ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS IN VIRTUAL MACHINES

US 20120072968A1
Filed: 06/07/2011
Published: 03/22/2012
Est. Priority Date: 02/16/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:

receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information;

loading the image file into a computer memory;

executing the loaded image file to implement the virtual machine on a processor; and

analyzing the executing image file to obtain a listing of potential vulnerabilities.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.

196 Citations

25 Claims

1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:
- receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information;
  
  loading the image file into a computer memory;
  
  executing the loaded image file to implement the virtual machine on a processor; and
  
  analyzing the executing image file to obtain a listing of potential vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the analyzing step comprises:
    - extracting files of the virtual machine from the image file;
      
      identifying at least one installed application within the virtual machine;
      
      identifying and separating one or more files related to the installed application;
      
      detecting one or more potential vulnerabilities of each separated file using a vulnerability database; and
      
      combining the detected potential vulnerabilities with the listing of potential vulnerabilities.
  - 3. The method of claim 2, wherein detecting one or more potential vulnerabilities comprises:
    - building a control flow model of at least one of the separated files;
      
      building a data flow model of at least one of the separated files; and
      
      detecting the one or more potential vulnerabilities by scanning one or more of the models.
  - 4. The method of claim 2, wherein the analyzing step further comprises inspecting an operating system configuration to detect one or more potential vulnerabilities.
  - 5. The method of claim 2, wherein the analyzing step further comprises inspecting registry files to detect one or more potential vulnerabilities.
  - 6. The method of claim 2, wherein the analyzing step further comprises determining if a plurality of applications are included in the virtual machine, and if so, analyzing interactions among the plurality of installed applications comprising the steps of:
    - building an interaction control flow model among the plurality of installed applications;
      
      building an interaction data flow model among the plurality of installed applications; and
      
      detecting one or more potential vulnerabilities by scanning each interaction model.
  - 7. The method of claim 1, wherein the analyzing step comprises scanning the executing image file using one or more of a network vulnerability scanner and a host vulnerability scanner.
  - 8. The method of claim 1, further comprising the steps of:
    - detecting an executing application within the virtual machine;
      
      detecting potential vulnerabilities of the executing application using a scanner; and
      
      combining the detected potential vulnerabilities with the listing of potential vulnerabilities.
  - 9. The method of claim 8, wherein the analyzing the executing application comprises:
    - connecting to the application;
      
      providing at least one test input; and
      
      inspecting a response from the executing application to the at least one test input to detect one or more potential vulnerabilities.
  - 10. The method of claim 9, further comprising providing login credentials of the executing application.
  - 11. The method of claim 9, further comprising providing user interface navigation information associated with the executing application.
  - 12. The method of claim 9, further comprising providing sample user input data associated with the executing application.
  - 13. The method of claim 8, further comprising performing fuzz testing on the executing application comprising the steps of:
    - sending test data to the executing application through a network port; and
      
      inspecting a response of the executing application to the test data to detect one or more potential vulnerabilities.
  - 14. The method of claim 13, further comprising re-executing the loaded image file if the executing application does not respond to the test data.
  - 15. The method of claim 1, further comprising:
    - creating a security report from the listing of potential vulnerabilities;
      
      computing a security score from the security report; and
      
      comparing the security score with at least one security score associated with an implementation of the computer system.
  - 16. The method of claim 15, further comprising the steps of:
    - receiving a validation policy;
      
      comparing the security report with the validation policy to derive a set of security data; and
      
      associating the security data with the image file.
  - 17. The method of claim 16, wherein the associating step comprises creating a unique hash of the image file.
  - 18. The method of claim 16, wherein the associating step comprises creating a signature.

19. A system for analyzing vulnerabilities of a virtual machine represented using an image file, the system comprising:
- a load-execute module to load and execute the virtual machine represented by the image file;
  
  a file extractor to extract one or more files in the image file;
  
  an analyzer to identify flow of information in at least one of the extracted files;
  
  a profiler to detect potential vulnerabilities of each identified flow;
  
  a scanner to detect potential vulnerabilities in the executing virtual machine;
  
  a reporter to combine the detected vulnerabilities into a security report comprising a listing of potential vulnerabilities, and to produce a security score; and
  
  a validator to compare the security report with a validation policy and to associate security data with the image file.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, further comprising:
    - an application identifier to identify one or more installed applications within the virtual machine; and
      
      an interaction analyzer to identify flow of information among the identified applications.
  - 21. The system of claim 20, further comprising a tester to test the executing applications by providing test data to the applications and to detect one or more potential vulnerabilities by analyzing response of the executing application to the provided test data.

22. A method of authenticating a virtual machine, the method comprising the steps of:
- sending an image file representing a computer system as a virtual machine to a security analyzer;
  
  receiving security data from the security analyzer;
  
  analyzing the security data with reference to a security policy to determine compliance of the represented computer system with the security policy; and
  
  if the computer system is determined to be compliant, loading and executing the image file to implement the represented computer system as a virtual machine.
- View Dependent Claims (23, 24, 25)
- - 23. The method of claim 22, wherein the security data comprises a security signature, and the analyzing step comprises determining the authenticity of the security signature.
  - 24. The method of claim 22, wherein the security data comprises a security report, and the analyzing step comprises comparing the security report with the security policy.
  - 25. The method of claim 22, further comprising sending the security policy to the security analyzer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veracode Incorporated (Broadcom, Inc.)
Original Assignee
Veracode Incorporated (Broadcom, Inc.)
Inventors
Wysopal, Christopher J., Moynahan, Matthew P., Stevenson, Jon R.

Granted Patent

US 8,613,080 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 11/3612   by runtime analysis perform...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS IN VIRTUAL MACHINES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

ASSESSMENT AND ANALYSIS OF SOFTWARE SECURITY FLAWS IN VIRTUAL MACHINES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links