1. A method of defining the security condition of a computer system, comprising:
- specifying an identity of an attack;
  
  specifying at least one attribute of the specified attack;
  
  specifying at least one policy definition with respect to the specified attack; and
  
  specifying at least one attribute of the specified policy definition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method, as set forth in claim 1, further comprising:
    - specifying a computing platform of the computer system; and
      
      specifying a data signature of the specified attack on the computing platform.
  - 3. The method, as set forth in claim 1, further comprising:
    - specifying a security category of the specified attack; and
      
      specifying at least one policy group with respect to the specified security category.
  - 4. The method, as set forth in claim 1, further comprising specifying a security product executing on the computer system.
  - 5. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying an identification of the severity associated with a breach of the computer system by the specified attack.
  - 6. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying a description of the attack.
  - 7. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying an explanation of why the specified attack is important.
  - 8. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying how information is to be reported to a user with respect to the specified attack.
  - 9. The method, as set forth in claim 1, wherein specifying at least one attribute of the specified attack comprises specifying an application operable to respond to a breach of the computer system by the specified attack.
  - 10. The method, as set forth in claim 1, wherein specifying a signature of the specified attack comprises:
    - specifying a network protocol;
      
      specifying a data pattern; and
      
      specifying an action in response to detecting the specified network protocol and data pattern.
  - 11. The method, as set forth in claim 1, wherein specifying a signature of the specified attack comprises specifying a direction of data flow.

12. A method of defining vulnerability conditions of a system coupled to a global network, comprising:
- specifying a name of an attack associated with a vulnerability of the system;
  
  specifying at least one attribute of the specified attack, and the severity of the specified attack associated with a breach of the computer system by the specified attack;
  
  specifying a policy definition with respect to the specified attack;
  
  specifying at least one attribute of the specified policy definition;
  
  specifying a computing platform of the system.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method, as set forth in claim 12, further comprising:
    - specifying a security category of the specified attack; and
      
      specifying at least one policy group with respect to the specified security category.
  - 14. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified attack comprises specifying how information is to be reported to a user with respect to the specified attack.
  - 15. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified attack comprises specifying an application operable to respond to a breach of the computer system by the specified attack.
  - 16. The method, as set forth in claim 12, wherein specifying at least one attribute of the specified attack comprises specifying a source of an application operable to repair the vulnerability.

17. A system of defining security conditions of a computer system, comprising:
- a vulnerability description file containing a definition of at least one attack and a definition of at least one policy item for the attack;
  
  an interpreter operable to parse the at least one attack and at least one policy item definition in the vulnerability description file and organize the parsed definitions pursuant to a predetermined format; and
  
  a data storage operable to store the parsed and organized at least one attack and at least one policy item definition, wherein the data storage is accessible by at least one security application.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 18. The system, as set forth in claim 17, wherein the data storage is a relational database having a plurality of tables.
  - 19. The system, as set forth in claim 17, wherein the data storage is a memory.
  - 20. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of a security product.
  - 21. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of a security category providing a grouping of the at least one attack, and a definition of a policy group providing a grouping of the at least one policy item.
  - 22. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of a computing platform.
  - 23. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of at least one attribute of the at least one attack.
  - 24. The system, as set forth in claim 17, wherein the vulnerability description file further comprises an identification of the severity associated with a breach of the computer system by the at least one attack.
  - 25. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a description of the at least one attack.
  - 26. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of how information are to be displayed and reported to the user in response to generated results with respect to the at least one attack.
  - 27. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a definition of an application operable to respond to a breach of the computer system by the at least one attack.
  - 28. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a signature of the specified attack having:
    - a network protocol;
      
      a data pattern; and
      
      an action in response to detecting the specified network protocol and data pattern.
  - 29. The system, as set forth in claim 17, wherein the vulnerability description file further comprises a signature of the specified attack having a direction of data flow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Anderson, Craig D., Tarquini, Richard P., Schertz, Richard L., Gales, George S.

Application Number

US10/001,431
Publication Number

US 20030159060A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

System and method of defining the security condition of a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of defining the security condition of a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links