Systems and methods of associating security vulnerabilities and assets

US 20070067846A1
Filed: 03/02/2006
Published: 03/22/2007
Est. Priority Date: 09/22/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a comparison module configured for comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics; and

an association module operatively coupled to the comparison module and configured for associating the security vulnerability and a particular asset of the one or more assets where (i) the definition of the particular asset comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition and (ii) either the definition of the particular asset or the definition of another asset of the one or more assets that has a relationship with the particular asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.

134 Citations

View as Search Results

21 Claims

1. An apparatus comprising:
- a comparison module configured for comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics; and
  
  an association module operatively coupled to the comparison module and configured for associating the security vulnerability and a particular asset of the one or more assets where (i) the definition of the particular asset comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition and (ii) either the definition of the particular asset or the definition of another asset of the one or more assets that has a relationship with the particular asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the first asset characteristic identifies one of an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and the second asset characteristic identifies the other of the asset platform that may be exploited via the security vulnerability and the asset platform that is affected when the exploited asset platform is exploited via the security vulnerability.
  - 3. The apparatus of claim 2, wherein the first asset characteristic and the second asset characteristic identify a common asset platform.
  - 4. The apparatus of claim 1, wherein the association module is further configured for associating the security vulnerability and the other asset where the definition of the particular asset comprises the first asset characteristic and the definition of the other asset comprises the second asset characteristic.
  - 5. The apparatus of claim 1, wherein the association module is configured for associating the security vulnerability and the particular asset by modifying at least one of:
    - the security vulnerability definition and the definition of the particular asset.
  - 6. The apparatus of claim 1, wherein the association module is configured for associating the security vulnerability and the particular asset by accessing a memory to create a logical association between the security vulnerability and the particular asset.
  - 7. The apparatus of claim 2, wherein the plurality of asset characteristics further comprises a third asset characteristic identifying a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the association module being further configured for creating a further association between the security vulnerability and an asset of the one or more assets where (i) the definition of the particular asset comprises the first asset characteristic, (ii) either the definition of the particular asset or the definition of the other asset comprises the second asset characteristic, (iii) the definition of an asset of the one or more assets comprises the third asset characteristic, and (iv) the asset defined by the definition that comprises the third asset characteristic is, or has a relationship with, the one of the particular asset and the other asset whose definition comprises the asset platform that is protected by the protecting asset platform.
  - 8. The apparatus of claim 7, wherein the association module is further configured for performing, where the further association is to be created, an operation selected from the group consisting of:
    - aborting the associating of the security vulnerability and the particular asset, and removing an association between the security vulnerability and the particular asset.
  - 9. The apparatus of claim 1, wherein the first asset characteristic identifies an asset platform that may be exploited via the security vulnerability and the second asset characteristic identifies an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, wherein the comparison module is configured for comparing the first asset characteristic to a definition of each asset in a first group of the one or more assets, and for comparing the second asset characteristic to a definition of each asset in a second group of the one or more assets where the definition of at least one asset of the one or more assets in the first group comprises the first asset characteristic.
  - 10. The apparatus of claim 8, wherein the second group comprises the at least one asset and each asset having a relationship with the at least one asset.

11. A method comprising:
- comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics;
  
  determining whether the definition of an asset of the one or more assets comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition;
  
  where the definition of an asset of the one or more assets comprises the first asset characteristic, determining whether either the definition of the asset or the definition of another asset of the one or more assets that has a relationship with the asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition; and
  
  associating the security vulnerability and the asset where (i) the definition of the asset comprises the first asset characteristic and (ii) either the definition of the asset or the definition of another asset of the one or more assets that has a relationship with the asset comprises the second asset characteristic.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the first asset characteristic identifies one of an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and the second asset characteristic identifies the other of the asset platform that may be exploited via the security vulnerability and the asset platform that is affected when the exploited asset platform is exploited via the security vulnerability.
  - 13. The method of claim 12, wherein the first asset characteristic and the second asset characteristic identify a common asset platform.
  - 14. The method of claim 11, further comprising:
    - associating the security vulnerability and the other asset where the definition of the asset comprises the first asset characteristic and the definition of the other asset comprises the second asset characteristic.
  - 15. The method of claim 12, further comprising, where the definition of the asset comprises the first asset characteristic and either the definition of the asset or the definition of the other asset comprises the second asset characteristic:
    - determining whether the definition of an asset of the one or more assets comprises a third asset characteristic of the plurality of asset characteristics in the security vulnerability definition, the third asset characteristic identifying a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability;
      
      determining, where the definition of an asset comprises the third asset characteristic, whether the asset defined by the definition that comprises the third asset characteristic is, or has a relationship with, the one of the asset and the other asset whose definition comprises the asset platform that is protected by the protecting asset platform; and
      
      associating the security vulnerability and the asset defined by the definition that comprises the third asset characteristic where the asset defined by the definition that comprises the third asset characteristic is, or has a relationship with, the one of the asset and the other asset whose definition comprises the asset platform that is protected by the protecting asset platform.
  - 16. The method of claim 11, wherein associating comprises accessing a memory to create a logical association between the security vulnerability and the asset.
  - 17. A machine-readable medium storing instructions which when executed perform the method of claim 11.

18. A Graphical User Interface (GUI) comprising:
- a representation of a security vulnerability via which an asset of an information system may be exploited to thereby affect the asset or another asset of the information system that has a relationship with the asset;
  
  a representation of the asset;
  
  a representation of a first type of association between the security vulnerability and the asset; and
  
  a representation of a second type of association either between the security vulnerability and the asset, where the asset may be exploited via the security vulnerability to affect the asset, or between the security vulnerability and the other asset, where the asset may be exploited via the security vulnerability to affect the other asset.
- View Dependent Claims (19, 20)
- - 19. The GUI of claim 18, further comprising, where the asset may be exploited via the security vulnerability to affect another asset of the information system that has a relationship with the asset:
    - a representation of the relationship between the asset and the other asset.
  - 20. The GUI of claim 18, further comprising, where the asset is protected from the security vulnerability by another asset of the information system that has a relationship with the asset:
    - a representation of the other asset; and
      
      a representation of the relationship between the asset and the other asset.

21. A machine-readable medium storing a data structure, the data structure comprising:
- an indication of a first type of association between an asset of an information system and a security vulnerability via which the asset may be exploited to thereby affect the asset or another asset of the information system that has a relationship with the asset; and
  
  an indication of a second type of association either between the security vulnerability and the asset, where the asset may be exploited via the security vulnerability to affect the asset, or between the security vulnerability and the other asset, where the asset may be exploited via the security vulnerability to affect the other asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Wiemer, Douglas, McNamee, Kevin, McFarlane, Bradley

Granted Patent

US 8,095,984 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Systems and methods of associating security vulnerabilities and assets

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

134 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of associating security vulnerabilities and assets

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links