Intrusion detection using taint accumulation
First Claim
Patent Images
1. A method operable in a computing device for handling security risk comprising:
- receiving a plurality of taint indicators indicative of potential security risk from a plurality of distinct sources at distinct times;
accumulating the plurality of taint indicators independently using a corresponding plurality of distinct accumulation functions; and
assessing security risk according to a risk assessment function that is cumulative of the plurality of taint indicators.
7 Assignments
0 Petitions
Accused Products
Abstract
A method operable in a computing device adapted for handling security risk can use taint accumulation to detect intrusion. The method can comprise receiving a plurality of taint indicators indicative of potential security risk from a plurality of distinct sources at distinct times, and accumulating the plurality of taint indicators independently using a corresponding plurality of distinct accumulation functions. Security risk can be assessed according to a risk assessment function that is cumulative of the plurality of taint indicators.
-
Citations
40 Claims
-
1. A method operable in a computing device for handling security risk comprising:
-
receiving a plurality of taint indicators indicative of potential security risk from a plurality of distinct sources at distinct times; accumulating the plurality of taint indicators independently using a corresponding plurality of distinct accumulation functions; and assessing security risk according to a risk assessment function that is cumulative of the plurality of taint indicators. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method operable in a computing device for handling security risk comprising:
-
specifying a plurality of bit fields of a taint vector corresponding to plurality of sources, events, activities, and/or conditions; assigning a plurality of taint indicators indicative of potential security risk to the bit fields of the taint vector; and monitoring the plurality of sources, events, activities, and/or conditions over time using the taint vector. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computing system comprising:
-
an interface operable to receive a plurality of taint indicators indicative of potential security risk from a plurality of distinct sources at distinct times; and logic operable to accumulate the plurality of taint indicators independently using a corresponding plurality of distinct accumulation functions and operable to assess security risk according to a risk assessment function that is cumulative of the plurality of taint indicators. - View Dependent Claims (37, 38, 39)
-
-
40-74. -74. (canceled)
Specification