Security vulnerability information aggregation

US 20070067848A1
Filed: 03/02/2006
Published: 03/22/2007
Est. Priority Date: 09/22/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an interface for receiving from a plurality of sources vulnerability information associated with a particular security vulnerbility; and

an aggregator, operatively coupled to the interface, for receiving the vulnerability information through the interface, and for aggregating the vulnerability information received from the plurality of sources into a unified vulnerability definition associated with the security vulnerability.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.

Citations

23 Claims

1. An apparatus comprising:
- an interface for receiving from a plurality of sources vulnerability information associated with a particular security vulnerbility; and
  
  an aggregator, operatively coupled to the interface, for receiving the vulnerability information through the interface, and for aggregating the vulnerability information received from the plurality of sources into a unified vulnerability definition associated with the security vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein the interface comprises a plurality of interfaces, each interface of the plurality of interfaces being configured to receive vulnerability information from a respective group of one or more sources.
  - 3. The apparatus of claim 1, wherein the aggregator comprises a plurality of format adapters operatively coupled to the interface, each format adapter being configured to convert a format of vulnerability information received from a respective source into a format of the unified vulnerability definition.
  - 4. The apparatus of claim 1, wherein the aggregator comprises a content aggregator operatively coupled to the unified vulnerability definition based on corresponding portions of the vulnerability information received from the plurality of sources.
  - 5. The apparatus of claim 4, wherein the content aggregator is further configured to detect a conflict between vulnerability information received from different sources of the plurality of sources, and wherein the aggregator further comprises at least one of:
    - a conflict resolution module operatively coupled to the content aggregator and configured to resolve a conflict detected by the content aggregator; and
      
      a conflict alert module operatively coupled to the content aggregator and configured to allow a user to resolve a conflict detected by the content aggregator.
  - 6. The apparatus of claim 1, wherein the vulnerability information received from each source comprises respective source content arranged according to a respective source format, and wherein the aggregator comprises:
    - a plurality of format adapters operatively coupled to the interface, each format adapter being configured to convert vulnerability information from a respective source format into a format of the unified vulnerability definition; and
      
      a content aggregator operatively coupled to the plurality of format adapters and configured to determine a portion of content in the unified vulnerability definition format based on corresponding portions of source content in the converted vulnerability information received from the plurality of sources.
  - 7. The apparatus of claim 1, further comprising:
    - a user interface, operatively coupled to the aggregator, for providing a representation of the unified vulnerability definition.
  - 8. The apparatus of claim 1, further comprising:
    - one or more output interfaces operatively coupled to the aggregator, each output interface of the one or more output interfaces being configured to transmit the unified vulnerability definition to a respective group of one or more vulnerability information consumers.
  - 9. The apparatus of claim 8, further comprising:
    - a policies store, operatively coupled to the aggregator, for storing one or more aggregation policies, the one or more aggregation policies specifying respective sets of distribution parameters for one or more vulnerability information consumers, wherein the interface is configured for receiving from the plurality of sources vulnerability information associated with a plurality of security vulnerabilities, and wherein the aggregator is configured to aggregate received vulnerability information associated with one or more respective security vulnerabilities into one or more respective unified vulnerability descriptions in accordance with the aggregation policy of a vulnerability information consumer in the policies store, and to distribute the one or more respective unified vulnerability descriptions through an output interface of the one or more output interfaces to the vulnerability information consumer.
  - 10. The apparatus of claim 9, further comprising:
    - a vulnerability information store, operatively coupled to the interface and to the aggregator, for storing the vulnerability inforation associated with the plurality of security vulnerabilities, wherein the aggregator is further configured to, where an aggregation policy is added to or modified in the policies store, retrieve from the vulnerability information store vulnerability information associated with one or more respective security vulnerabilities in accordance with the new or modified aggregation policy, aggregate the retrieved vulnerability information into one or more respective unified vulnerability descriptions, and distribute the one or more respective unified vulnerability descriptions through an output interface of the one or more ouput interfaces to a vulnerability information consumer for which the new or modified aggregation policy specifies distribution parameters.

11. A method comprising:
- obtained from a plurality of sources vulnerability information associated with a particular security vulnerability; and
  
  aggregating the vulnerability information obtained from the plurality of sources into a unified vulnerability definition associated with the security vulnerability.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein aggregating comprises converting a format of vulnerability information received from each source into a format of the unified vulnerability definition.
  - 13. The method of claim 11, wherein aggregating comprises determining a portion of the unified vulnerability definition based on portions of the vulnerability information received from the plurality of sources.
  - 14. The method of claim 11, wherein determing comprises:
    - detecting a conflict between vulnerability information received from different sources of the plurality of sources; and
      
      resolving a detected conflict in accordance with at least one of;
      
      a set of one or more conflict rules, and a user input.
  - 15. The method of claim 11, wherein the vulnerability information received from each source comprises respective source content arranged according to a respective source format, and wherein the method further comprises:
    - converting the vulnerability information from each source format into a format of the unified vulnerability definition; and
      
      determing a portion of content in the unified vulnerability definition format based on corresponding portions of source content in the converted vulnerability information received from the plurality of sources.
  - 16. The method of claim 11, further comprising:
    - providing a representation of the unified vulnerability definition.
  - 17. The method of claim 11, wherein obtaining comprises at least one of:
    - requesting vulnerability information; and
      
      receiving vulnerability information.
  - 18. The method of claim 11, further comprising:
    - distributing the unified vulnerability definition to one or more vulnerability information consumers.
  - 19. The method of claim 18, wherein obtaining comprises obtaining form the plurality of sources vulnerability information associated with a plurality of security vulnerabilities, wherein aggregating comprises aggregating vulnerability information associated with one or more respective security vulnerabilities into one or more respective unified vulnerability descriptions in accordance with an aggregation policy that specifies distribution parameters for a vulnerability information consumer, and wherein distributing comprises distributing the one or more respective unified vulnerability descriptions to the vulnerability information consumer.
  - 20. A machine-readable medium storing instructions which when executed perform the method of claim 11.

21. A Graphical User Interface (GUI) comprising a representation of a unified vulnerability definition associated with a particular security vulnerability, the unified vulnerability definition comprising aggregated vulnerability information determined on the basis of vulnerability information obtained from a plurality of sources.
- View Dependent Claims (22)
- - 22. The GUI of claim 21, wherein the representation comprises an indication of the plurality of sources from which vulnerability information was aggregated into the unified vulnerability definition.

23. A machine-readable medium storing a data structure, the data structure comprising:
- a unified vulnerability definition associated with a particular security vulnerability, the unified vulnerability definition comprising aggregated vulnerability information determined on the basis of vulnerability information obtained from a plurality of sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Chow, Stanley, Gustave, Christophe, Wiemer, Douglas

Granted Patent

US 8,544,098 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Security vulnerability information aggregation

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Security vulnerability information aggregation

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links