Security vulnerability information aggregation

US 8,544,098 B2
Filed: 03/02/2006
Issued: 09/24/2013
Est. Priority Date: 09/22/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus comprising:

an interface to receive from a plurality of sources vulnerability definition information that defines a plurality of security vulnerabilities;

a policies store to store one or more aggregation policies, the one or more aggregation policies specifying respective sets of distribution parameters for one or more vulnerability definition information consumers;

one or more output interfaces to enable transmission of vulnerability definitions to respective groups of the one or more vulnerability definition information consumers;

an aggregator, operatively coupled to the interface, to the policies store, and to the one or more output interfaces, to receive the vulnerability definition information through the interface, to aggregate the vulnerability definition information that defines one or more security vulnerabilities into a respective unified vulnerability description for each of the one or more security vulnerabilities in accordance with the aggregation policy of a vulnerability definition information consumer in the policies store, and to distribute the respective unified vulnerability description for each of the one or more security vulnerabilities to the vulnerability definition information consumer through an output interface of the one or more output interfaces,wherein the vulnerability definition information received from each source comprises respective source content arranged according to a respective source format, and wherein the aggregator comprises;

a plurality of format adapters operatively coupled to the interface, the plurality of format adapters comprising respective format adapters configured to convert a format of vulnerability definition information that defines the one or more respective security vulnerabilities and is received from a respective source into a format of the one or more respective unified vulnerability descriptions; and

a content aggregator operatively coupled to the plurality of format adapters and configured to determine portions of the one or more respective unified vulnerability descriptions based on corresponding portions of source content in the converted vulnerability definition information received from the plurality of sources and converted by the plurality of format adapters.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.

93 Citations

View as Search Results

15 Claims

1. An apparatus comprising:
- an interface to receive from a plurality of sources vulnerability definition information that defines a plurality of security vulnerabilities;
  
  a policies store to store one or more aggregation policies, the one or more aggregation policies specifying respective sets of distribution parameters for one or more vulnerability definition information consumers;
  
  one or more output interfaces to enable transmission of vulnerability definitions to respective groups of the one or more vulnerability definition information consumers;
  
  an aggregator, operatively coupled to the interface, to the policies store, and to the one or more output interfaces, to receive the vulnerability definition information through the interface, to aggregate the vulnerability definition information that defines one or more security vulnerabilities into a respective unified vulnerability description for each of the one or more security vulnerabilities in accordance with the aggregation policy of a vulnerability definition information consumer in the policies store, and to distribute the respective unified vulnerability description for each of the one or more security vulnerabilities to the vulnerability definition information consumer through an output interface of the one or more output interfaces,wherein the vulnerability definition information received from each source comprises respective source content arranged according to a respective source format, and wherein the aggregator comprises;
  
  a plurality of format adapters operatively coupled to the interface, the plurality of format adapters comprising respective format adapters configured to convert a format of vulnerability definition information that defines the one or more respective security vulnerabilities and is received from a respective source into a format of the one or more respective unified vulnerability descriptions; and
  
  a content aggregator operatively coupled to the plurality of format adapters and configured to determine portions of the one or more respective unified vulnerability descriptions based on corresponding portions of source content in the converted vulnerability definition information received from the plurality of sources and converted by the plurality of format adapters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein the interface comprises a plurality of interfaces, each interface of the plurality of interfaces being configured to receive vulnerability definition information from a respective group of one or more sources.
  - 3. The apparatus of claim 1, wherein the aggregator comprises a plurality of format adapters operatively coupled to the interface, the plurality of format adapters comprising respective format adapters configured to convert a format of the vulnerability definition information that defines the one or more respective security vulnerabilities and is received from a respective source into a format of the one or more respective unified vulnerability descriptions.
  - 4. The apparatus of claim 3, wherein the aggregator further comprises a content aggregator operatively coupled to the plurality of format adapters and configured to determine portions of the one or more respective unified vulnerability descriptions based on corresponding portions of the vulnerability definition information received from the plurality of sources and converted by the plurality of format adapters.
  - 5. The apparatus of claim 4, wherein the content aggregator is further configured to detect a conflict where vulnerability definition information that is received from one source of the plurality of sources conflicts with vulnerability definition information that is received from a different source of the plurality of sources, and wherein the aggregator further comprises at least one of:
    - a conflict resolution module operatively coupled to the content aggregator and configured to resolve a conflict detected by the content aggregator; and
      
      a conflict alert module operatively coupled to the content aggregator and configured to allow a user to resolve a conflict detected by the content aggregator.
  - 6. The apparatus of claim 4, wherein the content aggregator is further configured to detect a conflict where vulnerability definition information that is received from one source of the plurality of sources conflicts with vulnerability definition information that is received from a different source of the plurality of sources, and wherein the aggregator further comprises:
    - a conflict rules store to store a set of conflict rules; and
      
      a conflict resolution module, operatively coupled to the content aggregator and to the conflict rules store, configured to resolve, based on the set of conflict rules stored in the conflict rules store, a conflict detected by the content aggregator.
  - 7. The apparatus of claim 1, further comprising:
    - a user interface, operatively coupled to the aggregator, for providing a representation of the respective unified vulnerability description.
  - 8. The apparatus of claim 1, further comprising:
    - a vulnerability definition information store, operatively coupled to the interface and to the aggregator, for storing the vulnerability definition information that defines the plurality of security vulnerabilities,wherein the aggregator is further configured to, responsive to a change in an aggregation policy in the policies store, retrieve from the vulnerability definition information store vulnerability definition information that defines one or more respective security vulnerabilities in accordance with the changed aggregation policy, aggregate the retrieved vulnerability definition information into one or more respective unified vulnerability descriptions, and distribute the one or more respective unified vulnerability descriptions through an output interface of the one or more output interfaces to a vulnerability definition information consumer for which the changed aggregation policy specifies distribution parameters.

9. A method comprising:
- obtaining, by an aggregator, from a plurality of sources vulnerability definition information that defines a plurality of security vulnerabilities;
  
  aggregating, by the aggregator, the vulnerability definition information that defines one or more security vulnerabilities into a respective unified vulnerability description for each of the one or more security vulnerabilities in accordance with an aggregation policy that specifies a set of distribution parameters for a vulnerability definition information consumer; and
  
  distributing, by the aggregator, the respective unified vulnerability description for each of the one or more security vulnerabilities to the vulnerability definition information consumer,wherein the vulnerability definition information obtained from each source comprises respective source content arranged according to a respective source format, wherein the method further comprises;
  
  converting the vulnerability definition information associated with the one or more respective security vulnerabilities from each source format into a format of the one or more respective unified vulnerability descriptions,wherein aggregating comprises determining portions of the one or more respective unified vulnerability descriptions based on corresponding portions of source content in the converted vulnerability definition information obtained from the plurality of sources.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein aggregating comprises converting, in respective format adapters, formats of the vulnerability definition information that is received from different sources of the plurality of sources and defines the one or more respective security vulnerabilities into a format of the one or more respective unified vulnerability descriptions.
  - 11. The method of claim 10, wherein aggregating comprises determining portions of the one or more respective unified vulnerability descriptions based on portions of the vulnerability definition information received from the plurality of sources and converted by the format adapters.
  - 12. The method of claim 9, wherein aggregating comprises:
    - detecting a conflict where vulnerability definition information that is received from one source of the plurality of sources conflicts with vulnerability definition information that is received from a different source of the plurality of sources; and
      
      resolving a detected conflict in accordance with at least one of;
      
      a set of one or more conflict rules, and a user input.
  - 13. The method of claim 9, further comprising:
    - providing a representation of the respective unified vulnerability description.
  - 14. The method of claim 9, wherein obtaining comprises at least one of:
    - requesting vulnerability definition information; and
      
      receiving vulnerability definition information.

15. A non-transitory machine-readable medium storing instructions which when executed perform a method comprising:
- obtaining from a plurality of sources vulnerability definition information that defines a plurality of security vulnerabilities;
  
  aggregating the vulnerability definition information that defines one or more security vulnerabilities into a respective unified vulnerability description for each of the one or more security vulnerabilities in accordance with an aggregation policy that specifies a set of distribution parameters for a vulnerability definition information consumer; and
  
  distributing the respective unified vulnerability description for each of the one or more security vulnerabilities to the vulnerability definition information consumer,wherein the vulnerability definition information obtained from each source comprises respective source content arranged according to a respective source format, wherein the method further comprises;
  
  converting the vulnerability definition information associated with the one or more respective security vulnerabilities from each source format into a format of the one or more respective unified vulnerability descriptions,wherein aggregating comprises determining portions of the one or more respective unified vulnerability descriptions based on corresponding portions of source content in the converted vulnerability definition information obtained from the plurality of sources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Gustave, Christophe, Chow, Stanley TaiHai, Wiemer, Douglas
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tabor, Amare F

Application Number

US11/366,319
Publication Number

US 20070067848A1
Time in Patent Office

2,763 Days
Field of Search

726 22- 25, 726/1, 713/188
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Security vulnerability information aggregation

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security vulnerability information aggregation

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links