Methods and apparatus for rating device security and automatically assessing security compliance
First Claim
1. A method, comprising:
- at a control server;
storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;
generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device;
using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, using a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects;
evaluating, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects;
creating, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects;
generating, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and
generating, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device.
4 Assignments
0 Petitions
Accused Products
Abstract
Automatic Security Compliance Assessment (ASCA) systems and methods are provided for automatically generating and determining a security rating for a plurality of Settings Objects (SOs), where each of the SOs define particular configurations of subsystems of a wireless computing device. Each SO collectively defines a collection of Values specified for Configurable Attributes that can be used to define a different configuration for a particular subsystem associated with a particular Setting Class that is used to guide the creation of that particular SO. The server can store a group of security rating templates, each of which includes the information needed to determine an expected security rating for any SOs created per a particular Settings Class. For any combination of device settings, the resultant SOs can be used to generate an expected security rating. In addition, a security interaction template (SIT) and security test scripts can be generated that correspond to each particular group of SOs, and can be used to produce an Overall Device Security Rating (ODSR) for that particular group of SOs or a sub-set thereof.
48 Citations
18 Claims
-
1. A method, comprising:
-
at a control server; storing one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class; generating, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device; using a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, using a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects; evaluating, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects; creating, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects; generating, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and generating, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
a computer; a server in communication with the computer and being designed to;
store one security rating template for each particular Settings Class of a plurality of different Settings Classes for a first wireless computing device, wherein each security rating template comprises information specified by a security expert for determining an expected security rating for any Settings Objects created in accordance with a particular Settings Class;generate, based on Values input by a user for a plurality of Configurable Attributes, a first Settings Object for a first particular Settings Class, wherein the first Settings Object defines a particular configuration of a first subsystem of the first wireless computing device, and a plurality of other Settings Objects for Settings Classes of the plurality of different Settings Classes, wherein each of the other Settings Objects correspond to one of the Settings Classes and define particular configurations of subsystems of the first wireless computing device; use a particular security rating template corresponding to the first particular Settings Class to generate a first expected security rating corresponding to the first Settings Object, and for each of the other Settings Objects, use a particular security rating template corresponding to a particular Settings Class to generate expected security ratings corresponding to each of the other Settings Objects; evaluate, by a security expert, a particular group of Settings Objects generated by the user for the first wireless computing device and the corresponding Security Rating Templates for each one of the particular group of Settings Objects, to determine the security inter-relationships between the configurations of subsystems defined by the Settings Objects in the particular group of Settings Objects; create, based on the evaluation of the security expert, a security interaction template (SIT) and security test scripts that correspond to the particular group of Settings Objects, wherein the SIT describes how to produce a first expected overall device security rating (ODSR) for the particular group of Settings Objects; generate, based on the security interaction template and security rating templates, a first expected ODSR that represents an aggregate security expected of the first wireless computing device if the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device, taking into account individual security ratings of the Settings Objects applied and interactions between the Settings Objects applied; and
generate, based on the security test scripts, a set of overall security test cases that are to be run on subsystems of the first wireless computing device to measure an actual aggregate security of the first wireless computing device under conditions when the particular group of Settings Objects are actually deployed and applied as a group to the first wireless computing device. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification