Systems and methods for creating a code inspection system
DCFirst Claim
Patent Images
1. A code inspection system comprising:
- a code inspection management module that monitors and communicates with a protected system;
a dynamic decoy system that, in cooperation with the code inspection management module, is updated to substantially parallel relevant portions of the protected system;
an actuator module; and
one or more sensor modules, wherein the dynamic decoy system is capable of analyzing at least one of actions and results of one or more portions of code in response to stimuli from the actuator module,wherein the relevant portions of the protected system allow the one or more portions of code to be analyzed in the dynamic decoy system as if the dynamic decoy system were the protected system.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
A code inspection system produces a dynamic decoy machine that closely parallels one or more protected systems. The code inspection system can analyze and monitor one or more protected systems, and as those protected systems are updated, altered or modified, the dynamic decoy machine, in which potentially malicious code is tested, can also be updated. Thus, the dynamic decoy machine can accurately reflect the current state of the one or more protected systems such that the potentially destructive nature, if any, of suspicious code can be evaluated as if it were in the actual environment of the protected system, without jeopardizing the security of the protected system.
65 Citations
27 Claims
-
1. A code inspection system comprising:
-
a code inspection management module that monitors and communicates with a protected system; a dynamic decoy system that, in cooperation with the code inspection management module, is updated to substantially parallel relevant portions of the protected system; an actuator module; and one or more sensor modules, wherein the dynamic decoy system is capable of analyzing at least one of actions and results of one or more portions of code in response to stimuli from the actuator module, wherein the relevant portions of the protected system allow the one or more portions of code to be analyzed in the dynamic decoy system as if the dynamic decoy system were the protected system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A code inspection system comprising:
-
a code inspection management module that monitors and communicates with a protected system; a dynamic decoy system that, in cooperation with the code inspection management module, is updated to substantially parallel relevant portions of the protected system; an actuator module; and one or more sensor modules, wherein the dynamic decoy system is capable of analyzing at least one of actions and results of one or more portions of code in response to stimuli from the actuator module, wherein at least a portion of the protected system is capable of being recovered from the dynamic decoy system.
-
-
8. A code inspection system comprising:
-
a code inspection management module that monitors and communicates with a protected system; a dynamic decoy system that, in cooperation with the code inspection management module, is updated to substantially parallel relevant portions of the protected system; an actuator module; and one or more sensor modules, wherein the dynamic decoy system is capable of analyzing at least one of actions and results of one or more portions of code in response to stimuli from the actuator module, wherein the code inspection system is an interface between the protected system and one or more unprotected systems.
-
-
9. A code inspection system comprising:
-
a code inspection management module that monitors and communicates with a protected system; a dynamic decoy system that, in cooperation with the code inspection management module, is updated to substantially parallel relevant portions of the protected system; an actuator module; and one or more sensor modules, wherein the dynamic decoy system is capable of analyzing at least one of actions and results of one or more portions of code in response to stimuli from the actuator module, wherein the code inspection management module monitors the protected system and updates the dynamic decoy system based on at least one of installed software, installed hardware, operating system upgrades, software upgrades, hardware upgrades, software deletions, hardware deletions and input/output devices.
-
-
10. A method of creating and maintaining a dynamic decoy system based on a protected system comprising:
-
creating a dynamic decoy system that substantially parallels relevant portions of a protected system; updating the dynamic decoy system based on changes to the protected system; receiving one or more portions of code; introducing the one or more portions of code to the dynamic decoy system; simulating operating conditions of the protected system in the dynamic decoy system; and monitoring sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code, wherein the relevant portions of the protected system allow the one or more portions of code to be analyzed in the dynamic decoy system as if the dynamic decoy system were the protected system. - View Dependent Claims (11, 12, 13)
-
-
14. A method of creating and maintaining a dynamic decoy system based on a protected system comprising:
-
creating a dynamic decoy system that substantially parallels relevant portions of a protected system; updating the dynamic decoy system based on changes to the protected system; receiving one or more portions of code; introducing the one or more portions of code to the dynamic decoy system; simulating operating conditions of the protected system in the dynamic decoy system; and
monitoring sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code,wherein the dynamic decoy system is an interface between the protected system and one or more unprotected systems.
