Method and apparatus for automating the building of threat models for the public cloud

US 9,330,263 B2
Filed: 05/27/2014
Issued: 05/03/2016
Est. Priority Date: 05/27/2014
Status: Active Grant

First Claim

Patent Images

1. A computing system implemented method for automating threat model generation for an application of an asset of a service provider, comprising:

identifying, with a first computing environment, components of the application,wherein the components receive, transfer, and transmit information for the application,wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks;

receiving security information, for at least some of the components, that identifies whether measures were taken within the application to secure the application against a list of security threats,wherein the first computing environment maintains the list of security threats within a threat model database;

determining whether the measures sufficiently address security risks associated with the list of security threats, including;

transmitting first queries to a third computing environment that are related to the security information,wherein the third computing environment is a different computing environment than the first and second computing environments;

receiving responses from the third computing environment to the first queries related to the security information;

transmitting subsequent queries to the third computing environment in response to and based at least in part on content of the responses to the first queries; and

providing a threat model to the third computing environment, the threat model including a report that identifies components of the application that have been sufficiently secured, and identifies components of the application that have been insufficiently secured, from each of the list of security threats, as determined by the first computing environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for automating threat model generation for an application includes identifying components of an application, receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats, determining whether the security measures sufficiently address security risks associated with the security threats, and providing a threat model that includes a report that identifies components of the application that have been sufficiently (or insufficiently) secured from the security threats, according to one embodiment. In one embodiment, determining whether the security measures sufficiently address the security risks can include transmitting first queries, receiving responses to the first queries, and transmitting subsequent queries based at least in part on the responses to the first queries.

166 Citations

28 Claims

1. A computing system implemented method for automating threat model generation for an application of an asset of a service provider, comprising:
- identifying, with a first computing environment, components of the application,wherein the components receive, transfer, and transmit information for the application,wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks;
  
  receiving security information, for at least some of the components, that identifies whether measures were taken within the application to secure the application against a list of security threats,wherein the first computing environment maintains the list of security threats within a threat model database;
  
  determining whether the measures sufficiently address security risks associated with the list of security threats, including;
  
  transmitting first queries to a third computing environment that are related to the security information,wherein the third computing environment is a different computing environment than the first and second computing environments;
  
  receiving responses from the third computing environment to the first queries related to the security information;
  
  transmitting subsequent queries to the third computing environment in response to and based at least in part on content of the responses to the first queries; and
  
  providing a threat model to the third computing environment, the threat model including a report that identifies components of the application that have been sufficiently secured, and identifies components of the application that have been insufficiently secured, from each of the list of security threats, as determined by the first computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats, further includes:
    - forwarding at least some of the responses from the third computing environment to the first queries to a subject matter expert or security expert to enable the subject matter expert or security expert to determine a sufficiency of the measures of the security information; and
      
      receiving an analysis from the subject matter or security expert regarding the sufficiency of the measures of the security information.
  - 3. The method of claim 1, further comprising:
    - providing a graphical user interface to receive input from the third computing environment,wherein identifying the components of the application includes receiving information regarding the components of the application through the graphical user interface,wherein receiving the security information, for at least some of the components, includes receiving the security information through the graphical user interface.
  - 4. The method of claim 3 wherein providing the threat model to the third computing environment includes providing a graphical display of the threat model through the graphical user interface.
  - 5. The method of claim 1 wherein at least some of the components are application programming interfaces (APIs) for the application.
  - 6. The method of claim 1, further comprising:
    - receiving characteristics of the asset from the third computing environment through a graphical user interface;
      
      determining security weaknesses of the asset based on the characteristics of the asset; and
      
      providing the threat model to the third computing environment, at least partially, based on the characteristics of the asset.
  - 7. The method of claim 6, wherein determining the security weaknesses of the asset includes querying the threat model database with the characteristics of the asset.
  - 8. The method of claim 1 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats, further includes:
    - forwarding at least some of the responses from the third computing environment to the first queries to a programmable service; and
      
      receiving an analysis from the programmable service regarding the sufficiency of the measures of the security information.
  - 9. The method of claim 1 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats includes determining whether the security information conforms with requirements of a security policy for the asset, the security policy being managed by the service provider.

10. A computing system implemented method for automating threat model generation for an application of an asset of a service provider, comprising:
- identifying, with a first computing environment, components of the application,wherein the components receive, transfer, and transmit information for the application,wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks;
  
  receiving security procedures used to secure the components of the application from security threats, by;
  
  requesting functional information related to the components of the application;
  
  enumerating specific types of security threats based on functions of the components; and
  
  querying a third computing environment to determine if the security procedures address each specific type of security threat enumerated for the components,wherein querying the third computing environment includes providing questions that are based on the components of the application and that are based on the functional information related to the components,wherein providing the questions includes customizing a quantity and an order of the questions based on responses received from the third computing environment to at least some of the questions;
  
  comparing the security procedures to requirements of a security policy applied to the asset by the service provider; and
  
  providing a threat model to the third computing environment, the threat model including a report that identifies the components of the application that have been sufficiently and insufficiently secured from the specific types of security threats, according to the requirements of the security policy applied to the asset by the service provider.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 wherein the security policy is at least partially based on a threat model database that identifies the types of security threats that are capable of affecting applications hosted by the asset.
  - 12. The method of claim 11 wherein the first computing environment maintains the threat model database by:
    - searching online security threat repositories;
      
      orreceiving updates from security administrators for the service provider.
  - 13. The method of claim 10 wherein the first computing environment is part of a security service provider computing environment that is configured to communicate with an asset service provider computing environment to execute the security policy that is applied to the asset by the service provider.
  - 14. The method of claim 10, further comprising:
    - providing a graphical user interface to enable communications with the user computing environment,wherein providing the threat model includes displaying the report through the graphical user interface.

