Expert system for detecting software security threats

US 8,813,235 B2
Filed: 08/10/2012
Issued: 08/19/2014
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:

receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system;

converting a potential vulnerability on the list of potential vulnerabilities into a set of facts;

verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts;

executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied;

incorporating the modified set of facts into a refined list of vulnerabilities; and

transmitting the refined list of vulnerabilities to the vulnerability risk management module.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An instance of a vulnerability risk management (VRM) module and a vulnerability management expert decision system (VMEDS) module are instantiated in a cloud. The VMEDS module imports scan results from a VRM vulnerability database and saves them as vulnerabilities to be reviewed in a VMEDS database. The VMEDS module converts vulnerabilities into facts. The VMEDS module builds a rule set in the knowledge base to verify whether certain vulnerabilities are false positives. Rules related to a vulnerability are received in plain English from a web-based front-end application. The VMEDS module tests each rule against all of the facts using the Rete algorithm. The VMEDS module executes the action associated with the rule derived from the Rete algorithm. The VMEDS module stores the results associated with the executing of the action in the VMEDS database and forwards the results to the VRM module.

44 Citations

View as Search Results

20 Claims

1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:
- receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system;
  
  converting a potential vulnerability on the list of potential vulnerabilities into a set of facts;
  
  verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts;
  
  executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied;
  
  incorporating the modified set of facts into a refined list of vulnerabilities; and
  
  transmitting the refined list of vulnerabilities to the vulnerability risk management module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein testing the set of rules against the set of facts comprises applying a Rete algorithm to activate one or more actions associated with the set of rules.
  - 3. The method of claim 2, further comprising selecting the action to be executed from a plurality of actions activated by the application of the Rete algorithm.
  - 4. The method of claim 3, further comprising imposing an ordering execution of the plurality of activated actions using a conflict resolution strategy.
  - 5. The method of claim 4, wherein imposing the ordering of execution of the plurality of activated actions using the conflict resolution strategy comprises:
    - (a) placing a newly activated rule and associated activated actions above a rule of lower salience and below a rule of higher salience; and
      
      (b) applying the conflict resolution strategy to determine a placement of activated rules of equal salience.
  - 6. The method of claim 5, further comprising:
    - (c) if steps (a) and (b) cannot specify ordering, arbitrarily ordering activated rules.
  - 7. The method of claim 4, wherein the conflict resolution strategy is one of depth, breadth, simplicity, complexity, lex, mea, or random.
  - 8. The method of claim 1, wherein the refined list of vulnerabilities is substantially free of extraneous information.
  - 9. The method of claim 1, wherein the set of rules is based on a received type of vulnerability.

10. A system for vulnerability risk management of an enterprise computer system, comprising:
- a processor interfacing with a memory, the processor being programmable to;
  
  receive a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system;
  
  convert a potential vulnerability on the list of potential vulnerabilities into a set of facts;
  
  verify that the potential vulnerability is not a false positive by testing a rule against the set of facts;
  
  execute an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied;
  
  incorporate the modified set of facts into a refined list of vulnerabilities; and
  
  transmit the refined list of vulnerabilities to the vulnerability risk management module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein testing the set of rules against the set of facts comprises applying a Rete algorithm to activate a plurality of actions associated with the set of rules.
  - 12. The system of claim 11, further comprising selecting an action to be executed from a plurality of actions activated by the application of the Rete algorithm.
  - 13. The system of claim 12, further comprising imposing an ordering of execution of the plurality of activated actions using a conflict resolution strategy.
  - 14. The system of claim 13, wherein imposing the ordering of execution of the plurality of activated actions using the conflict resolution strategy comprises:
    - (a) placing a newly activated rule and associated activated actions above a rule of lower salience and below a rule of higher salience; and
      
      (b) applying the conflict resolution strategy to determine a placement of activated rules of equal salience.
  - 15. The system of claim 14, further comprising:
    - (c) if steps (a) and (b) cannot specify ordering, arbitrarily ordering activated rules.
  - 16. The system of claim 13, wherein the conflict resolution strategy is one of depth, breadth, simplicity, complexity, lex, mea, or random.
  - 17. The system of claim 10, wherein the refined list of vulnerabilities is substantially free of at least one of extraneous information.
  - 18. The system of claim 10, wherein the set of rules is based on a received type of vulnerability.

19. A non-transitory computer-readable storage medium including instructions that, when accessed by a processing system, cause the processing system to perform a method for vulnerability risk management of an enterprise computer system, comprising the steps of:
- receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system;
  
  converting a potential vulnerability on the list of potential vulnerabilities into a set of facts;
  
  verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts;
  
  executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied;
  
  incorporating the modified set of facts into a refined list of vulnerabilities; and
  
  transmitting the refined list of vulnerabilities to the vulnerability risk management module.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable storage medium of claim 19, wherein testing the set of rules against the set of facts comprises applying a Rete algorithm to activate a plurality of actions associated with the set of rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NopSec, Inc.
Original Assignee
NopSec, Inc.
Inventors
Sidagni, Michelangelo
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US13/571,505
Publication Number

US 20140047545A1
Time in Patent Office

739 Days
Field of Search

726/25, 713189-194
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Expert system for detecting software security threats

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Expert system for detecting software security threats

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links