Rapid application security threat analysis

US 7,243,374 B2
Filed: 08/08/2001
Issued: 07/10/2007
Est. Priority Date: 08/08/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for a computer-program module to provide application security threat-modeling, the method comprising:

responsive to a first user input, selecting a set of model components to represent respective elements of an application;

providing class definitions for the model components, each class definition specifying a set of security threats associated with the model component;

responsive to a second user input, interconnecting at least a subset of the model components to form a logical model of the application;

responsive to a third user input, selecting a particular component of the subset;

automatically analyzing the at least a subset of the model components to identify model components of the subset having a security threat associated with a similar security threat category as one of the security threats associated with the particular component; and

changing a manner in which the components are displayed to a user in response to the selection of the particular component and the analysis.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The following subject matter provides for modeling an application'"'"'s potential security threats at a logical component level early in the design phase of the application. Specifically, in a computer system, multiple model components are defined to represent respective logical elements of the application. Each model component includes a corresponding set of security threats that could potentially be of import not only to the component but also to the application as a whole in its physical implementation. The model components are interconnected to form a logical model of the application. One or more potential security threats are then analyzed in terms of the model components in the logical model.

Citations

41 Claims

1. A computer-implemented method for a computer-program module to provide application security threat-modeling, the method comprising:
- responsive to a first user input, selecting a set of model components to represent respective elements of an application;
  
  providing class definitions for the model components, each class definition specifying a set of security threats associated with the model component;
  
  responsive to a second user input, interconnecting at least a subset of the model components to form a logical model of the application;
  
  responsive to a third user input, selecting a particular component of the subset;
  
  automatically analyzing the at least a subset of the model components to identify model components of the subset having a security threat associated with a similar security threat category as one of the security threats associated with the particular component; and
  
  changing a manner in which the components are displayed to a user in response to the selection of the particular component and the analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 36, 37)
- - 2. The method of claim 1, wherein the model components comprise a module, a port, a store, or a wire.
  - 3. The method of claim 1, wherein the security threats comprise at least one subset of authentication, authorization, auditing, privacy, integrity, availability, and non-repudiation.
  - 4. The method of claim 1, wherein providing the class definitions further comprises determining the security threats based on functionality of the component with respect to the application.
  - 5. The method of claim 1, wherein the security threats associated with the particular component are potential security threats.
  - 6. The method of claim 1, wherein at least one of the security threats associated with the particular component is a countered security threat.
  - 7. The method of claim 1, wherein analyzing further comprises providing for selection of a particular threat to indicate that the particular threat requires a threat mitigating implementation in the particular component.
  - 8. The method of claim 7, wherein providing for selection of the particular threat further comprises identifying a priority of the threat mitigating implementation.
  - 9. The method of claim 7, wherein providing for selection of the particular threat further comprises identifying a desired level of strength of technology with which to mitigate the particular threat.
  - 10. The method of claim 7, wherein providing for selection of the particular threat further comprises presenting information associated with a particular technology with which to mitigate the one or more security threats in a physical implementation of the application.
  - 36. The method of claim 6, further comprising:
    - determining that the countered security threat neutralizes one of the security threats associated with a model component other than the particular component; and
      
      revising the set of potential security threats associated with at least one of model components other than the particular component by removing the neutralized security threat from the set.
  - 37. The method of claim 36, further comprising automatically generating computer code configured to prevent the countered security threat.

11. A computer-readable medium comprising computer-executable instructions for providing application security threat-modeling, the computer-executable instructions comprising instructions for:
- defining a plurality of model components to represent respective elements of an application, each model component specifying a set of security threats associated with the component, the model components being defined with class definitions in a component schema, and the model components being selected in response to a first user input;
  
  interconnecting, responsive to a second user input, at least a subset of the model components to form a logical model of the application;
  
  selecting, responsive to a third user input, a particular component of the subset;
  
  analyzing the at least a subset and respective interconnections to identify model components of the subset having a security threat associated with a similar threat category as one of the security threats associated with the particular component; and
  
  changing a manner in which the components are displayed to a user in response to the selection of the particular component and the analysis.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 38, 39)
- - 12. The computer-readable medium of claim 11, wherein the model components comprise a module, a port, a store, or a wire.
  - 13. The computer-readable medium of claim 11, wherein the security threats comprise at least one subset of authentication, authorization, auditing, privacy, integrity, availability, and non-repudiation.
  - 14. The computer-readable medium of claim 11, wherein the security threats are potential security threats and wherein the computer-executable instructions for defining the model components further comprise instructions for determining the potential security threats for a component of the model components based on functionality of the component in the application.
  - 15. The computer-readable medium of claim 11, wherein the security threats associated with the particular component are potential security threats.
  - 16. The computer-readable medium of claim 11, wherein at least one of the security threats associated with the particular component is a countered security threat.
  - 17. The computer-readable medium of claim 11, wherein the computer-executable instructions for analyzing further comprise instructions for providing for selection of a particular threat to indicate that the particular threat requires a threat mitigating implementation in the particular component.
  - 18. The computer-readable medium of claim 17, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for identifying a priority that corresponds to the threat mitigating implementation.
  - 19. The computer-readable medium of claim 17, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for identifying a desired level of strength of technology with which to mitigate the particular threat.
  - 20. The computer-readable medium of claim 17, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for presenting information associated with a particular technology with which to mitigate the one or more security threats in a physical implementation of the application.
  - 38. The method of claim 16, further comprising instructions for:
    - determining that the countered security threat neutralizes one of the security threats associated with a model component other than the particular component; and
      
