Automated penetration analysis system and method
First Claim
1. A method for preventing users of a computer system from exploiting system flaws to gain illegal or unintended access to system variables, objects and/or operations, comprising the steps of:
- (1) generating a set of interpretation constants by applying a set of penetration-resistant properties to a given system, wherein said set of interpretation constants represent a database of required conditions, parameter validations and privilege checks that are associated with access to each abstract cell and critical function in said given system, wherein said given system has previously been determined to be penetration-resistant;
(2) generating an integrated flow path within said given system which records information regarding flows and condition checks that would be encountered along a given integrated flow path to an alter operation or a view operation on a particular abstract cell or an invoke operation on an internal system function;
(3) applying, in response to said alter operation, said view operation, or said invoke operation, a set of model rules to said given integrated flow path to determine whether said given integrated flow path conforms to said penetration-resistant properties, wherein said model rules are based on said interpretation constants; and
(4) allowing said alter operation, said view operation, or said invoke operation to proceed if said given integrated flow path was in conformity with said penetration-resistant properties.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a penetration-analysis method, which (1) provides a systematic approach to penetration analysis, (2) enables the verification of penetration-resistance properties, and (3) is amenable to automation. An Automated Penetration Analysis (APA) tool is provided, to support the penetration analysis method. The penetration-analysis system and method is based on a theory of penetration-resistant computer systems, a model of penetration analysis, and a unified representation of penetration patterns. The theory consists of the Hypothesis of Penetration-Resistant Systems and a set of design properties that characterize resistance to penetration. The penetration-analysis model defines a set of states, a state-invariant for penetration resistance, and a set of rules that can be applied for analyzing the penetration vulnerability of a system. An interpretation of the Hypothesis of Penetration-Resistant Systems within a given system provides the Hypothesis of Penetration Patterns, which enables the present invention to define a unified representation for a large set of penetration instances as missing check patterns.
243 Citations
6 Claims
-
1. A method for preventing users of a computer system from exploiting system flaws to gain illegal or unintended access to system variables, objects and/or operations, comprising the steps of:
-
(1) generating a set of interpretation constants by applying a set of penetration-resistant properties to a given system, wherein said set of interpretation constants represent a database of required conditions, parameter validations and privilege checks that are associated with access to each abstract cell and critical function in said given system, wherein said given system has previously been determined to be penetration-resistant; (2) generating an integrated flow path within said given system which records information regarding flows and condition checks that would be encountered along a given integrated flow path to an alter operation or a view operation on a particular abstract cell or an invoke operation on an internal system function; (3) applying, in response to said alter operation, said view operation, or said invoke operation, a set of model rules to said given integrated flow path to determine whether said given integrated flow path conforms to said penetration-resistant properties, wherein said model rules are based on said interpretation constants; and (4) allowing said alter operation, said view operation, or said invoke operation to proceed if said given integrated flow path was in conformity with said penetration-resistant properties. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification