Assessment and analysis of software security flaws in virtual machines
First Claim
Patent Images
1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:
- receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information;
loading the image file into a computer memory;
executing the loaded image file to implement the virtual machine on a processor; and
analyzing the executing image file to obtain a listing of potential vulnerabilities, the analysis comprising;
extracting files of the virtual machine from the image file;
identifying at least one installed application within the virtual machine;
identifying and separating one or more files related to the installed application;
building a control flow model of at least one of the separated files;
building a data flow model of at least one of the separated files;
detecting one or more potential vulnerabilities of each separated file by scanning one or more of the models and using a vulnerability database; and
combining the detected potential vulnerabilities with the listing of potential vulnerabilities.
4 Assignments
0 Petitions
Accused Products
Abstract
Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.
-
Citations
16 Claims
-
1. A computer-implemented method of identifying vulnerabilities of a collection of software programs compiled into a virtual machine image, the method comprising the steps of:
-
receiving an image file representing a computer system as a virtual machine, wherein the image file comprises at least one of operating system information, an application, an application server, application data, and configuration information; loading the image file into a computer memory; executing the loaded image file to implement the virtual machine on a processor; and analyzing the executing image file to obtain a listing of potential vulnerabilities, the analysis comprising; extracting files of the virtual machine from the image file; identifying at least one installed application within the virtual machine; identifying and separating one or more files related to the installed application; building a control flow model of at least one of the separated files; building a data flow model of at least one of the separated files; detecting one or more potential vulnerabilities of each separated file by scanning one or more of the models and using a vulnerability database; and combining the detected potential vulnerabilities with the listing of potential vulnerabilities. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification