AUTOMATIC DATA PATCH GENERATION FOR UNKNOWN VULNERABILITIES

US 20090144827A1
Filed: 11/30/2007
Published: 06/04/2009
Est. Priority Date: 11/30/2007
Status: Active Grant

First Claim

Patent Images

1. A system implemented on a machine that effectuates and facilitates data patch generation for vulnerabilities with informed probing, comprising:

a detector that receives or obtains a data stream containing exploits from an interface, the detector constructs a probe and determines whether the probe takes advantage of the vulnerabilities, and based at least in part on the determination the detector dynamically generates the data patch for the vulnerabilities.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.

Citations

20 Claims

1. A system implemented on a machine that effectuates and facilitates data patch generation for vulnerabilities with informed probing, comprising:
- a detector that receives or obtains a data stream containing exploits from an interface, the detector constructs a probe and determines whether the probe takes advantage of the vulnerabilities, and based at least in part on the determination the detector dynamically generates the data patch for the vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, the detector generates the probe by removing all iterative elements except an offending element.
  - 3. The system of claim 1, the detector generates the probe by adding iterative elements to a previously constructed minimal probe containing an offending element.
  - 4. The system of claim 1, the data patch utilized as a data filter in a network security device or a filtering application.
  - 5. The system of claim 1, the detector generates a constraint based data patch or a predicate based data patch.
  - 6. The system of claim 1, the probe directed to a prognosticative mechanism associated with the detector, the prognosticative mechanism ascertains a viability associated with the probe to exploit the vulnerabilities.
  - 7. The system of claim 1, the probe uncovers a new potential attack variant based at least in part on detected exploits contain in the data stream.
  - 8. The system of claim 1, the data stream obtained or received from a crash dump or a honeyfarm.
  - 9. The system of claim 1, the probes constructed based at least in part on data format specifications.
  - 10. The system of claim 9, the data format specifications specifies a protocol format using a domain specific language.
  - 11. The system of claim 9, the data format specification provides a message format, a protocol state machine, a message handler, or carries out protocol state transitions.
  - 12. The system of claim 9, the data patch includes refinements to the data format specifications.
  - 13. The system of claim 1, the data patch includes vulnerability predicates.
  - 14. The system of claim 13, the vulnerability predicates include a set of boolean conditions on data fields.
  - 15. The system of claim 1, the detector captures protocol contexts that include a protocol state at which the exploit is received.
  - 16. The system of claim 1, the detector minimizes construction of probes based at least in part on semantic information or constraints in a data specification.
  - 17. The system of claim 1, the detector enforces dependency constraints across data fields to prevent construction of invalid probes.
  - 18. The system of claim 1, the detector employs dynamic dataflow analysis, identifies buffer overruns, code injections, overwritten function pointers, return-to-libc attacks, tests for arbitrary execution control, arbitrary code execution, or arbitrary function arguments, or provides detailed information about the exploit or associated vulnerabilities including dataflow history or application state at the moment a vulnerability is identified.

19. A method implemented on a machine that effectuates and facilitates data patch generation for vulnerabilities, comprising:
- detecting an exploit received from a crash dump or honeyfarm;
  
  creating a probe based on the exploit;
  
  ascertaining whether the probe makes evident the vulnerabilities; and
  
  automatically generating the data patch for the vulnerabilities.

20. A system that generates vulnerability signatures for vulnerabilities, comprising:
- means for creating a probe based on a received attack instance;
  
  means for predicting whether the probe uncovers the vulnerabilities; and
  
  means for dynamically creating data patches that cure the vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Locasto, Michael E., Wang, Jiahe Helen, Peinado, Marcus, Cui, Weidong

Granted Patent

US 8,613,096 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

AUTOMATIC DATA PATCH GENERATION FOR UNKNOWN VULNERABILITIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATIC DATA PATCH GENERATION FOR UNKNOWN VULNERABILITIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links