15. A system for automating threat model generation for an application of an asset of a service provider, the system comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automating threat model generation for an application of an asset of a service provider, the process including;
  
  identifying, with a first computing environment, components of the application,wherein the components receive, transfer, and transmit information for the application,wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks;
  
  receiving security information, for at least some of the components, that identifies whether measures were taken within the application to secure the application against a list of security threats,wherein the first computing environment maintains the list of security threats within a threat model database;
  
  determining whether the measures sufficiently address security risks associated with the list of security threats, including;
  
  transmitting first queries to a third computing environment that are related to the security information,wherein the third computing environment is a different computing environment than the first and second computing environments;
  
  receiving responses from the third computing environment to the first queries related to the security information;
  
  transmitting subsequent queries to the third computing environment in response to and based at least in part on content of the responses to the first queries; and
  
  providing a threat model to the third computing environment, the threat model including a report that identifies components of the application that have been sufficiently secured, and identifies components of the application that have been insufficiently secured, from each of the list of security threats, as determined by the first computing environment.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The system of claim 15 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats, further includes:
    - forwarding at least some of the responses from the third computing environment to the first queries to a subject matter expert or security expert to enable the subject matter expert or security expert to determine a sufficiency of the measures of the security information; and
      
      receiving an analysis from the subject matter or security expert regarding the sufficiency of the measures of the security information.
  - 17. The system of claim 15 wherein the process further comprises:
    - providing a graphical user interface to receive input from the third computing environment,wherein identifying the components of the application includes receiving information regarding the components of the application through the graphical user interface,wherein receiving the security information, for at least some of the components, includes receiving the security information through the graphical user interface.
  - 18. The system of claim 17 wherein providing the threat model to the third computing environment includes providing a graphical display of the threat model through the graphical user interface.
  - 19. The system of claim 15 wherein at least some of the components are application programming interfaces (APIs) for the application.
  - 20. The system of claim 15 wherein the process further comprises:
    - receiving characteristics of the asset from the third computing environment through a graphical user interface;
      
      determining security weaknesses of the asset based on the characteristics of the asset; and
      
      providing the threat model to the third computing environment, at least partially, based on the characteristics of the asset.
  - 21. The system of claim 20 wherein determining the security weaknesses of the asset includes querying the threat model database with the characteristics of the asset.
  - 22. The system of claim 15 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats, further includes:
    - forwarding at least some of the responses from the third computing environment to the first queries to a programmable service; and
      
      receiving an analysis from the programmable service regarding the sufficiency of the measures of the security information.
  - 23. The system of claim 15 wherein determining whether the measures of the security information sufficiently address security risks associated with the list of security threats includes determining whether the security information conforms with requirements of a security policy for the asset, the security policy being managed by the service provider.

24. A system for automating threat model generation for an application of an asset of a service provider, comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for automating threat model generation for the application of the asset of the service provider, the process including;
  
  identifying, with a first computing environment, components of the application,wherein the components receive, transfer, and transmit information for the application,wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks;
  
  receiving security procedures used to secure the components of the application from security threats, by;
  
  requesting functional information related to the components of the application;
  
  enumerating specific types of security threats based on functions of the components; and
  
  querying a third computing environment to determine if the security procedures address each specific type of security threat enumerated for the components,wherein querying the third computing environment includes providing questions that are based on the components of the application and that are based on the functional information related to the components,wherein providing the questions includes customizing a quantity and an order of the questions based on responses received from the third computing environment to at least some of the questions;
  
  comparing the security procedures to requirements of a security policy applied to the asset by the service provider; and
  
  providing a threat model to the third computing environment, the threat model including a report that identifies the components of the application that have been sufficiently and insufficiently secured from the specific types of security threats, according to the requirements of the security policy applied to the asset by the service provider.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The system of claim 24 wherein the security policy is at least partially based on a threat model database that identifies the types of security threats that are capable of affecting applications hosted by the asset.
  - 26. The system of claim 25 wherein the first computing environment maintains the threat model database by:
    - searching online security threat repositories;
      
      orreceiving updates from security administrators for the service provider.
  - 27. The system of claim 24 wherein the first computing environment is part of a security service provider computing environment that is configured to communicate with an asset service provider computing environment to execute the security policy that is applied to the asset by the service provider.
  - 28. The system of claim 24 wherein the process further comprises:
    - providing a graphical user interface to enable communications with the user computing environment,wherein providing the threat model includes displaying the report through the graphical user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Cabrera, Luis Felipe, Lietz, M. Shannon, Godinez, Javier
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US14/288,260
Publication Number

US 20150347759A1
Time in Patent Office

707 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Method and apparatus for automating the building of threat models for the public cloud

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

166 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for automating the building of threat models for the public cloud

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

166 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others