      revising the set of security threats associated with at least one of model components other than the particular component by removing the neutralized security threat from the set.
  - 39. The method of claim 38, further comprising instructions for automatically generating computer code configured to prevent the countered security threat.

21. A device comprising:
- a memory comprising computer-executable instructions for providing application security threat-modeling;
  
  a processor that is operatively coupled to the memory, the processor being configured to fetch and execute the computer-executable instructions from the memory, the computer-executable instructions comprising instructions for;
  
  providing class definitions defining attributes of model components representing respective elements of an application, at least one attribute of the attributes associated with a model component specifying a set of security threats applicable to the model component, the model components being selected in response to a first user input;
  
  presenting symbols associated with at least a subset of the model components on a display;
  
  interconnecting respective ones of the at least a subset to form a logical model of the application;
  
  responsive to a second user input, selecting a particular component of the subset;
  
  analyzing the at least a subset of the model components to identify model components of the subset having a security threat associated with a similar security threat category as one of the security threats associated with the particular component; and
  
  changing a manner in which the components are displayed to a user in response to the selection of the particular component and the analysis.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 40, 41)
- - 22. The device of claim 21, wherein the model components comprise a module, a port, a store, or a wire.
  - 23. The device of claim 21, wherein the security threats comprise at least one subset of authentication, authorization, auditing, privacy, integrity, availability, and non-repudiation.
  - 24. The device of claim 21, wherein the computer-executable instructions for providing further comprise instructions for determining the security threats for a component of the model components based on functionality of the component in the application.
  - 25. The device of claim 21, wherein the security threats associated with the particular component are potential security threats.
  - 26. The device of claim 21, wherein at least one security threats associated with the particular component is a countered security threat.
  - 27. The device of claim 21, wherein the instructions for analyzing further comprise instructions for providing for selection of a particular threat to indicate that the particular threat requires a threat mitigating implementation in the particular component, the particular threat corresponding to the particular component.
  - 28. The device of claim 27, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for identifying a priority that corresponds to the threat mitigating implementation.
  - 29. The device of claim 27, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for identifying a desired level of strength of technology with which to mitigate the particular threat.
  - 30. The device of claim 27, wherein the computer-executable instructions for providing for selection of the particular threat further comprise instructions for presenting information associated with a particular technology with which to miff gate the one or more security threats in a physical implementation of the application.
  - 40. The method of claim 26, wherein the computer-executable instructions further comprise instructions for:
    - determining that the countered security threat neutralizes one of the security threats associated with a model component other than the particular component; and
      
      revising the set of security threats associated with at least one of model components other than the particular component by removing the neutralized security threat from the set.
  - 41. The method of claim 40, wherein the computer-executable instructions further comprise instructions for automatically generating computer code configured to prevent the countered security threat.

31. A computing device comprising:
- processing means for presenting a user interface for application security threat-modeling, the processing means comprising;
  
  means for displaying and interconnecting a plurality of model components to design a logical model of an application, at least a subset of the model components comprising a corresponding set of security threat characteristics defined in a schema of class definitions for the model components;
  
  means for specifying a component of the model components in the logical model;
  
  means for analyzing the at least a subset of the model components to identify model components of the subset having a security threat associated with a similar security threat category as one of the security threats associated with the specified component;
  
  means for changing a manner in which the components are displayed in response to the specification of the particular component; and
  
  means for selecting a particular solution to mitigate the security threats in the logical model.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The computing device of claim 31, wherein the corresponding security threat characteristics comprise at least one subset of authentication, authorization, auditing, privacy, integrity, availability, and non-repudiation.
  - 33. The computing device of claim 31, wherein the processing means further comprise means for selecting a priority that corresponds to the potential security threats.
  - 34. The computing device of claim 31, wherein the means for selecting further comprise means for specifying a desired level of strength of technology with which to mitigate the security threats.
  - 35. The computing device of claim 31, wherein the processing means further comprise means for selecting a particular technology with which to mitigate the potential security threats in a physical implementation of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garg, Praerit, Howard, Michael, Kohnfelder, Loren M.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
Teslovich; Tamara

Application Number

US09/927,427
Publication Number

US 20030033516A1
Time in Patent Office

2,162 Days
Field of Search

713/152, 713/200
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Rapid application security threat analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Rapid application security threat analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links