Method and system for identification of security vulnerabilities

US 9,977,905 B2
Filed: 10/06/2015
Issued: 05/22/2018
Est. Priority Date: 10/06/2015
Status: Active Grant

First Claim

Patent Images

1. A system for electronic security, comprising:

a processor; and

a memory communicatively coupled to the processor and including instructions, the instructions, when loaded and executed by the processor, cause the processor to;

analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;

determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;

adjust characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from the system in which the given application component resides, the contextual information including security information;

take remedial action based at least upon adjusted vulnerability characterizations;

after the remedial action is taken on the given application component;

repeat a scan of the given application component;

determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;

determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;

determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and

adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for securing an electronic device may include a processor and a memory. The memory may be communicatively coupled to the processor and include instructions. The instructions, when loaded and executed by the processor, cause the processor to scan data including one or more application components to uniquely identify elements therein, determine from a given application component additional components to be accessed by the given application component, scan the additional components to uniquely identify elements therein, determine whether the additional components include any known vulnerabilities, associate one or more known vulnerabilities of the additional components with the given application component, record the known vulnerabilities and the given application component. The given application component may be uniquely identified.

18 Citations

View as Search Results

38 Claims

1. A system for electronic security, comprising:
- a processor; and
  
  a memory communicatively coupled to the processor and including instructions, the instructions, when loaded and executed by the processor, cause the processor to;
  
  analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  adjust characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from the system in which the given application component resides, the contextual information including security information;
  
  take remedial action based at least upon adjusted vulnerability characterizations;
  
  after the remedial action is taken on the given application component;
  
  repeat a scan of the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 30, 31, 32)
- - 2. The system of claim 1, wherein to adjust the characterizations of the vulnerabilities is further based at least upon a security configuration of the system related to the vulnerabilities.
  - 3. The system of claim 1, wherein the memory further includes instructions for causing the processor to:
    - determine a measure of the vulnerabilities; and
      
      rank the vulnerabilities.
  - 4. The system of claim 1, wherein the memory further includes instructions for causing the processor to:
    - determine a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      rank the vulnerabilities.
  - 5. The system of claim 1, wherein to adjust the characterizations of the vulnerabilities is further based at least upon contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 6. The system of claim 1, wherein to adjust the characterizations of the vulnerabilities is further based at least upon two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 7. The system of claim 1, wherein to adjust the characterizations of the vulnerabilities is further based at least upon a determined change in a threat causing the vulnerability.
  - 8. The system of claim 1, wherein the memory further includes instructions for causing the processor to identify pentesting suggestions to further confirm presence of the vulnerabilities based upon the identity of the vulnerabilities.
  - 9. The system of claim 1, wherein, to take remedial action, the memory further includes instructions for causing the processor to take the remedial action in a form of changed intrusion detection or protection rules based upon identities of the vulnerabilities.
  - 10. The system of claim 1, wherein the memory further includes instructions for causing the processor to repeat a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 30. The system of claim 1, wherein the network security device includes a firewall.
  - 31. The system of claim 1, wherein the one or more new vulnerabilities include multiple new vulnerabilities.
  - 32. The system of claim 31, wherein, to adjust the network security device to defeat the at least one of the one or more new vulnerabilities for the corrective action, the memory includes instructions that further cause the processor to adjust the network security device to defeat a first new vulnerability of the multiple new vulnerabilities and omit a second new vulnerability of the multiple new vulnerabilities.

11. At least one non-transitory machine readable storage medium, comprising computer-executable instructions, the instructions readable by a processor, the instructions, when read and executed by the processor, cause the processor to:
- analyze an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determine vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  adjust characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from a system in which the given application component resides, the contextual information including security information;
  
  take remedial action based at least upon adjusted vulnerability characterizations;
  
  after the remedial action is taken on the given application component;
  
  repeat a scan of the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determine, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determine from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjust a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 33, 34, 35)
- - 12. The at least one non-transitory machine readable storage medium of claim 11, wherein to adjust the characterizations of the vulnerabilities is further based at least upon a security configuration of the system related to the vulnerabilities.
  - 13. The at least one non-transitory machine readable storage medium of claim 11, further including instructions for causing the processor to:
    - determine a measure of the vulnerabilities; and
      
