Determining technology-appropriate remediation for vulnerability

US 20060021051A1
Filed: 07/23/2004
Published: 01/26/2006
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method of determining one or more technology-appropriate remediations for a common aspect of vulnerability, the method comprising:

receiving one or more vulnerability identifications (VIDs) and descriptions thereof, respectively, that have a common aspect of vulnerability;

determining a remediation identification (RID) associated with the common aspect of vulnerability;

creating, based upon the one or more VIDs and the descriptions thereof, a machine-actionable map between the RID, one or more technology identifications (TIDs), and one or more action identifications (ACTIDs) for actions that remediate the common aspect of vulnerability represented by the RID, where the map is a representation of the remediation candidate.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between: a RID field, the contents of which denote an identification (ID) of a remediation (RID); at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively; and at least one ACTID field, the contents of which denotes an ID of an action (ACTID). A method, of selecting a remediation that is appropriate to a technology present on a machine to be remediated, may include: providing such a machine-actionable memory; and indexing into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value.

Citations

37 Claims

1. A method of determining one or more technology-appropriate remediations for a common aspect of vulnerability, the method comprising:
- receiving one or more vulnerability identifications (VIDs) and descriptions thereof, respectively, that have a common aspect of vulnerability;
  
  determining a remediation identification (RID) associated with the common aspect of vulnerability;
  
  creating, based upon the one or more VIDs and the descriptions thereof, a machine-actionable map between the RID, one or more technology identifications (TIDs), and one or more action identifications (ACTIDs) for actions that remediate the common aspect of vulnerability represented by the RID, where the map is a representation of the remediation candidate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein:
    - the map is a first map; and
      
      the creating of the first map includes;
      
      providing a plurality of machine-actionable second maps, each map being between a given RID, at least two TIDs for which the given RID can be used, and two or more sets of ACTIDs, the two or more set of ACTIDs corresponding to the at least two TIDs, respectively; and
      
      selecting one or more instances of the plurality of second maps, where the one or more selected instances of second maps represents the first map.
  - 3. The method of claim 2, wherein the selecting includes:
    - indexing into the plurality of second maps using the RID to obtain a first subset of the plurality of second maps;
      
      determining a list of one or more TIDs that correspond to the one or more VIDs;
      
      eliminating members of the first subset that are specific to TIDs which are not present on the list.
  - 4. The method of claim 3, wherein the determining a list includes:
    - determining, for each of the one or more VIDs, a technology genus associated with a given VID; and
      
      populating the list with TIDs of technology species associated with the technology genus.
  - 5. The method of claim 1, wherein:
    - the receiving receives two or more VIDs and descriptions thereof, respectively; and
      
      the creating creates the machine-actionable map between the RID, two or more TIDs, and the two or more action identifications (ACTIDs).
  - 6. The method of claim 1, wherein the creating of the machine-actionable map includes:
    - creating a machine-actionable map between the one or more TIDs and the RID; and
      
      expanding the machine-actionable map to include the one or more ACTIDs.
  - 7. The method of claim 1, wherein each ACTID represents one or more operations that remediate the common aspect of vulnerability represented by the RID for a given TID.
  - 8. The method of claim 7, wherein each operation is an automatically-machine-actionable type of operation.
  - 9. The method of claim 8, wherein each operation is a machine-language command.
  - 10. The method of claim 9, wherein the machine-language command is a set of one or more Java byte codes.
  - 11. The method of claim 1, wherein the description of a VID is provided in a substantially non-machine-actionable format.
  - 12. The method of claim 11, wherein the description of a VID includes substantially non-machine-actionable identifications of one or more technologies which are susceptible to a specific vulnerability corresponding to the VID.
  - 13. The method of claim 1, further comprising:
    - expanding the machine-actionable map to include an invasiveness value that is indicative of a degree to which implementing the remediation on a machine is invasive thereof.
  - 14. The method of claim 13, wherein a continuum of invasiveness classifies patching an operating system as being a more invasive type of remediation and classifies editing a file as being a less invasive type of remediation.
  - 15. The method of claim 14, wherein the continuum of invasiveness classifies editing a registry value as being a moderately invasive type of remediation.
  - 16. The method of claim 1, further comprising:
    - expanding the machine-actionable map to include a substantially non-machine-actionable description of vulnerability corresponding to the RID.

