Method and apparatus for mitigating software vulnerabilities

US 9,064,134 B1
Filed: 12/06/2010
Issued: 06/23/2015
Est. Priority Date: 12/06/2010
Status: Active Grant

First Claim

Patent Images

1. A computerized method for mitigating software vulnerabilities in components of a software application, comprising:

receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;

components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;

wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation;

in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component;

replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and

installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for mitigating software vulnerabilities is disclosed. In some embodiments, information associated with software application installation is processed. The information comprises mappings between each component and a currently installed component version. In response to information identifying at least one compromised component version for at least one software application, an alternate component version for each compromised component version is selected and used to install the at least one software application.

12 Citations

View as Search Results

25 Claims

1. A computerized method for mitigating software vulnerabilities in components of a software application, comprising:
- receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;
  
  components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;
  
  wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation;
  
  in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component;
  
  replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and
  
  installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein selecting the alternate component version further comprises processing instructions for installing the at least one software application.
  - 3. The method of claim 2, wherein the processing instructions identifies the corresponding alternate component versions.
  - 4. The method of claim 1, wherein the at least one software application comprises at least one plug-in.
  - 5. The method of claim 1, wherein the at least one compromised component corresponds with at least one geographic region.
  - 6. The method of claim 1, wherein installing the at least one software application further comprises selecting an alternate component version that corresponds with at least one geographic region.
  - 7. The method of claim 1, wherein installing the at least one corresponding software application further comprises randomly selecting at least one alternate component version to replace the at least one compromised component.
  - 8. The method of claim 1, further comprising providing mappings that associate the alternative component versions with the corresponding components.
  - 9. The method of claim 8, further comprising installing a plurality of alternative component versions using the mappings.

10. A computerized system for mitigating software vulnerabilities in components of a software application, comprising:
- at least one server;
  
  a non-transitory computer readable storage medium comprising instructions stored thereon that when executed by the at least one server cause the computerized system to;
  
  generate a plurality of components for a software application, wherein the plurality of components includes;
  
  one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;
  
  wherein the one or more alternate components are pre-defined alternative component which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation;
  
  in response to information identifying at least one compromised component of the components for the software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component for each compromised component, wherein the alternate component restricts functionality problems caused by the vulnerability of the identified compromised component; and
  
  communicating information identifying the at least one compromised component and instructions for installing the non-compromised alternate component for each compromised component.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the communicated instructions identify the non-compromised alternate components to compile.
  - 12. The system of claim 10, wherein the at least one software application comprises at least one plug-in.
  - 13. The system of claim 10, wherein the at least one compromised component corresponds with at least one geographic region.
  - 14. The system of claim 10, wherein the non-compromised alternate components correspond with at least one geographic region.
  - 15. The system of claim 10, wherein selecting a non-compromised alternate component for each compromised component comprises randomly selecting the non-compromised alternate component to replace each compromised component.
  - 16. The system of claim 10, wherein the at least one server uses mappings to select the non-compromised alternate component for each compromised component.
  - 17. The system of claim 10, wherein the at least one server generates distribution information for installing the at least one software application at a client computerized device.

18. A computerized apparatus for mitigating software vulnerabilities in components of a software application, comprising:
- a computer having one or more processors coupled to a non-transitory memory device, the non-transitory memory device comprising instructions that when executed by the one or more processors cause the computerized apparatus to perform a method comprising;
  
  receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;
  
  components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;
  
  wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation;
  
  in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component;
  
  replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and
  
  installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component.
- View Dependent Claims (19, 20)
- - 19. The apparatus of claim 18, wherein the method further comprising receiving server instructions comprising the information identifying the at least one compromised component and a corresponding non-compromised alternate component version.
  - 20. The apparatus of claim 18, wherein the at least one compromised component version corresponds with at least one geographic region.

21. A computerized method of distributing a plurality of component versions to mitigate software vulnerabilities in components of a software application, comprising:
- generating a plurality of components for each component a software application, wherein the plurality of components includes;
  
  one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;
  
  wherein the one or more alternate components are pre-defined alternative components which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation; and
  
  communicating the plurality of components for the software application to a plurality of client computerized devices, wherein at least one non-compromised alternate component replaces at least one compromised component on at least one of the plurality of client computerized devices, wherein the at least one compromised component has been identified to include a vulnerability and wherein the alternate component restricts functionality problems caused by the vulnerability of the identified compromised component.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein communicating the plurality of components to a plurality of client computerized devices further comprises communicating the plurality of components to the plurality of client computerized devices using distribution information, wherein the distribution information indicates one of the plurality of components to install at the at least one client computerized device for the each component of the software application.
  - 23. The method of claim 21, wherein communicating the plurality of components further comprises for the each component, communicating a particular one of the plurality of components to the at least one client computerized device.
  - 24. The method of claim 23, wherein the particular component corresponds with a specific geographic region.

25. A computerized system for distributing a plurality of component versions to mitigate software vulnerabilities in components of a software application, comprising:
- a plurality of client computerized devices,a distribution module coupled to the plurality of client computerized devices, wherein the distribution module;
  
  generates a plurality of components for each component a software application, wherein the plurality of components includes;
  
  one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;
  
  wherein the one or more alternate components are pre-defined alternative component versions which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation;
  
  communicates the plurality of components for the software application to a plurality of client computerized devices using distribution information, wherein at least one non-compromised alternate component replaces at least one compromised component on at least one of the plurality of client computerized devices where the compromise comprises a vulnerability, wherein the at least one non-compromised alternate component restricts functionality problems caused by the vulnerability of the identified compromised component, and wherein the distribution information indicates one of the plurality of components to install at the at least one client computerized device for the each component of the software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Agarwal, Manish
Primary Examiner(s)
Do, Chat
Assistant Examiner(s)
CURBELO III, SERGIO JOSE

Application Number

US12/961,026
Time in Patent Office

1,660 Days
Field of Search

717/122, 717/170, 717/172, 717/174, 717/176, 717/177, 726/25, 714763-773
US Class Current

1/1
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 21/70 Protecting specific interna...

Method and apparatus for mitigating software vulnerabilities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for mitigating software vulnerabilities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links