Detecting Software Vulnerabilities in an Isolated Computing Environment

US 20130111587A1
Filed: 10/27/2011
Published: 05/02/2013
Est. Priority Date: 10/27/2011
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method performed at least in part on at least one processor, comprising, detecting software vulnerabilities using an isolated computing environment, including automatically generating tasks for evaluating an input submission, defining various configurations of one or more computing units that are running within the isolated computing environment, executing the tasks on the one or more computing units, and producing a report associated with the executing of the tasks.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject disclosure is directed towards detecting software vulnerabilities in an isolated computing environment. In order to evaluate each input submission from an external computer, a plurality of tasks are automatically generated for execution on one or more computing units running within the isolated computing environment. Various configurations of the one or more computing units are defined in which each computing unit executes the plurality of tasks. A report is produced comprising results associated with such an execution.

Citations

20 Claims

1. In a computing environment, a method performed at least in part on at least one processor, comprising, detecting software vulnerabilities using an isolated computing environment, including automatically generating tasks for evaluating an input submission, defining various configurations of one or more computing units that are running within the isolated computing environment, executing the tasks on the one or more computing units, and producing a report associated with the executing of the tasks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein executing at least one of the tasks causes malicious software code within the input submission to fail.
  - 3. The method of claim 1, wherein executing the tasks further comprises opening the input submission in a hardened execution environment.
  - 4. The method of claim 3, wherein executing the tasks further comprises identifying malicious software code within the input submission.
  - 5. The method of claim 3, wherein executing the tasks further comprises identifying faulty software code within the hardened execution environment.
  - 6. The method of claim 5, wherein identifying the faulty software code further comprises identifying at least one of faulty kernel mode software code, faulty user mode software code and faulty privileged software code.
  - 7. The method of claim 3 further comprising modifying the hardened execution environment using one or more security amplification techniques and repeating the executing step.
  - 8. The method of claim 1, wherein defining the various configurations further comprises provisioning a virtual machine with computing resources, a program version and a set of operating system settings.
  - 9. The method of claim 1, wherein defining the various configurations further comprises altering an underlying operating system to cause a crash when a program comprises faulty software code and opens the input submission.

10. In a computing environment, a system, comprising, a detection system configured to identify software vulnerabilities using an isolated computing environment, the detection system further configured to segregate one or more computing units from an external computer using a firewall, automatically generate tasks for evaluating an input submission on various configurations of the one or more computing units, and while executing the tasks on the one or more computing units, the detection system further configured to monitor resources within the one or more computing units for the software vulnerabilities.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The system of claim 10, wherein the input submission comprises a URL.
  - 12. The system of claim 11, wherein the detection system evaluates downloaded content corresponding to the URL.
  - 13. The system of claim 10, wherein the input submission comprises a file.
  - 14. The system of claim 10, wherein the detection system is coupled to proxy servers that are located in different geological regions.
  - 15. The system of claim 10, wherein the detection system applies a security amplifying technique to an execution environment.
  - 16. The system of claim 15, wherein the execution environment causes a crash within the one or more computing units when processing the input submission.

17. One or more computer-readable media having computer-executable instructions, which when executed perform steps, comprising:
- preventing data communications between one or more computing units from communicating with an external computer except for one or more proxy servers;
  
  configuring the one or more computing units to execute tasks on an input submission from the external computer;
  
  altering an execution environment of the one or more computing units to cause a crash in response to a software vulnerability; and
  
  producing a report comprising results associated with the tasks.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer-readable media of claim 17 having further computer-executable instructions comprising:
    - executing the tasks using a program that opens the input submission;
      
      identifying faulty software code within the program based on crash-related data.
  - 19. The one or more computer-readable media of claim 17 having further computer-executable instructions comprising:
    - examining the crash-related data to determine whether the input submission comprises malicious software code.
  - 20. The one or more computer-readable media of claim 17 having further computer-executable instructions comprising:
    - generating simulated end-user tasks based on a heuristic analysis of the input submission.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Goel, Nitin Kumar, Johnson, Kenneth D., Miller, Matthew Ryan, Riggs, Gregory Justice, Pai, Navin Narayan, Wroblewski, Grzegorz M.

Granted Patent

US 9,021,587 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 2221/034 Test or assess a computer o...

Detecting Software Vulnerabilities in an Isolated Computing Environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Detecting Software Vulnerabilities in an Isolated Computing Environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links