17. A machine-actionable memory comprising:
- one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between a RID field, the contents of which denote an identification (ID) of a remediation (RID);
  
  at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively; and
  
  at least one ACTID field, the contents of which denotes an ID of an action (ACTID).
- View Dependent Claims (18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30, 31, 32)
- - 18. The memory of claim 17, wherein the data structure for at least one of the one-or-more machine-actionable records includes at least two of the TID fields, the contents of which denote least two TIDs, respectively.
  - 19. The memory of claim 17, wherein the data structure for at least one of the one-or-more machine-actionable records includes:
    - a plurality of ACTID fields, the contents of which denote ACTIDs, respectively;
      
      at least one SS link relating the plurality of ACTID fields;
      
      at least one T-SS link between the at-least-one TID field and the at-least-one subset, respectively; and
      
      at least on R-SS link between the RID field and the at-least-one subset.
  - 20. The memory of claim 19, wherein, for at least one of the one-or-more machine-actionable records, the data structure includes:
    - two or more of the SS links, the two-or-more SS links relating one or more of the plurality of ACTID fields as subsets, respectively, of the plurality of ACTID fields;
      
      at least two of the T-SS links, the at-least two T-SS links being between the at-least-two TID fields and the two-or-more subsets, respectively; and
      
      at least two of the R-SS links, the at-least-two R-SS links being between the RID field and the two-or-more subsets, respectively.
  - 21. The memory of claim 17, wherein each data structure further includes:
    - an invasiveness field, the contents of which denote a value that is indicative of a degree to which implementing the remediation on a machine is invasive thereof.
  - 22. The memory of claim 21, wherein the value corresponding to the invasiveness field represents a point on a continuum of invasiveness which classifies patching an operating system as being a more invasive type of remediation and classifies editing a file as being a less invasive type of remediation.
  - 23. The memory of claim 22, wherein the continuum of invasiveness classifies editing a registry value as being a moderately invasive type of remediation.
  - 26. A machine having a memory as in claim 17.
  - 27. A machine having a memory as in claim 18.
  - 28. A machine having a memory as in claim 19.
  - 29. A machine having a memory as in claim 20.
  - 30. A machine having a memory as in claim 21.
  - 31. A machine having a memory as in claim 22.
  - 32. A machine having a memory as in claim 23.

24. A method of selecting a remediation that is appropriate to a technology present on a machine to be remediated, the method comprising:
- providing a machine-actionable memory that includes one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between a RID field, the contents of which denote an identification (ID) of a remediation (RID), at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively, and at least one ACTID field, the contents of which denotes an ID of an action (ACTID); and
  
  indexing into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value.
- View Dependent Claims (25, 35, 36)
- - 25. The method of claim 24, further comprising:
    - receiving a vulnerability identification (VID); and
      
      determining a remediation identification (RID) associated with the VID;
      
      wherein the associated RID is the given RID.
  - 35. A machine configured to implement the method of claim 24.
  - 36. A machine configured to implement the method of claim 25.

33. A machine-readable medium comprising instructions, execution of which by a machine selects a remediation that is appropriate to a technology present on a machine to be remediated, the machine-readable instructions including:
- a first code segment to provide a machine-actionable memory that includes one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between a RID field, the contents of which denote an identification (ID) of a remediation (RID), at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively, and a second code segment to index into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value.
- View Dependent Claims (34)
- - 34. The machine-readable medium of claim 33, wherein the machine-readable instructions further include:
    - a third code segment to receive a vulnerability identification (VID); and
      
      a fourth code segment to determine a remediation identification (RID) associated with the VID;
      
      wherein the associated RID is the given RID.

37. An apparatus for selecting a remediation that is appropriate to a technology present on a machine to be remediated, the method comprising:
- a machine-actionable memory that includes one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between a RID field, the contents of which denote an identification (ID) of a remediation (RID), at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively, and at least one ACTID field, the contents of which denotes an ID of an action (ACTID); and
  
  means for indexing into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Gandhe, Sudhir, O'Brien, Eric David, Tyree, David Spencer, D'Mello, Kurt

Granted Patent

US 8,171,555 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/577 Assessing vulnerabilities a...

Determining technology-appropriate remediation for vulnerability

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Determining technology-appropriate remediation for vulnerability

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links