ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS IN VIRTUAL MACHINES
First Claim
1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:
- receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information;
loading the image file into a computer memory;
executing the loaded image file to implement the virtual machine on a processor; and
analyzing the executing image file to obtain a listing of potential vulnerabilities.
4 Assignments
0 Petitions
Accused Products
Abstract
Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.
196 Citations
25 Claims
-
1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:
-
receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information; loading the image file into a computer memory; executing the loaded image file to implement the virtual machine on a processor; and analyzing the executing image file to obtain a listing of potential vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for analyzing vulnerabilities of a virtual machine represented using an image file, the system comprising:
-
a load-execute module to load and execute the virtual machine represented by the image file; a file extractor to extract one or more files in the image file; an analyzer to identify flow of information in at least one of the extracted files; a profiler to detect potential vulnerabilities of each identified flow; a scanner to detect potential vulnerabilities in the executing virtual machine; a reporter to combine the detected vulnerabilities into a security report comprising a listing of potential vulnerabilities, and to produce a security score; and a validator to compare the security report with a validation policy and to associate security data with the image file. - View Dependent Claims (20, 21)
-
-
22. A method of authenticating a virtual machine, the method comprising the steps of:
-
sending an image file representing a computer system as a virtual machine to a security analyzer; receiving security data from the security analyzer; analyzing the security data with reference to a security policy to determine compliance of the represented computer system with the security policy; and if the computer system is determined to be compliant, loading and executing the image file to implement the represented computer system as a virtual machine. - View Dependent Claims (23, 24, 25)
-
Specification