DETECTING UNKNOWN SOFTWARE VULNERABILITIES AND SYSTEM COMPROMISES

US 20180300488A1
Filed: 06/19/2018
Published: 10/18/2018
Est. Priority Date: 08/27/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one computing device including at least one memory and at least one processor; and

at least one application executed by the at least one processor of the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least;

during a learning period, determine which of a plurality of portions of a software package are invoked;

determine at least one unused portion of the software package based at least in part on the portions of the software package invoked during the learning period; and

prevent the at least one unused portion of the software package from being accessed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for detecting unknown software vulnerabilities and system compromises. During a learning period, it is determined which of a plurality of portions of a software package are invoked. At least one unused portion of the software package is determined based at least in part on the portions of the software package invoked during the learning period. Access to the unused portion(s) of the software package is then prevented.

7 Citations

20 Claims

1. A system, comprising:
- at least one computing device including at least one memory and at least one processor; and
  
  at least one application executed by the at least one processor of the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least;
  
  during a learning period, determine which of a plurality of portions of a software package are invoked;
  
  determine at least one unused portion of the software package based at least in part on the portions of the software package invoked during the learning period; and
  
  prevent the at least one unused portion of the software package from being accessed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein preventing the at least one unused portion of the software package from being accessed comprises removing the at least one unused portion of the software package from the software package.
  - 3. The system of claim 1, wherein when executed the at least one application further causes the at least one computing device to at least:
    - after the learning period, determine that a different portion of the software package is invoked, the different portion being different than the portions of the software package invoked during the learning period; and
      
      perform an action in response to determining that the different portion of the software package is invoked.
  - 4. The system of claim 3, wherein the action comprises at least one of:
    - reinitiating the learning period or blocking the different portion of the software package.
  - 5. The system of claim 1, wherein when executed the at least one application further causes the at least one computing device to at least reenter the learning period in response to determining a change in the software package.
  - 6. The system of claim 1, wherein the software package is one of:
    - an open source software package or a third party software package.
  - 7. The system of claim 1, wherein when executed the at least one application further causes the at least one computing device to at least:
    - determine, after the learning period, that the at least one unused portion of the software package is being accessed; and
      
      remove the at least one unused portion of the software package from the software package.

8. A method, comprising:
- during a learning period, recording in a memory of at least one of one or more computing devices, at least one portion of a software package invoked during execution of the software package in the learning period;
  
  after the learning period, determining, via at least one service executed by at least one of the one or more computing devices, at least one unused portion of the software package based at least in part on the at least one portion of the software package invoked during the learning period; and
  
  performing, via the at least one service executed by at least one of the one or more computing devices, an action with respect to the at least one unused portion of the software package.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the action comprises blocking the at least one unused portion of the software package.
  - 10. The method of claim 8, wherein the action comprises determining to remove the at least one unused portion of the software package, and the method further comprises upon determining to remove the at least one unused portion of the software package, removing the at least one unused portion of the software package from the software package.
  - 11. The method of claim 8, wherein the action comprises determining to not remove the at least one unused portion of the software package, and the method further comprises:
    - upon determining to not remove the at least one unused portion of the software package, determining that a different portion of the software package is invoked after the learning period; and
      
      perform a different action with respect to the different portion of the software package.

12. A system, comprising:
- at least one computing device including at least one memory and at least one processor; and
  
  at least one application executed by the at least one processor of the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least;
  
  during a learning period, determine invoked portions of a software package;
  
  during the learning period, determine a frequency of use of at least one of the invoked portions of the software package;
  
  determine, for the at least one of the invoked portions of the software package, that the frequency of use during the learning period is different from a frequency of use after the learning period; and
  
  perform an action in response to determining that the frequency of use during the learning period is different from the frequency of use after the learning period.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein when executed the at least one application further causes the at least one computing device to at least:
    - determine an unused portion of the software package based at least in part on the invoked portions of the software package; and
      
      prevent the unused portion of the software package from being accessed.
  - 14. The system of claim 13, wherein preventing the unused portion of the software package from being accessed further comprises removing the unused portion of the software package from the software package.
  - 15. The system of claim 12, wherein the action comprises blocking the at least one of the invoked portions of the software package.
  - 16. The system of claim 12, wherein the action comprises reinitiating the learning period.
  - 17. The system of claim 12, wherein when executed the at least one application further causes the at least one computing device to at least:
    - after the learning period, determine that a different portion of the software package is invoked, the different portion being different than the invoked portions of the software package; and
      
      block the different portion of the software package from being invoked.
  - 18. The system of claim 17, wherein when executed the at least one application further causes the at least one computing device to at least send a notification to a supervisory user.
  - 19. The system of claim 12, further comprising a data store accessible to the at least one computing device and storing the software package.
  - 20. The system of claim 12, wherein the invoked portions of the software package correspond to at least one of:
    - a plurality of classes or a plurality of methods.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
SHARIFI MEHR, NIMA

Granted Patent

US 10,642,986 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

DETECTING UNKNOWN SOFTWARE VULNERABILITIES AND SYSTEM COMPROMISES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTING UNKNOWN SOFTWARE VULNERABILITIES AND SYSTEM COMPROMISES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links