THREAT EVALUATION SYSTEM AND METHOD

US 20130347116A1
Filed: 06/26/2013
Published: 12/26/2013
Est. Priority Date: 06/26/2012
Status: Active Grant

First Claim

Patent Images

1. A system for evaluating one or more probability for at least one threat to a client application that is communicably coupled to said system comprising:

a cyber reference library;

an opponent catalog; and

a network model,wherein said system produces a set of analyst reports providing a calculation of the results of said evaluation of said at least one threat to said client application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of evaluation of threats to elements of a client computer application having a cyber reference library, an opponent catalog and a network model. The systems and methods produce a set of analyst reports evaluating the threats to the client computer application. One embodiment of the system for evaluating at least one threat to a client computer application has a threat evaluation engine which performs a plurality of algorithms, where each algorithm of has implementation specific needs for input into the individual algorithm, a threat evaluation results data store, a statistical analysis engine, and an analysis results data store.

146 Citations

39 Claims

1. A system for evaluating one or more probability for at least one threat to a client application that is communicably coupled to said system comprising:
- a cyber reference library;
  
  an opponent catalog; and
  
  a network model,wherein said system produces a set of analyst reports providing a calculation of the results of said evaluation of said at least one threat to said client application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 2. The system of claim 1, wherein said opponent catalog contains at least one set of actors comprising a plurality of possible threats for said system to evaluate, wherein said possible threats are mechanisms used to gain unauthorized access to said client application.
  - 3. The system of claim 2, wherein said mechanisms are data leakage attacks, resource depletion, injection, spoofing, time and state attacks, abuse of functionality, manipulation, physical security attacks, network reconnaissance, social engineering, or supply chain attacks.
  - 4. The system of claim 1 further comprises a plurality of processors, and wherein said cyber reference library comprises service characterizations capable of interfacing with at least one processor of said system.
  - 5. The system of claim 1, wherein said network model comprises at least one element representation capable of communication with at least one other element representation.
  - 6. The system of claim 1 further comprising:
    - a threat evaluation engine used to produce said set of analyst reports.
  - 7. The system of claim 6 wherein said threat evaluation engine performs a plurality of algorithms, wherein each said algorithm of the plurality of algorithms having implementation specific needs for input into said individual algorithm.
  - 8. The system of claim 1 wherein said threat is a failure of a facility where said client application is located, wherein said failure is a mean-time failure, a failure due to a hurricane, a failure due to construction work, or a facility failure due to a power outage, water damage, or fire damage.
  - 9. The system of claim 1 wherein the likelihood of said at least one threat is used to adjust the probabilities into measures of risk.
  - 10. The system of claim 9 wherein the impact of a breach is used to adjust said measures of risk which result in impact adjusted risk measures.
  - 11. The system of claim 1 wherein said one or more probability is determined for the detection of an on ongoing attack or a breach.
  - 12. The system of claim 1 wherein said one or more probability is determined for a plurality of operational alert levels.
  - 13. The system of claim 1 wherein said one or more probability is determined for a plurality of threat techniques and skill levels.
  - 14. The system of claim 1 wherein said one or more probability is determined for an egress of stolen materiel.
  - 15. The system of claim 1 wherein said one or more probability is determined for a plurality of detection influencing factors.
  - 16. The system of claim 1 wherein said one or more probability is determined for a plurality of operational policies and procedures.
  - 17. The system of claim 1 wherein at least one service access point connected to a target is progressively evaluated by performing a series of steps.
  - 18. The system of claim 17 wherein said series of steps are limited by a specified boundary.
  - 19. The system of claim 17 wherein said series of steps are limited to a probability threshold.
  - 20. The system of claim 17 wherein said series of steps are limited to a risk adjusted impact threshold.
  - 21. The system of claim 17 wherein said series of steps are limited to an amount of time taken in a simulation.
  - 22. The system of claim 17 wherein said series of steps are limited to a specific number of steps.
  - 23. The system of claim 1 wherein a range of permutations of a threat include skills, techniques of including signatures, starting gear, or target affinity.
  - 24. The system of claim 23 wherein said starting gear are passwords stolen from an external security domain.
  - 25. The system of claim 1 that analyzing a plurality of threats.
  - 26. The system of claim 1 wherein a plurality of permutations of a service include, a level of security hardening, processes and policies surrounding the management or use of said service, impacts, security domains, detectors, service states, physical conditions, or a combination thereof.
  - 27. The system of claim 1 wherein there is inhomogeneity between ingress and egress.
  - 28. The system of claim 1 having user specified customizations to items in a threat catalog, said cyber reference library, or both.
  - 29. The system of claim 1 wherein a user specifies a particular configuration on a particular date as a benchmark.
  - 30. The system of claim 29 wherein after specifying said benchmark, said user measures changes in said one or more probability of a risk over time caused by changes in a configuration of said network model or a threatscape, wherein said threatscape is defined by the date specific versions of said cyber reference library or a threat catalog.
  - 31. The system of claim 29 wherein after specifying said benchmark, said user measures changes in said one or more probability of a risk against a configuration of said network model which is flagged as a best practice.
  - 32. The system of claim 29 wherein after specifying said benchmark, said user measures changes in said one or more probability of a risk against a range of configurations of said network model in order to evaluate any changes in said range of configurations.
  - 33. The system of claim 1 wherein said one or more probability of a risk is calculated using statistical methods.
  - 34. The system of claim 1 wherein a plurality of targets dynamically change state throughout a simulation because of changes in said one or more probability of a risk.
  - 35. The system of claim 34 wherein said changes in said one or more probability includes a virtualized system, a mobile and other transient system, a data movement through said network model, a data state, a set of data throughput on a particular said network model location, a specific service configuration, a threat target affinity, a threat popular techniques, a threat gear, a physical environment state, a random or attack technique driven service failures, or a combination thereof.
  - 36. The system of claim 1 wherein which measures efficacy of an operations team.
  - 37. The system of claim 1 wherein a random number seed is specified so that the effects of permutations can be isolated specifically to those changes made by a system user or through date specific threat catalogs, cyber reference libraries, or network model scenarios and to test the repeatability of an unchanged model.

