Methods and apparatus for rating device security and automatically assessing security compliance

US 8,336,080 B2
Filed: 06/26/2009
Issued: 12/18/2012
Est. Priority Date: 06/26/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

at a control server;

storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;

generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device;

using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, using a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects;

evaluating, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects;

creating, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects;

generating, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and

generating, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatic Security Compliance Assessment (ASCA) systems and methods are provided for automatically generating and determining a security rating for a plurality of Settings Objects (SOs), where each of the SOs define particular configurations of subsystems of a wireless computing device. Each SO collectively defines a collection of Values specified for Configurable Attributes that can be used to define a different configuration for a particular subsystem associated with a particular Setting Class that is used to guide the creation of that particular SO. The server can store a group of security rating templates, each of which includes the information needed to determine an expected security rating for any SOs created per a particular Settings Class. For any combination of device settings, the resultant SOs can be used to generate an expected security rating. In addition, a security interaction template (SIT) and security test scripts can be generated that correspond to each particular group of SOs, and can be used to produce an Overall Device Security Rating (ODSR) for that particular group of SOs or a sub-set thereof.

48 Citations

View as Search Results

18 Claims

1. A method, comprising:
- at a control server;
  
  storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;
  
  generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device;
  
  using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, using a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects;
  
  evaluating, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects;
  
  creating, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects;
  
  generating, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and
  
  generating, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein the first wireless computing device comprises:
    - a number of subsystems, wherein each particular subsystem is configurable by applying a Settings Object created in accordance with a particular one of the Settings Classes corresponding to that particular subsystem.
  - 3. A method according to claim 2, wherein each Settings Class defines:
    - a plurality of Configurable Attributes that are used to configure a particular subsystem of the first wireless computing device; and
      
      one or more Options controlling the Values that will be allowed to be entered or are required to be entered by a user for each Configurable Attribute.
  - 4. A method according to claim 3, wherein each Settings Object comprises:
    - a particular combination of Values of Configurable Attributes entered by the user and/or selected by the user from amongst potential Values defined in the Options defined in the Settings Class and used to specify a configuration for configuring a particular subsystem corresponding to a particular Settings Class.
  - 5. A method according to claim 2, wherein the Values specified for each of the plurality of Configurable Attributes in each Settings Object collectively define a different configuration for the particular subsystem associated with a particular Setting Class used to guide the creation of that Settings Object.
  - 6. A method according to claim 5, wherein each Settings Object defines a specific configuration of a particular platform-related or application-related subsystem of the first wireless computing device.
  - 7. A method according to claim 1, further comprising:
    - displaying the expected security rating on a display of the computer to provide the user with feedback regarding security that would result if that particular Settings Object were applied to configure a particular subsystem on the first wireless computing device.
  - 8. A method according to claim 1, further comprising:
    - storing the expected security rating along with a time to indicate when the expected security rating was generated.
  - 9. A method according to claim 1, wherein the security test scripts correspond to the security interaction template and are generated by the security expert to identify the set of security test cases to be run on the device to measure the expected overall security if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device.
  - 10. A method according to claim 1, wherein the first expected ODSR is an aggregate rating that is determined based on the individual security ratings of the particular group of Settings Objects when actually deployed and applied as a group to the first wireless computing device, using the security interaction template and taking into account security impacts of the applied Settings Objects when interacting together, wherein the first expected ODSR reflects the resultant overall device security that a particular combination of the Settings Objects would be expected to provide when the subsystems of the device are configured in accordance with the particular group of Settings Objects.
  - 11. A method according to claim 1, further comprising:
    - displaying the first expected ODSR.
  - 12. A method according to claim 11, further comprising:
    - storing the first expected ODSR along with a time to indicate when the first expected ODSR was generated.

13. A system, comprising:
- a computer;
  
  a server in communication with the computer and being designed to;
  
  store one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;
  
  generate, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device;
  
  use a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, use a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects;
  
  evaluate, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects;
  
  create, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects;
  
  generate, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and
  
  generate, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A system according to claim 13, wherein the first wireless computing device comprises:
    - a number of subsystems, wherein each particular subsystem is configurable by applying a Settings Object created in accordance with a particular one of the Settings Classes corresponding to that particular subsystem.
  - 15. A system according to claim 14, wherein each Settings Class defines a plurality of Configurable Attributes that are used to configure a particular subsystem of the first wireless computing device;
    - and one or more Options controlling the Values that will be allowed to be entered or are required to be entered by a user for each Configurable Attribute.
  - 16. A system according to claim 15, wherein each Settings Object comprises:
    - a particular combination of Values of Configurable Attributes entered by the user or selected by the user from amongst potential Values defined in the Options defined in the Settings Class and used to specify a configuration for configuring a particular subsystem corresponding to a particular Settings Class.
  - 17. A system according to claim 14, wherein the Values specified for each of the plurality of Configurable Attributes in each Settings Object collectively define a different configuration for the particular subsystem associated with a particular Setting Class used to guide the creation of that Settings Object.
  - 18. A system according to claim 17, wherein each Settings Object defines a specific configuration of a particular platform-related or application-related subsystem of the first wireless computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symbol Technologies, LLC (Zebra Technologies Corporation)
Original Assignee
Symbol Technologies, Inc. (Zebra Technologies Corporation)
Inventors
Herrod, Allan
Primary Examiner(s)
SHAW, YIN CHEN

Application Number

US12/492,877
Publication Number

US 20100333166A1
Time in Patent Office

1,271 Days
Field of Search

726 1- 2, 713166-167, 455/3.01, 709/220, 709224-225
US Class Current

726/1
CPC Class Codes

H04L 41/0813   characterised by the condit...

H04L 41/0843   based on generic templates

H04L 41/28   Restricting access to netwo...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04W 12/00   Security arrangements; Auth...

H04W 12/37   Managing security policies ...

Methods and apparatus for rating device security and automatically assessing security compliance

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for rating device security and automatically assessing security compliance

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others