Methods and systems for enabling community-tested security features for legacy applications

US 9,332,033 B2
Filed: 01/24/2014
Issued: 05/03/2016
Est. Priority Date: 12/17/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for enabling community-tested security features for legacy applications, the method comprising:

identifying a plurality of client systems;

identifying a subset of the plurality of client systems that is designated to test security features for legacy applications;

transmitting a security-feature-enablement rule to each client system in the subset that, when executed, enables a security feature available on the client system;

receiving, from each client system in the subset, health-impact information that identifies the impact, on the health of a legacy application on the client system, of executing the security-feature-enablement rule to enable the security feature;

identifying a health-impact score that quantifies the impact of the enabled security feature on the health of the legacy applications on the client systems within the subset;

determining, based on the health-impact score that quantifies the impact of the enabled security feature, whether to roll out the security-feature-enablement rule to the plurality of client systems at least in part by determining whether, on average, the security-feature-enablement rule negatively impacted the health of legacy applications on the client systems within the subset, the method being performed by a server-side computing device that comprises at least one processor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.

9 Citations

20 Claims

1. A computer-implemented method for enabling community-tested security features for legacy applications, the method comprising:
- identifying a plurality of client systems;
  
  identifying a subset of the plurality of client systems that is designated to test security features for legacy applications;
  
  transmitting a security-feature-enablement rule to each client system in the subset that, when executed, enables a security feature available on the client system;
  
  receiving, from each client system in the subset, health-impact information that identifies the impact, on the health of a legacy application on the client system, of executing the security-feature-enablement rule to enable the security feature;
  
  identifying a health-impact score that quantifies the impact of the enabled security feature on the health of the legacy applications on the client systems within the subset;
  
  determining, based on the health-impact score that quantifies the impact of the enabled security feature, whether to roll out the security-feature-enablement rule to the plurality of client systems at least in part by determining whether, on average, the security-feature-enablement rule negatively impacted the health of legacy applications on the client systems within the subset, the method being performed by a server-side computing device that comprises at least one processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - determining, by analyzing the health-impact information, that the security-feature-enablement rule did not negatively impact the health of the legacy application;
      
      initiating a staged roll-out of the security-feature-enablement rule to the plurality of client systems.
  - 3. The method of claim 2, further comprising:
    - receiving, from at least one additional client system within the plurality of client systems, health-impact information for the security-feature-enablement rule;
      
      determining, by analyzing the health-impact information received from the additional client system, that the security-feature-enablement rule negatively impacted the health of a legacy application on the additional client system;
      
      aborting the staged roll-out of the security-feature-enablement rule.
  - 4. The method of claim 2, wherein initiating the staged roll-out comprises increasing distribution of the security-feature-enablement rule by increments in multiple stages until the distribution encompasses the plurality of client systems.
  - 5. The method of claim 1, wherein the security-feature-enablement rule comprises a particular combination of security-feature-enablement rules.
  - 6. The method of claim 1, wherein the health-impact information comprises:
    - a performance index containing results for at least one performance metric;
      
      a stability index containing results for at least one stability metric.
  - 7. The method of claim 1, further comprising calculating and storing the health-impact score, as a running average, for the security-feature-enablement rule based on health-impact information received from the subset.
  - 8. The method of claim 7, further comprising determining to roll out the security-feature-enablement rule to a remainder of client systems when the running average health-impact score indicates that, on average, the security-feature-enablement rule did not substantially negatively impact the health of legacy applications on clients systems within the subset.
  - 9. The method of claim 7, further comprising:
    - determining, upon rolling out the security-feature-enablement rule to a larger subset of client systems, whether the health-impact score drops to an unacceptable level;
      
      determining whether to abort a staged roll-out based on whether the health-impact score drops to the unacceptable level.
  - 10. The method of claim 1, wherein the security-feature-enablement rule enables heap corruption termination.
  - 11. The method of claim 1, further comprising accessing a list of client systems that opted in to testing of security features.
  - 12. The method of claim 1, wherein transmitting the security-feature-enablement rule comprises sending an instruction to the client system within the subset to enable the security feature for the legacy application.
  - 13. The method of claim 1, further comprising rolling out the security-feature-enablement rule so long as the server-side computing device continues to receive health-impact information that indicates that the security-feature-enablement rule is not negatively impacting the health of legacy applications.

14. A system for enabling community-tested security features for legacy applications, the system comprising:
- at least one processor;
  
  a server module, stored in memory, that;
  
  identifies a plurality of client systems;
  
  identifies a subset of the plurality of client systems that is designated to test security features for legacy applications;
  
  transmits a security-feature-enablement rule to each client system in the subset that, when executed, enables a security feature available on the client system;
  
  receives, from each client system in the subset, health-impact information that identifies the impact, on the health of a legacy application on the client system, of executing the security-feature-enablement rule to enable the security feature;
  
  identifies a health-impact score that quantifies the impact of the enabled security feature on the health of the legacy applications on the client systems within the subset;
  
  determines, based on the health-impact score that quantifies the impact of the enabled security feature, whether to roll out the security-feature-enablement rule to the plurality of client systems at least in part by determining whether, on average, the security-feature-enablement rule negatively impacted the health of legacy applications on the client systems within the subset.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the server module calculates the health-impact score, as a running average, for the security-feature-enablement rule based on health-impact information received from the subset.
  - 16. The system of claim 15, wherein the server module determines to roll out the security-feature-enablement rule to a remainder of client systems when the running average health-impact score indicates that, on average, the security-feature-enablement rule did not substantially negatively impact the health of legacy applications on clients systems within the subset.
  - 17. The system of claim 15, wherein the server module:
    - determines, upon rolling out the security-feature-enablement rule to a larger subset of client systems, whether the health-impact score drops to an unacceptable level;
      
      determines whether to abort a staged roll-out based on whether the health-impact score drops to the unacceptable level.
  - 18. The system of claim 14, wherein the security-feature-enablement rule enables heap corruption termination.
  - 19. The system of claim 14, wherein the server module accesses a list of client systems that opted in to testing of security features.

20. A non-transitory computer-readable-storage-medium containing instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a plurality of client systems;
  
  identify a subset of the plurality of client systems that is designated to test security features for legacy applications;
  
  transmit a security-feature-enablement rule to each client system in the subset that, when executed, enables a security feature available on the client system;
  
  receive, from each client system in the subset, health-impact information that identifies the impact, on the health of a legacy application on the client system, of executing the security-feature-enablement rule to enable the security feature;
  
  identify a health-impact score that quantifies the impact of the enabled security feature on the health of the legacy applications on the client systems within the subset;
  
  determine, based on the health-impact score that quantifies the impact of the enabled security feature, whether to roll out the security-feature-enablement rule to the plurality of client systems at least in part by determining whether, on average, the security-feature-enablement rule negatively impacted the health of legacy applications on the client systems within the subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E., Satish, Sourabh
Primary Examiner(s)
Moorthy, Aravind

Application Number

US14/163,071
Publication Number

US 20140143828A1
Time in Patent Office

830 Days
Field of Search

726/25, 713/188
US Class Current

1/1
CPC Class Codes

G06F 21/125   by manipulating the program...

G06F 21/126   Interacting with the operat...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Methods and systems for enabling community-tested security features for legacy applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for enabling community-tested security features for legacy applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links