-
-
15. A method of creating and maintaining a dynamic decoy system based on a protected system comprising:
-
creating a dynamic decoy system that substantially parallels relevant portions of a protected system; updating the dynamic decoy system based on changes to the protected system; receiving one or more portions of code; introducing the one or more portions of code to the dynamic decoy system; simulating operating conditions of the protected system in the dynamic decoy system; monitoring sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code; and installing one or more sensors in the dynamic decoy system that detect one or more of unauthorized access attempts, unauthorized command execution attempts and unauthorized modifications to one or more portions of the dynamic decoy machine.
-
-
16. A method of creating and maintaining a dynamic decoy system based on a protected system comprising:
-
creating a dynamic decoy system that substantially parallels relevant portions of a protected system; updating the dynamic decoy system based on changes to the protected system; receiving one or more portions of code; introducing the one or more portions of code to the dynamic decoy system; simulating operating conditions of the protected system in the dynamic decoy system; monitoring sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code; and installing an actuator in the dynamic decoy system. - View Dependent Claims (17)
-
-
18. A method of creating and maintaining a dynamic decoy system based on a protected system comprising:
-
creating a dynamic decoy system that substantially parallels relevant portions of a protected system; updating the dynamic decoy system based on changes to the protected system; receiving one or more portions of code; introducing the one or more portions of code to the dynamic decoy system; simulating operating conditions of the protected system in the dynamic decoy system; and monitoring sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code, wherein updating the dynamic decoy system is based on at least one of installed software, installed hardware, operating system upgrades, software upgrades, hardware upgrades, software deletions, hardware deletions and input/output devices.
-
-
19. An information storage media comprising information that creates and maintains a dynamic decoy system based on a protected system comprising:
-
information that creates a dynamic decoy system that substantially parallels relevant portions of a protected system; information that updates the dynamic decoy system based on changes to the protected system; information that receives one or more portions of code; information that introduces the one or more portions of code to the dynamic decoy system; information that simulates operating conditions of the protected system in the dynamic decoy system; and information that monitors sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code, wherein the relevant portions of the protected system allow the one or more portions of code to be analyzed in the dynamic decoy system as if the dynamic decoy system were the protected system. - View Dependent Claims (20, 21, 22)
-
-
23. An information storage media comprising information that creates and maintains a dynamic decoy system based on a protected system comprising:
-
information that creates a dynamic decoy system that substantially parallels relevant portions of a protected system; information that updates the dynamic decoy system based on changes to the protected system; information that receives one or more portions of code; information that introduces the one or more portions of code to the dynamic decoy system; information that simulates operating conditions of the protected system in the dynamic decoy system; and information that monitors sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code, wherein the dynamic decoy system is an interface between the protected system and one or more unprotected systems.
-
-
24. An information storage media comprising information that creates and maintains a dynamic decoy system based on a protected system comprising:
-
information that creates a dynamic decoy system that substantially parallels relevant portions of a protected system; information that updates the dynamic decoy system based on changes to the protected system; information that receives one or more portions of code; information that introduces the one or more portions of code to the dynamic decoy system; information that simulates operating conditions of the protected system in the dynamic decoy system; information that monitors sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code; and information that installs one or more sensors in the dynamic decoy system that detect one or more of unauthorized access attempts, unauthorized command execution attempts and unauthorized modifications to one or more portions of the dynamic decoy machine.
-
-
25. An information storage media comprising information that creates and maintains a dynamic decoy system based on a protected system comprising:
-
information that creates a dynamic decoy system that substantially parallels relevant portions of a protected system; information that updates the dynamic decoy system based on changes to the protected system; information that receives one or more portions of code; information that introduces the one or more portions of code to the dynamic decoy system; information that simulates operating conditions of the protected system in the dynamic decoy system; information that monitors sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code; and information that installs an actuator in the dynamic decoy system. - View Dependent Claims (26)
-
-
27. An information storage media comprising information that creates and maintains a dynamic decoy system based on a protected system comprising:
-
information that creates a dynamic decoy system that substantially parallels relevant portions of a protected system; information that updates the dynamic decoy system based on changes to the protected system; information that receives one or more portions of code; information that introduces the one or more portions of code to the dynamic decoy system; information that simulates operating conditions of the protected system in the dynamic decoy system; and information that monitors sensors in the dynamic decoy system for at least one of actions or results of the one or more portions of code, wherein updating the dynamic decoy system is based on at least one of installed software, installed hardware, operating system upgrades, software upgrades, hardware upgrades, software deletions, hardware deletions and input/output devices.
-
Specification