      rank the vulnerabilities.
  - 14. The at least one non-transitory machine readable storage medium of claim 11, further including instructions for causing the processor to:
    - determine a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      rank the vulnerabilities.
  - 15. The at least one non-transitory machine readable storage medium of claim 11, further including instructions for causing the processor to adjust the characterizations of the vulnerabilities further based upon contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 16. The at least one non-transitory machine readable storage medium of claim 11, wherein to adjust the characterizations of the vulnerabilities is further based at least upon two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 17. The at least one non-transitory machine readable storage medium of claim 11, wherein to adjust the characterizations of the vulnerabilities is further based at least upon a determined change in a threat causing the vulnerabilities.
  - 18. The at least one non-transitory machine readable storage medium of claim 11, further including instructions for causing the processor to identify pentesting suggestions to further confirm a presence of the vulnerabilities based upon the identity of the vulnerabilities.
  - 19. The at least one non-transitory machine readable storage medium of claim 11, further including instructions for causing the processor to repeat a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 33. The at least one non-transitory machine readable storage medium of claim 11, wherein the network security device includes a firewall.
  - 34. The at least one non-transitory machine readable storage medium of claim 11, wherein the one or more new vulnerabilities include multiple new vulnerabilities.
  - 35. The at least one non-transitory machine readable storage medium of claim 34, wherein, to adjust the network security device to defeat the at least one of the one or more new vulnerabilities for the corrective action, the memory includes instructions that further cause the processor to adjust the network security device to defeat a first new vulnerability of the multiple new vulnerabilities and omit a second new vulnerability of the multiple new vulnerabilities.

20. A method of electronic security, comprising:
- analyzing an application file structure of an application;
  
  analyzing an application file structure of an application and an import table of the application to identify, via the at least one of the application file structure of the application and the import table of the application, one or more uniquely identified application components;
  
  determining vulnerabilities associated with a given application component of the one or more uniquely identified application components, the vulnerabilities including vulnerabilities of one or more additional components to be accessed by the given application component;
  
  adjusting characterizations of the vulnerabilities associated with the given application component based at least upon contextual information from a system in which the given application component resides, the contextual information including security information;
  
  taking remedial action based at least upon adjusted vulnerability characterizations;
  
  after the remedial action is taken on the given application component;
  
  repeating a scan of the given application component;
  
  determining, based at least on the repeat of the scan of the given application component, that the remedial action corrected at least one of the vulnerabilities associated with the given application component, present before the remedial action is taken on the given application component;
  
  determining, based at least on the repeat of the scan of the given application component, one or more new vulnerabilities associated with the given application component;
  
  determining from an interplay of the vulnerabilities of the given application component, that includes the one or more new vulnerabilities, that corrective action is necessary; and
  
  adjusting a network security device to defeat at least one of the one or more new vulnerabilities for the corrective action.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 36, 37, 38)
- - 21. The method of claim 20, wherein the adjusting the characterizations of the vulnerabilities is further based at least upon a security configuration of the system related to the vulnerabilities.
  - 22. The method of claim 20, further comprising:
    - determining a measure of the vulnerabilities; and
      
      ranking the vulnerabilities.
  - 23. The method of claim 20, further comprising:
    - determining a measure of the vulnerabilities including a composite score from a plurality of vulnerability factors; and
      
      ranking the vulnerabilities.
  - 24. The method of claim 20, the adjusting the characterizations of the vulnerabilities is further based at least upon contextual information including threat vectors, threat impacts, and enterprise maturity of the system.
  - 25. The method of claim 20, wherein the adjusting the characterizations of the vulnerabilities is further based at least upon two or more of an access vector, access complexity, authentication, confidential impact, integrity impact, availability impact, exploitability, remediation level, report confidence, collateral damage potential, target distribution, confidentiality, availability requirement, integrity requirement, and availability requirement.
  - 26. The method of claim 20, wherein the adjusting the characterizations of the vulnerabilities is further based at least upon a determined change in a threat causing the vulnerabilities.
  - 27. The method of claim 20, further comprising identifying pentesting suggestions to confirm a presence of the vulnerabilities based upon the identity of the vulnerabilities.
  - 28. The method of claim 20, wherein the taking the remedial action includes taking a remedial action in a form of changed intrusion detection or protection rules based upon identities of the vulnerabilities.
  - 29. The method of claim 20, further comprising repeating a scan of the given application component based at least on a determination that a threat associated with the vulnerabilities has changed.
  - 36. The method of claim 20, wherein the network security device includes a firewall.
  - 37. The method of claim 20, wherein the one or more new vulnerabilities include multiple new vulnerabilities.
  - 38. The method of claim 37, wherein the adjusting the network security device to defeat the at least one of the one or more new vulnerabilities for the corrective action includes adjusting the network security device to defeat a first new vulnerability of the multiple new vulnerabilities and omit a second new vulnerability of the multiple new vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assured Enterprises, Inc.
Original Assignee
Assured Enterprises, Inc.
Inventors
Li, David
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/876,592
Publication Number

US 20170098087A1
Time in Patent Office

959 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/564   by virus signature recognition

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Method and system for identification of security vulnerabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identification of security vulnerabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links