38. A system for evaluating the probabilities of at least one threat to a client application that is communicably coupled to said system comprising:
- a threat evaluation engine which performs a plurality of algorithms, wherein each said algorithm of the plurality of algorithms having implementation specific needs for input into said individual algorithm;
  
  a threat evaluation results data store;
  
  a statistical analysis engine;
  
  a network models data store; and
  
  an analysis results data store.

39. A non-transitory computer-readable medium having computer-executable instructions that when executed, causes one or more processors to perform a method for evaluating at least one threat to a client computer application, the method comprising:
- accessing an opponent catalog that contains at least one set of actors comprising a plurality of possible threats, wherein said possible threats are mechanisms used to gain unauthorized access to said client computer application;
  
  accessing a cyber reference library, wherein said cyber library maintains at least one service characterization describing the possible approaches a user has available to access a service on a network and analyzing the likelihood of success by said user to access said service;
  
  accessing a network model capable of representing how said user might gain unauthorized access to said client computer application;
  
  providing a plurality of data sets resulting from access and analysis steps to a threat evaluation engine, wherein said threat evaluation engine performs a plurality of algorithms, wherein each said algorithm of the plurality of algorithms having implementation specific needs for input into said individual algorithm; and
  
  producing a set of analyst reports providing a calculation of the results of said evaluation of said at least one threat to said client application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oppleo Security, Inc.
Original Assignee
Zuclu Research, LLC
Inventors
Flores, Roderick A., Rolston, Britny

Granted Patent

US 9,774,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

THREAT EVALUATION SYSTEM AND METHOD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

THREAT EVALUATION SYSTEM AND METHOD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links