THREATS AND COUNTERMEASURES SCHEMA

US 20070192344A1
Filed: 05/11/2006
Published: 08/16/2007
Est. Priority Date: 12/29/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system that facilitates leveraging knowledge into development of an application, comprising:

an schema generation component that incorporates expertise into threats and countermeasures schema; and

an application engineering component that executes an engineering activity based at least in part upon the threats and countermeasures schema.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An threats and countermeasures schema that can incorporate expertise into an application engineering activity is provided. For example, a threats and countermeasures schema can be applied to a threat modeling component to converge knowledge into the activity by identifying categories, vulnerabilities, attacks and countermeasures based upon an application type, user objective, etc. The novel threats and countermeasures schema can create a common framework that converges knowledge with respect to any application engineering activity (e.g. threat modeling). For example, the schema can include lists of threats and attacks that can be acted upon. As well, the framework can include a list of novel countermeasures based upon the attacks. Additionally, a context precision mechanism can be employed to automatically and/or dynamically determine a context of an application environment. This context can be used to automatically generate an appropriate schema based upon the determined application type.

Citations

20 Claims

1. A system that facilitates leveraging knowledge into development of an application, comprising:
- an schema generation component that incorporates expertise into threats and countermeasures schema; and
  
  an application engineering component that executes an engineering activity based at least in part upon the threats and countermeasures schema.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, the threats and countermeasures schema comprises:
    - a category identifier;
      
      a vulnerability identifier;
      
      an attack identifier; and
      
      a countermeasure identifier.
  - 3. The system of claim 1, the engineering activity is at least one of a security objective definition, a threat modeling, a code inspection and a deployment inspection activity.
  - 4. The system of claim 1, further comprising a context precision component that analyzes the application and establishes a context;
    - the threats and countermeasures schema is based at least in part upon the context.
  - 5. The system of claim 4, the context defines at least one of an application type, a project type, and a life cycle type.
  - 6. The system of claim 1, the threats and countermeasures schema defines an input validation category.
  - 7. The system of claim 6, the threats and countermeasures schema comprises a non-validated input vulnerability component, a buffer overflow attack component and an input validation countermeasure component.
  - 8. The system of claim 1, the threats and countermeasures schema defines an authentication category.
  - 9. The system of claim 8, the threats and countermeasures schema comprises a weak passwords vulnerability component, a network eavesdropping attack component and a strong passwords countermeasure component.
  - 10. The system of claim 1, further comprising a machine learning and reasoning (MLR) component that infers an action that a user desires to be automatically performed.

11. A computer-implemented method of engineering an application, comprising:
- generating a threats and countermeasures schema; and
  
  executing an application engineering activity based at least in part upon the threats and countermeasures schema.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer-implemented method of claim 11, further comprising determining a context of the application and incorporating the context into the act of generating the threats and countermeasures schema.
  - 13. The computer-implemented method of claim 12, the context includes at least one of an application type, a project type and a life cycle type.
  - 14. The computer-implemented method of claim 11, the act of generating a threats and countermeasures schema comprises:
    - embedding a category identifier;
      
      embedding a vulnerability identifier;
      
      embedding an attack identifier; and
      
      embedding a countermeasure identifier.
  - 15. The computer-implemented method of claim 11, the threats and countermeasures schema defines at least one of an input and data validation system, an authentication system, an authorization system, an auditing and logging system, a client side validation system, a communications security system, a configuration management system, a cryptography system, an exception management system, a sensitive data system and a session management system.

16. A computer-executable system that facilitates leveraging knowledge into engineering of an application, comprising:
- means for identifying a context of the application;
  
  means for identifying a threats and countermeasures schema based at least in part upon the context; and
  
  means for performing an application engineering activity based at least in part upon the threats and countermeasures schema.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-executable system of claim 16, the threats and countermeasures schema includes a category, a vulnerability, an attack and a countermeasure based at least in part upon the context.
  - 18. The computer-executable system of claim 17, the means for identifying the context is a context precision component.
  - 19. The computer-executable system of claim 18, the engineering activity is a threat modeling activity.
  - 20. The computer-executable system of claim 18, the category is at least one of an input and data validation system, an authentication system, an authorization system, an auditing and logging system, a client side validation system, a communications security system, a configuration management system, a cryptography system, an exception management system, a sensitive data system and a session management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Vasireddy, Srinath, Meier, John, Dunner, Michael

Application Number

US11/382,857
Publication Number

US 20070192344A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 8/10 Requirements analysis; Spec...

THREATS AND COUNTERMEASURES SCHEMA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

THREATS AND COUNTERMEASURES SCHEMA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links