Data driven system for responding to security vulnerability

US 9,558,356 B2
Filed: 10/26/2015
Issued: 01/31/2017
Est. Priority Date: 04/10/2008
Status: Active Grant

First Claim

Patent Images

1. A system that responds to a security vulnerability associated with a computer-executable viewing application, the system comprising:

one or more processor devices; and

one or more memory devices that store instructions, which when executed by the one or more processor devices, perform actions that include;

employing a request detector to detect a request related to a first content element and a second content element that are included in a data source of the viewing application, wherein the security vulnerability is further associated with the first content element;

employing a content parser to determine a characteristic of the first content element and a characteristic of the second content element;

employing a security data file parser to interrogate a security data file with the characteristic of the first content element and the characteristic of the second content element; and

employing at least a decision module to disallow operations relating to the first content element and to allow operations relating to the second content element based on a result of the interrogating of the security data file, wherein the security data file includes an entry corresponding to the characteristic of the first content element and does not include an entry corresponding to the characteristic of the second content element.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data-driven system for fast response to security vulnerability, in one example embodiment, comprises a request detector, a content type evaluator, and a presentation module. A request detector may be configured to detect a request to display content. A content type evaluator may be configured to determine a type of the requested content. A presentation module may be configured to selectively display the requested content based on the determined type of the requested content. The content type evaluator and the presentation module may utilize a data file that stores information related to potential vulnerabilities associated with a content viewing application. Example data file may be an XML file.

Citations

20 Claims

1. A system that responds to a security vulnerability associated with a computer-executable viewing application, the system comprising:
- one or more processor devices; and
  
  one or more memory devices that store instructions, which when executed by the one or more processor devices, perform actions that include;
  
  employing a request detector to detect a request related to a first content element and a second content element that are included in a data source of the viewing application, wherein the security vulnerability is further associated with the first content element;
  
  employing a content parser to determine a characteristic of the first content element and a characteristic of the second content element;
  
  employing a security data file parser to interrogate a security data file with the characteristic of the first content element and the characteristic of the second content element; and
  
  employing at least a decision module to disallow operations relating to the first content element and to allow operations relating to the second content element based on a result of the interrogating of the security data file, wherein the security data file includes an entry corresponding to the characteristic of the first content element and does not include an entry corresponding to the characteristic of the second content element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the request related to the first and the second content elements is a request to launch the viewing application and render each of the first and the second content elements.
  - 3. The system of claim 1, wherein the request related to the first and the second content elements is a request to enable the viewing application to display each of the first and the second content elements.
  - 4. The system of claim 1, each of the request detector, the content parser, and the decision module are operative within the viewing application.
  - 5. The system of claim 1, wherein the actions further include further employing a blocking module to disallow the operations relating to the first content element.
  - 6. The system of claim 5, wherein the blocking module is to disable a control element included in the viewing application and associated with the first content element.
  - 7. The system of claim 6, wherein the control element and the first content element are associated with an electronic document.
  - 8. The system of claim 6, wherein the control element and the first content element are associated with a plug-in.
  - 9. The system of claim 1, wherein the entry corresponding to the characteristic of the first content element and included in the security data file reflects the security vulnerability associated with the first content element.
  - 10. The system of claim 1, wherein the actions further include employing a presentation module to selectively display the second content element and to not display the first content element based on employing at least the decision module disallow the operations relating to the first content element and to allow the operations relating to the second content element.

11. A method for responding to a security vulnerability associated with a computer-executable viewing application, the method comprising:
- detecting, via more processor devices, a request to invoke functionality of the viewing application that is associated with a control element of the viewing application and the security vulnerability;
  
  determining, via the one or more processor devices, a characteristic of the control element of the viewing application;
  
  interrogating a security data file via the one or more processor devices and the determined characteristic; and
  
  determining, via the one or more processor devices, to disable the functionality associated with the control element when the interrogating locates an entry included in the security data file that indicates disabling the functionality.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, the request to invoke the functionality associated with the control element is a request to launch the viewing application and the viewing application processes a content element.
  - 13. The method of claim 11, wherein the functionality associated with the control element includes displaying a content element.
  - 14. The method of claim 11, the request to invoke the functionality associated with the control element includes a request initiated by a plug-in associated with the viewing application and the plug-in processes a content element.
  - 15. The method of claim 11, further comprising:
    - in response to the determining to disable the functionality associated with the control element, graying-out a display the control element in a user interface.
  - 16. The method of claim 11, further comprising:
    - in response to the determining to disable the functionality associated with the control element, disabling a display of the control element in a user interface.
  - 17. The method of claim 16, wherein the control element is associated with an electronic document.
  - 18. The method of claim 11, wherein the functionality associated with the control element is associated with a plug-in.
  - 19. The method of claim 11, wherein the entry included in the security data file further indicates the security vulnerability associated with the control element.
  - 20. The method of claim 11, wherein the control element includes a cross-domain link in a content element associated with a browser plug-in.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Sawyer, David G., Choudhury, Priyank
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US14/923,070
Publication Number

US 20160063257A1
Time in Patent Office

463 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 21/554   involving event detection a...

G06F 21/563   by source code analysis

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/033   Test or assess software

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

Data driven system for responding to security vulnerability

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data driven system for responding to security vulnerability

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links