System and method for identifying potential security risks in controls
First Claim
1. A computer-implemented method for identifying a potentially harmful software object, comprising:
- identifying a plurality of interesting controls out of a plurality of software objects that have been installed, the plurality of software objects being associated with a software program of interest, each interesting control having one or more characteristics that potentially allows the computer system to be subjected to a security risk upon execution of the interesting control on the computer system.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method for tracking and verifying that controls associated with an application of interest do not present a potential security risk. The method includes identifying controls of interest by determining which installed software objects associated with the application of interest exhibit certain characteristics, such as being publicly creatable, being designated as safe, and providing a security-related interface. Once the controls of interest are identified from the installed software objects, information associated with each control is obtained and stored. Each time the software program of interest is modified and re-installed, the information is updated to reflect the modifications. Additional information is also stored with the information. The information and the additional information may be provided to a browser for display and may be modified by a user to describe a present state associated with the control of interest (i.e., tested, untested).
50 Citations
30 Claims
-
1. A computer-implemented method for identifying a potentially harmful software object, comprising:
identifying a plurality of interesting controls out of a plurality of software objects that have been installed, the plurality of software objects being associated with a software program of interest, each interesting control having one or more characteristics that potentially allows the computer system to be subjected to a security risk upon execution of the interesting control on the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A system for tracking and verifying that controls have been tested for security concerns, comprising:
-
a client computer configured to identify a plurality of interesting controls and to obtain information associated with the plurality of interesting controls, the plurality of interesting controls being identified from installed software objects;
a server computer configured to receive the information from the client computer and to store the information in a database; and
a plurality of user computers configured to submit requests to the server computer and to receive a rich set of information for display in a browser executing on the user computer, the rich set of information allowing changes in the interesting controls to be tracked and verified. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method for tracking and verifying that controls have been tested for security concerns, comprising:
-
extracting information pertaining to a plurality of controls after a software program having a plurality of software objects has been installed on a computer system, the plurality of controls being a subset of the plurality of software objects;
storing the information in a database;
retrieving the information upon request;
displaying the information, along with additional information, in a browser, the additional information providing a mechanism for tracking and verifying that controls have been tested for security concerns;
updating the additional information through the browser; and
updating the database based on the additional information updated through the browser. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
Specification