SECURITY TESTING FOR SOFTWARE APPLICATIONS

US 20150033346A1
Filed: 07/26/2013
Published: 01/29/2015
Est. Priority Date: 07/26/2013
Status: Active Grant

First Claim

Patent Images

1. A system including instructions recorded on a non-transitory computer-readable medium, and executable by at least one processor, the system comprising:

a mapping engine configured to cause the at least one processor todetermine an attack model enumerating software attacks, the software attacks being represented by linked attack components,determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram, andassociate each attack component and each architectural component with at least one attack tag characterizing attack requirements; and

a global test plan generator configured to cause the at least one processor to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and further configured to cause the at least one processor to generate attack test workflows from the attack test model, to thereby test the software architecture.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mapping engine may be used to determine an attack model enumerating software attacks, the software attacks being represented by linked attack components, and may be used to determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram. The mapping engine may then associate each attack component and each architectural component with at least one attack tag characterizing attack requirements. A global test plan generator may be used to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and may thus generate attack test workflows from the attack test model, to thereby test the software architecture.

35 Citations

View as Search Results

20 Claims

1. A system including instructions recorded on a non-transitory computer-readable medium, and executable by at least one processor, the system comprising:
- a mapping engine configured to cause the at least one processor todetermine an attack model enumerating software attacks, the software attacks being represented by linked attack components,determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram, andassociate each attack component and each architectural component with at least one attack tag characterizing attack requirements; and
  
  a global test plan generator configured to cause the at least one processor to determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags, and further configured to cause the at least one processor to generate attack test workflows from the attack test model, to thereby test the software architecture.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, comprising:
    - an attack model editor configured to provide a first user interface operable to edit the attack tree model; and
      
      a diagram editor configured to provide a second user interface operable to edit the architecture diagram.
  - 3. The system of claim 1, wherein the linked attack components of the attack model are arranged in a tree structure, in which individual parent attack components represent an attack result or attack operation, and are connected by branches to one or more child components representing attack operations for reaching the attack result or attack operation of the parent component.
  - 4. The system of claim 1, wherein the mapping engine is configured to cause the at least one processor to access a tag database storing a plurality of attack tags, and to select individual attack tags therefrom for attachment to individual components of the attack model and of the architecture diagram.
  - 5. The system of claim 1, wherein the global test plan generator is configured to cause the at least one processor to generate an instance of the attack model for each architectural component, and to combine the resulting instances to obtain the attack test model.
  - 6. The system of claim 5, wherein the global test plan generator includes a scope down engine configured to cause the at least one processor to filter each instance of the attack model, based on correspondence of attack tags of each instance with its corresponding architectural component.
  - 7. The system of claim 1, wherein the global test plan generator is configured to cause the at least one processor to generate the attack test workflows including traversing the attack test model from each attacking surface thereof along individual paths to a tested architecture component of the architecture diagram.
  - 8. The system of claim 1, wherein the global test plan generator includes a sorting module configured to cause the at least one processor to utilize weighting values assigned to individual ones of the attack test workflows to create a sorted, prioritized list of the attack test workflows.
  - 9. The system of claim 1, comprising a test execution module configured to cause the at least one processor to execute the attack test workflows, and further configured to provide feedback to the mapping engine characterizing an accuracy of the mapping engine in associating attack tags with one or more attack component and/or architectural component.

10. A computer-implemented method for executing instructions stored on a computer readable storage medium, the method comprising:
- determining an attack model enumerating software attacks, the software attacks being represented by linked attack components;
  
  determining a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram;
  
  associating each attack component and each architectural component with at least one attack tag characterizing attack requirements;
  
  determining an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags; and
  
  generating attack test workflows from the attack test model, to thereby test the software architecture.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the determining the attach test model comprises:
    - generating an instance of the attack model for each architectural component; and
      
      combining the resulting instances to obtain the attack test model.
  - 12. The method of claim 11, wherein the combining the resulting instances to obtain the attack test model includes filtering each instance of the attack model, based on correspondence of attack tags of each instance with its corresponding architectural component.
  - 13. The method of claim 10, wherein the generating the attack test workflows includes traversing the attack test model from each attacking surface thereof along individual paths to a tested architecture component of the architecture diagram.
  - 14. The method of claim 10, wherein the generating the attack test workflows includes utilizing weighting values assigned to individual ones of the attack test workflows to create a sorted, prioritized list of the attack test workflows.

15. A computer program product, the computer program product being tangibly embodied on a non-transitory computer-readable storage medium and comprising instructions that, when executed, are configured to:
- determine an attack model enumerating software attacks, the software attacks being represented by linked attack components;
  
  determine a software architecture to be tested, the software architecture being represented by linked architectural components in an architecture diagram;
  
  associate each attack component and each architectural component with at least one attack tag characterizing attack requirements;
  
  determine an attack test model, including associating attack components with corresponding architectural components, based on associated attack tags; and
  
  generate attack test workflows from the attack test model, to thereby test the software architecture.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the linked attack components of the attack model are arranged in a tree structure, in which individual parent attack components represent an attack result or attack operation, and are connected by branches to one or more child components representing attack operations for reaching the attack result or attack operation of the parent component.
  - 17. The computer program product of claim 15, wherein the instructions, when executed, are further configured to associate each attack component and each architectural component with at least one attack tag characterizing attack requirements, including accessing a tag database storing a plurality of attack tags, and selecting individual attack tags therefrom for attachment to individual components of the attack model and of the architecture diagram.
  - 18. The computer program product of claim 15, wherein the instructions, when executed, are further configured to generate an instance of the attack model for each architectural component, and to combine the resulting instances to obtain the attack test model.
  - 19. The computer program product of claim 18, wherein the instructions, when executed, are further configured to filter each instance of the attack model, based on correspondence of attack tags of each instance with its corresponding architectural component.
  - 20. The computer program product of claim 15, wherein the instructions, when executed, are further configured to utilize weighting values assigned to individual ones of the attack test workflows to create a sorted, prioritized list of the attack test workflows.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Hebert, Cedric, Li, Keqin

Granted Patent

US 9,483,648 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 2221/034 Test or assess a computer o...

SECURITY TESTING FOR SOFTWARE APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY TESTING FOR SOFTWARE APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links