Method of identifying software vulnerabilities on a computer system

US 20040088565A1
Filed: 11/04/2002
Published: 05/06/2004
Est. Priority Date: 11/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method of identifying a software vulnerability on a computer system having software stored thereon, the computer system being connected to a management system over a computer network, the method comprising:

applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied;

in the event that a software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and

sending the management information to the management system.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

Citations

27 Claims

1. A method of identifying a software vulnerability on a computer system having software stored thereon, the computer system being connected to a management system over a computer network, the method comprising:
- applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied;
  
  in the event that a software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and
  
  sending the management information to the management system.
- View Dependent Claims (2, 3, 17)
- - 2. A method according to claim 1, wherein a plurality of interrogation programs are applied to the computer system, each interrogation program being capable of exploiting a different known software vulnerability if it is present in the software to which the interrogation programs are applied, and wherein in the event that a software vulnerability is exploited by one of the interrogation programs, the method further comprises operating that respective interrogation program to generate a set of management information from which can be derived the identification of the software vulnerability so exploited.
  - 3. A method according to claim 1, wherein the interrogation program is further arranged to remediate the known software vulnerability in response to it being identified.
  - 17. A method according to claim 1, wherein the interrogation program is a http command.

4. A method of identifying software vulnerabilities in a computer network, the computer network comprising a plurality of computer systems having software stored thereon, a scanning system capable of sending at least one interrogation program to each of the computer systems, the at least one interrogation program being arranged to exploit a known software vulnerability if it is present in the software of the computer systems to which the interrogation program is applied, and a management system, the method comprising:
- operating the scanning system to apply the at least one interrogation program to the computer systems thereby to determine whether a known software vulnerability is exploited;
  
  in the event that a known software vulnerability is exploited, operating the interrogation program to generate management information at the computer system on which the known software vulnerability was exploited, the management information at least identifying the computer system on which the known software vulnerability was exploited; and
  
  sending the generated management information to the management system.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 5. A method according to claim 4, wherein each computer system has an associated network address and wherein the management information sent to the management system includes the network address of the computer system on which the known software vulnerability was identified.
  - 6. A method according to claim 5, wherein the network address is the IP address of the computer system.
  - 7. A method according to claim 4, wherein the scanning system and the management system are implemented on a single computer system.
  - 8. A method according to claim 4, wherein the at least one interrogation program is further arranged to remediate the known software vulnerability it is arranged to exploit, and wherein in the event that the interrogation program exploits a software vulnerability, the method further comprises operating that interrogation program to remediate said software vulnerability.
  - 9. A method according to claim 8, wherein the management information generated by the at least one interrogation program further comprises information indicative of the remediation operation performed.
  - 10. A method according to claim 8, wherein the remediation operation is partial, and wherein the management information generated by the at least one interrogation program further comprises information indicative of the remediation operation performed and any remediation operation required.
  - 11. A method according to claim 4, wherein in the event that a software vulnerability is exploited on one of the computer systems, the interrogation program further operates to identify viruses present on said computer system, the management information including an identification of the at least one virus so identified.
  - 12. A method according to claim 4, wherein, in response to receiving management information from a computer system indicating the presence of a software vulnerability, the management system retrieves a remediation program appropriate to the known software vulnerability and sends the retrieved remediation program to the computer system on which the software vulnerability was identified.
  - 13. A method according to claim 12, wherein the management system retrieves the remediation program from a database storing a plurality of remediation programs, said retrieved remediation program being selected in accordance with the software vulnerability identified in the management information.
  - 14. A method according to claim 4, wherein the management system disables at least part of the computer network in response to receiving management information indicating the presence of a software vulnerability.
  - 15. A method according to claim 4, wherein the management system sends an alert message to the at least one computer system on which a vulnerability is identified in response to receiving management information indicating the presence of a software vulnerability.
  - 16. A method according to claim 4, wherein the management system is capable of remotely stopping the operation of the at least one interrogation program operating on the computer systems.

18. A method of identifying a software vulnerability on a computer system having software stored thereon, the computer system being connected to a management system over a computer network, the method comprising:
- applying an interrogation program to the software, the interrogation program being capable of (i) exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied and (ii) remediating the known software vulnerability it is arranged to exploit;
  
  in the event that a software vulnerability is exploited by the interrogation program, operating the interrogation program to remediate the software vulnerability so exploited and generate a set of management information from which can be derived the identification of the computer system; and
  
  sending the management information to the management system.

19. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of a processing means so as to identify a software vulnerability on a computer system, the computer program performing the steps of:
- applying an interrogation program to software stored on the computer system, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; and
  
  in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived at least the identification of the computer system on which the software vulnerability was exploited, the computer program being capable of sending the generated management information over a computer network.

20. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of a processing means so as to identify software vulnerabilities in a computer network to which the processing means is connected, the computer network comprising a plurality of computer systems having software stored thereon, the computer program performing the steps of:
- (a) sending at least one interrogation program to each computer system, the at least one interrogation program being arranged to exploit a known software vulnerability if it is present in the software of the computer system to which the interrogation program is applied, and operating the at least one interrogation program to generate management information at the computer system on which a known software vulnerability is exploited, the management information identifying the computer system and the particular software vulnerability present on that computer system; and
  
  (b) receiving management information generated by each interrogation program.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. A computer program according to claim 20, wherein the computer program is arranged to generate, in accordance with the received management information, a database of computer systems on the computer network which have particular software vulnerabilities.
  - 22. A computer program according to claim 20, wherein the management information includes a respective network address associated with each computer system on which the software vulnerability was identified.
  - 23. A computer program according to claim 22, wherein the network address is the IP address of the respective computer system.
  - 24. A computer program according to claim 20, wherein the at least one interrogation program sent by the computer program is further capable of remediating the software vulnerability it is capable of identifying, and wherein in the event that the interrogation program identifies a software vulnerability, the interrogation program operates to remediate said software vulnerability.
  - 25. A computer program according to claim 20, wherein, in response to receiving management information from an interrogation program indicating the presence of a particular software vulnerability, the computer program receives a remediation program appropriate to the particular software vulnerability and sends said retrieved remediation program to the interrogation program.

26. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of a processing mean so as to identify a software vulnerability on a computer system having software stored thereon, the computer program being arranged:
- to interrogate the software of the computer system to detect the presence of a known software vulnerability if it is present in the software;
  
  in the event that a vulnerability is detected, to generate a set of management information from which can be derived the identification of the computer system; and
  
  to send the management information to a computer network.

27. A computer network comprising:
- a scanning system;
  
  a management system; and
  
  a plurality of computer systems, the scanning system being arranged to send at least one interrogation program to each of the computer systems, the at least one interrogation program being arranged to exploit a known software vulnerability if it is present in the software of a computer system to which the interrogation program is applied, to generate management information in the event that a known software vulnerability is exploited, and to send the generated management information to the management system, the management information identifying the computer system on which the known vulnerability was exploited and the particular software vulnerability present on that computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Flash Uplink LLC (Quest Patent Research Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Griffin, Jonathan, Norman, Andrew Patrick, Brawn, John Melvin, Scrimsher, John P.

Granted Patent

US 8,230,497 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Method of identifying software vulnerabilities on a computer system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method of identifying software vulnerabilities on a computer system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links