Pre-emptive pre-indexing of sensitive and vulnerable assets

US 8,800,043 B2
Filed: 05/19/2008
Issued: 08/05/2014
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A system for restricting distribution of an item of content at a data center, the item indicative of a software vulnerability associated with a version of a software component, the system comprising:

a) a local indexing component configured to perform actions including creating a search index of the content at the data center by retrieving and employing an identification of content as a seed to retrieve a set of documents, the content including the item of content and other content;

b) a manager component configured to perform actions including;

i) identifying a document corresponding to the version of the software component; and

ii) enabling a mechanism that performs a security action on the identified document;

wherein identifying the document comprises;

i) receiving one or more search specifications corresponding to the version of the software component; and

ii) employing the search index and the one or more search specifications to identify the document corresponding to the version of the software component, wherein the document that is identified by the one or more search specifications is created or modified by the version of the software component associated with the vulnerability; and

c) one or more processors that execute computer instructions to implement the manager component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for identifying sensitive content or indications of vulnerabilities is provided. A local search engine may index content at a data center. Specifications of sensitive data or fingerprints of vulnerabilities may be received from various internal or external sources. Targeted data may include vulnerable software, confidential content, dynamic or static web pages, or application data. Based on searches for targeted data, one or more components may be notified, enabling one or more security actions, including restricting publication of the targeted data.

24 Citations

View as Search Results

19 Claims

1. A system for restricting distribution of an item of content at a data center, the item indicative of a software vulnerability associated with a version of a software component, the system comprising:
- a) a local indexing component configured to perform actions including creating a search index of the content at the data center by retrieving and employing an identification of content as a seed to retrieve a set of documents, the content including the item of content and other content;
  
  b) a manager component configured to perform actions including;
  
  i) identifying a document corresponding to the version of the software component; and
  
  ii) enabling a mechanism that performs a security action on the identified document;
  
  wherein identifying the document comprises;
  
  i) receiving one or more search specifications corresponding to the version of the software component; and
  
  ii) employing the search index and the one or more search specifications to identify the document corresponding to the version of the software component, wherein the document that is identified by the one or more search specifications is created or modified by the version of the software component associated with the vulnerability; and
  
  c) one or more processors that execute computer instructions to implement the manager component.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, the one or more search specifications including a fingerprint of the vulnerability and wherein employing the search index and the one or more search specifications to identify the document includes performing a search to identify the document the fingerprint including one or more strings that indicate the version of the software component that created or modified the document.
  - 3. The system of claim 1, wherein the one or more search specifications comprises a specification of a location in a document where an expression may exist, the specification of the location and the expression being indicative of the version of the software component that created or modified the document.
  - 4. The system of claim 1, wherein receiving the one or more search specifications comprises receiving at least one search specification of a fingerprint of a vulnerability from an external source.
  - 5. The system of claim 1, the security action comprising preventing an external crawler from retrieving the item of content corresponding to the version of the software component.
  - 6. The system of claim 1, wherein the one or more search specifications comprises at least one fingerprint associated with the document indicative of a software version in use at the data center.

7. A computer-implemented method for restricting targeted content at a data center, comprising:
- a) creating a search index of content at the data center by retrieving and employing a seed specification to retrieve an initial set of documents or pages which are used to find other specifications;
  
  b) retrieving a plurality of specifications of the targeted content, each specification corresponding to at least one software component vulnerability, wherein the targeted content is created or modified by a version of a software component associated with the software component vulnerability and is indicative of the version of the software component;
  
  c) identifying the targeted content by employing the plurality of specifications to search the search index for the targeted content; and
  
  d) selectively preventing an external crawler from retrieving at least a portion of the identified targeted content based on a result of the search of the search index.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein creating the search index of content at the data center comprises:
    - a) retrieving application content from an application server;
      
      b) performing actions to create dynamic documents at a web server and retrieve the dynamic documents from the web server; and
      
      c) including data representative of the application content and the dynamic documents in the index.
  - 9. The method of claim 7, further comprising publishing the content at the data center to at least one external client prior to retrieving the plurality of specifications and searching the index of content for the targeted content.
  - 10. The method of claim 7, wherein each of the specifications of the targeted content comprises a string or a regular expression, searching the search index comprising retrieving a list of matching results based on each string or regular expression.
  - 11. The method of claim 7, further comprising dynamically creating a document by combining a template having one or more fields with data extracted for each field of the template, wherein creating a search index of content at the data center comprises including the extracted data in the search index, and wherein identifying the targeted content includes identifying the document as targeted content based on the one or more fields.
  - 12. The method of claim 7, further comprising selectively enabling an external crawler to retrieve a dynamic document of the content based on a software version that created or modified the dynamic document.

13. A system for distributing content of a data center, comprising:
- a) an indexing component configured to perform actions including retrieving and employing an identification of content as a seed to retrieve at least portions of the content at the data center and create a search index of the content at the data center;
  
  b) a search component comprising computer program instructions executable by a processor and configured to perform actions including identifying targeted content corresponding to a version of a software component having a vulnerability by receiving one or more search specifications corresponding to the version of the software component and performing searches, the searches employing the search index of the content, wherein the targeted content was created or modified by the version of the software component;
  
  c) a publishing component configured to perform actions including publishing a proper subset of the content at the data center, publishing the proper subset of the content comprising, in response to identifying the targeted content, preventing an external crawler from retrieving the targeted content; and
  
  d) one or more processors that execute computer instructions to implement the search component.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, further comprising an API that enables a local client to search the search index of content for a content item.
  - 15. The system of claim 13, the search component comprising a search specification repository configured to perform actions including storing search specifications corresponding to at least one fingerprint of at least one software vulnerability and search specifications corresponding to confidential content.
  - 16. The system of claim 13, the publishing component configured to perform actions including restricting external distribution of content that has previously been published based on the identification of the targeted content.
  - 17. The system of claim 13, the search component configured to perform actions including receiving fingerprints of publicly known software vulnerabilities, receiving fingerprints of zero-day vulnerabilities, and receiving specifications of confidential content.
  - 18. The system of claim 13, the search component configured to perform actions including searching for documents based on a specification of software that produced or modified the documents.
  - 19. The system of claim 13, further comprising an interface that enables a local client to retrieve the targeted content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Khachaturov, Vassilii
Primary Examiner(s)
Perungavoor, Venkat
Assistant Examiner(s)
Mehrmanesh, Amir

Application Number

US12/122,734
Publication Number

US 20090288141A1
Time in Patent Office

2,269 Days
Field of Search

726/3, 726/4, 726/7, 726/13, 726/16, 726 22- 25, 705/39, 705/51, 707/5, 707/707, 707/741
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Pre-emptive pre-indexing of sensitive and vulnerable assets

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Pre-emptive pre-indexing of sensitive and vulnerable assets

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others