System and method for patching a device through exploitation

US 9,607,156 B2
Filed: 02/24/2014
Issued: 03/28/2017
Est. Priority Date: 02/22/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a vulnerability in a computing device;

accessing a vulnerability exploitation mapped to the identified vulnerability, wherein the vulnerability exploitation comprises pre-identified computer-executable scripts or routines specifically provided to target the identified vulnerability in the computing device to thereby resolve or reduce the identified vulnerability, wherein, once executed, the pre-identified computer-executable scripts or routines of the vulnerability exploitation automatically change an operating mode of the computing device from an operating mode with less privileges to an operating mode with increased privileges;

at the computing device, executing the pre-identified scripts or routines of the vulnerability exploitation and, through execution of the pre-identified scripts or routines of the vulnerability exploitation causing an entering into an operating mode of escalated privileges within the computing device; and

while in the operating mode of escalated privileges, updating the computing device with a vulnerability resolution that functions to automatically use the escalated privileges to resolve or reduce the identified vulnerability.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that includes identifying a vulnerability in a computing device; accessing a vulnerability exploitation mapped to the identified vulnerability; at the computing device, executing the vulnerability exploitation and entering an operating mode of escalated privileges; and while in the operating mode of escalated privileges, updating the system with a vulnerability resolution.

176 Citations

19 Claims

1. A method comprising:
- identifying a vulnerability in a computing device;
  
  accessing a vulnerability exploitation mapped to the identified vulnerability, wherein the vulnerability exploitation comprises pre-identified computer-executable scripts or routines specifically provided to target the identified vulnerability in the computing device to thereby resolve or reduce the identified vulnerability, wherein, once executed, the pre-identified computer-executable scripts or routines of the vulnerability exploitation automatically change an operating mode of the computing device from an operating mode with less privileges to an operating mode with increased privileges;
  
  at the computing device, executing the pre-identified scripts or routines of the vulnerability exploitation and, through execution of the pre-identified scripts or routines of the vulnerability exploitation causing an entering into an operating mode of escalated privileges within the computing device; and
  
  while in the operating mode of escalated privileges, updating the computing device with a vulnerability resolution that functions to automatically use the escalated privileges to resolve or reduce the identified vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein identifying the vulnerability in the computing device comprises:
    - (i) collecting data object identifiers of one or more components of the computing device; and
      
      (ii) querying, using each of the collected data object identifiers, a map of object identifiers mapped to known vulnerability assessments for the object identifiers thereby searching for vulnerabilities mapped to the collected data object identifiers.
  - 3. The method of claim 1, further comprising presenting the presence of the identified vulnerability.
  - 4. The method of claim 1, wherein accessing the vulnerability exploit comprises digitally signing a request to access a cryptographically secured vulnerability exploit.
  - 5. The method of claim 1, wherein updating the computing device with a vulnerability resolution comprises persistently applying the vulnerability resolution on the computing device.
  - 6. The method of claim 1, wherein updating the computing device with a vulnerability resolution comprises applying the vulnerability resolution on the computing device in non-persistent memory;
    - and further comprising reactivating the vulnerability resolution on the device in the non-persistent memory during restart of the computing device.
  - 7. The method of claim 1, further comprising while in the operating mode of escalated privileges, establishing a reference monitor;
    - and further comprising identifying a second vulnerability in a computing device;
      
      entering an operating mode of backdoor escalated privileges through the reference monitor; and
      
      while in the operating mode of backdoor escalated privileges, updating the computing device with a vulnerability resolution of the second vulnerability.
  - 8. The method of claim 1, wherein more than one vulnerability is identified;
    - and wherein updating the computing device with a vulnerability resolution comprises updating the computing device with a vulnerability resolution for more than one vulnerability.
  - 9. The method of claim 1, wherein identifying a vulnerability in a computing device further comprises collecting data object identifiers of the computing device, transmitting the data object identifiers to a remote vulnerability assessment cloud service;
    - and receiving a vulnerability assessment that identifies at least one vulnerability of the computing device.
  - 10. The method of claim 9, wherein receiving a vulnerability assessment that identifies at least one latent vulnerability of the computing device occurs asynchronously to the transmitting the data object identifiers.

11. A method comprising:
- identifying a first vulnerability in a system;
  
  exploiting the first vulnerability using a pre-identified set of escalated code execution privileges mapped to the first vulnerability, wherein the set of escalated execution privileges are accessible through the first vulnerability for the purpose of resolving or reducing the first vulnerability;
  
  establishing a reference monitor during the escalated code execution privileges;
  
  identifying a second vulnerability in the system;
  
  entering an operating mode of escalated privileges through the reference monitor on the system, wherein the escalated privileges of the operating mode are different than the set of escalated execution privileges mapped to the first vulnerability; and
  
  while in the operating mode of escalated privileges, updating the system with a vulnerability resolution of the second vulnerability.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein exploiting the first vulnerability comprises digitally signing a request to access a cryptographically secured vulnerability exploit of the first vulnerability and receiving the granting escalated code execution privileges through executing the cryptographically secured vulnerability exploit.
  - 13. The method of claim 11, wherein entering an operating mode of escalated privileges through the reference monitor comprises authenticating a vulnerability tool wherein the vulnerability tool completes updating the system with a vulnerability resolution of the second vulnerability.
  - 14. The method of claim 11, further comprising presenting the presence of the identified vulnerability through a user interface of the system.
  - 15. The method of claim 11, wherein updating the system with a vulnerability resolution comprises persistently applying the vulnerability resolution on the device.
  - 16. The method of claim 11, wherein updating the system with a vulnerability resolution comprises applying the vulnerability resolution on the system in non-persistent memory;
    - and further comprising upon refreshing the system, entering an operating mode of escalated privileges through the reference monitor and reactivating the vulnerability resolution on the device in the non-persistent memory.
  - 17. The method of claim 11, wherein the vulnerability is a system level vulnerability.
  - 18. The method of claim 11, wherein the vulnerability is an application level vulnerability.

19. A method for patching a computing device in a closed system administration ecosystem comprising:
- collecting data object identifiers of the computing device at a first instance;
  
  querying, using the collected data object identifiers, a map of object identifiers to vulnerabilities and identifying at least one vulnerability associated with at least one of the collected data object identifiers;
  
  accessing a vulnerability exploitation mapped to the identified vulnerability, wherein the vulnerability exploitation comprises pre-identified computer-executable scripts or routines specifically provided to target the identified vulnerability in the computing device to thereby resolve or reduce the identified vulnerability, wherein, once executed, the pre-identified computer-executable scripts or routines of the vulnerability exploitation automatically change an operating mode of the computing device from an operating mode with less privileges to an operating mode with increased privileges;
  
  at the computing device, executing the vulnerability exploitation and entering a first operating mode of escalated privileges through the vulnerability exploitation; and
  
  while in the first operating mode of escalated privileges, updating the computing device with a first vulnerability resolution of the at least one vulnerability and establishing a reference monitor;
  
  collecting data object identifiers of the computing device at a second instance;
  
  identifying a second vulnerability from the data object identifiers of the computing device at a second instance;
  
  entering a second operating mode of backdoor escalated privileges through the reference monitor, wherein the second operating mode is different than the first operating mode; and
  
  while in the second operating mode of backdoor escalated privileges, updating the system with a second vulnerability resolution of the second vulnerability, wherein the second vulnerability resolution is different than the first vulnerability resolution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
LE, THANH H

Application Number

US14/188,492
Publication Number

US 20140245450A1
Time in Patent Office

1,128 Days
Field of Search

713/201, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

System and method for patching a device through exploitation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

176 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for patching a device through exploitation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links