Computer system vulnerability analysis apparatus and method
First Claim
1. A computerized method of determining vulnerability of a computing system, the method comprising:
- identifying a component, the component being included in the computing system, the component characterized by first addresses, controlling at least one of control and configuration of the component;
selecting second addresses, the second addresses being a subset of the first addresses; and
sequentially, for each address of the second addresses, performing the following stepsselecting, the each address as a target address;
accessing the target address;
determining that the accessing the target address causes a system failure; and
documenting consequences of the accessing of the target address.
0 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods to evaluate computing systems'"'"' vulnerability implement a series of steps wherein a system may be selected, and a specific component identified. Obtaining component information may include methods for accessing its configuration address space. Creation of a list of control or configuration addresses is followed by filtering to identify documented, reserved addresses, documented reserved test addresses, and undocumented addresses. A filtered subset is tested by accessing each address contained in the subset, and verifying continuity of operation of the tested component, then accesses by reading, writing, or both to subset addresses to classify as benign to component and system. Failure may constitute data damage, component damage, system damage, component failure, or system failure.
9 Citations
20 Claims
-
1. A computerized method of determining vulnerability of a computing system, the method comprising:
-
identifying a component, the component being included in the computing system, the component characterized by first addresses, controlling at least one of control and configuration of the component; selecting second addresses, the second addresses being a subset of the first addresses; and sequentially, for each address of the second addresses, performing the following steps selecting, the each address as a target address; accessing the target address; determining that the accessing the target address causes a system failure; and documenting consequences of the accessing of the target address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
the second address is at least one of documented reserved addresses, documented reserved test addresses, and undocumented addresses; and the documenting consequences further comprises associating the target address with the system failure.
-
-
3. The method of claim 1, wherein:
-
the documenting consequences further comprises identifying the consequences as including the system failure; associating the system failure with the target address; and removing the access to the target address.
-
-
4. The method of claim 1, wherein at least one of the conditions exists, selected from:
-
the address corresponds to one of a register address, a memory address, and an input/output address; and the component is one of a physical component, a virtual component, a simulated component, and an emulated component.
-
-
5. The method of claim 1, wherein access is selected from:
-
reading from the target address; writing to the target address; writing to, followed by reading from, the target address; reading from, followed by writing to, the target address; and both reading from and writing to the target address, with each of the reading and writing performed at least once.
-
-
6. The method of claim 1, further comprising programming into a processor, the processor being a hardware processor:
-
an address population module to define the first addresses; an address selection module to select the second addresses; and an access module to access the target address.
-
-
7. The method of claim 6, further comprising programming into the processor a verification module to test the operability of at least one of the computing system and the component.
-
8. The method of claim 6, further comprising at least one of:
-
selecting the target address from a first group consisting of a register address, a memory address, and an input/output address; selecting the component from a second group consisting of a physical component, a virtual component, a simulated component, and an emulated component.
-
-
9. The method of claim 8, wherein the access is selected from
reading from the target address; -
writing to the target address; writing to, followed by reading from, the target address; reading from, followed by writing to, the target address; and both reading from and writing to the target address, with each of the reading and writing performed at least once.
-
-
10. An article comprising a computer readable, non-transitory medium storing data structures comprising executables operable on a hardware processor and operational data processable by the executables, the data structures comprising:
-
an address selection module effective to select addresses from a configuration address space of a component in a computing system, the addresses corresponding to at least one of internal memory, internal registers, and input/output ports of the component, based on each address of said addresses being at least one of a reserved address, a reserved test address, and an undocumented address; an access module effective to access addresses in the configuration address space via component access methods specific to the component by executing at least one of a read command or a write command to each address of at least a portion of the configuration address space; a control module effective to programmatically identify the component, direct the access module in address accesses, and document whether at least one of the component and the computing system has caused a system failure in response to the access. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a processor operably connected in a computing system, the processor being a hardware processor; a configuration address space corresponding to a component in the computing system, the component including at least one computer chip physically mounted within the computer system, the configuration address space referencing at least one of internal registers within the component, internal memory within the component, and ports of the component; a computer-readable, non-transitory medium operably connected to the processor; a set of modules effective to be executed by the processor to access the configuration address space; the set further comprising component access methods unique to the component and effective for accessing, by the processor, second addresses selected from at least one of reserved addresses, reserved test addresses, and undocumented addresses in the configuration address space; the processor, further programmed to determine that at least one of the component and the computing system has caused a system failure in consequence of accessing the second addresses; and the processor, further programmed to document the second addresses that caused the system failure. - View Dependent Claims (18, 19, 20)
-
Specification