Expert system having a plurality of security inspectors for detecting security flaws in a computer system

US 5,812,763 A
Filed: 01/21/1993
Issued: 09/22/1998
Est. Priority Date: 02/17/1988
Status: Expired due to Fees

First Claim

Patent Images

1. A program resident in a computer system having a common memory means for controlling a processor to identify security flaws in said computer system comprising:

a plurality of inspection modules, each one of said plurality of inspection modules adapted to enable said processor to perform a predetermined class of security check operations in said computer system to identify whether security flaws are present in said computer system, wherein each one of said plurality of inspection modules is further adapted to enable said processor to store indicia identifying located security flaws in said common memory means; and

a control module adapted to enable said processor to control processing for each one of said plurality of inspection modules in response to a security test request from an operator and for performing a security evaluation operation in connection with indicia stored in said common memory means during processing of said inspection modules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new security system including a plurality of inspectors each of which performs a security check operation in connection with a particular class of possible security violation conditions. One inspector detects security violation conditions reflecting selection of passwords using easily-guessable formatives. Another inspector detects security violation conditions reflecting ability of a network node to improperly use another node over a network. A third inspector determines whether the operating system files have satisfactory protection. Finally, a fourth inspector determines whether security violation conditions arise in connection with applications programs. If, during a security check operation, an inspector determines that a security violation condition exists, it records the condition in a common working memory for further reporting or analysis.

249 Citations

47 Claims

1. A program resident in a computer system having a common memory means for controlling a processor to identify security flaws in said computer system comprising:
- a plurality of inspection modules, each one of said plurality of inspection modules adapted to enable said processor to perform a predetermined class of security check operations in said computer system to identify whether security flaws are present in said computer system, wherein each one of said plurality of inspection modules is further adapted to enable said processor to store indicia identifying located security flaws in said common memory means; and
  
  a control module adapted to enable said processor to control processing for each one of said plurality of inspection modules in response to a security test request from an operator and for performing a security evaluation operation in connection with indicia stored in said common memory means during processing of said inspection modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The program of claim 1 whereinsaid computer system includes a user application program, andsaid plurality of inspection modules includes an application inspection module for determining whether said user applications program has a predetermined security characteristic.
  - 3. The program of claim 2 wherein said application inspection module includes a network communication inspection module for enabling said processor to identify predetermined security conditions with a user application program which performs communications over a network.
  - 4. The program of claim 3 wherein said network communication inspection module enables said processor to determine whether a said user application program enables information to be transferred over said network in plain text.
  - 5. The program of claim 3 wherein said network communication inspection module enables said processor to determine whether a said user application program transfers passwords over said network.
  - 6. The program of claim 2 wherein said application inspection module includes an applications program inspection module for determining whether a said applications program permits said user to perform selected security violation operations.
  - 7. The program of claim 6 wherein said applications program inspection module includes an executable image specialist module for enabling said processor to examine an executable image of said applications program to determine whether said applications program can perform certain operations which would permit said user to violate the security of the computer system.
  - 8. The program of claim 6 wherein said applications program inspection module includes a program code specialist module for examining the source code of said applications program to determine whether said applications program can perform certain operations which would permit said user to perform selected security violation operations.
  - 9. The program of claim 2 whereinsaid computer system includes a user authorization file associated with a respective user applications program, anda said application inspection module includes a captive account inspection module for enabling said processor to inspect information in a particular user authorization file associated with a particular applications program to determine that the associated user authorization file complies with predetermined security requirements of said particular applications program.
  - 10. The system of claim 2 whereinsaid computer system includes a plurality of operating levels, andsaid application inspection module includes a log-in procedure inspection module for enabling said processor to determine whether a user may transfer control of the computer system level during log-in.
  - 11. The system of claim 1 wherein a said plurality of inspection modules comprises a password inspection module for enabling said processor to detect whether a user who is authorized to use said computer system has selected a password which may be easily determined by an intruder.
  - 12. The program of claim 11 wherein said password which may be easily determined by an intruder is a node name.
  - 13. The program of claim 11 wherein said password which may be easily determined by an intruder is an account name.
  - 14. The program of claim 11 wherein said password which may be easily determined by an intruder is a name of a company.
  - 15. The program of claim 11 wherein said password which may be easily determined by an intruder is identifying numbers of users of said system.
  - 16. The program of claim 1 wherein a said plurality of inspection modules includes a network default account inspection module for enabling said processor to determine if said computer system includes a plurality of interconnected nodes and whether a user can enable a remote node to execute an applications program while in a default account.
  - 17. The program of claim 1 wherein;
    - said computer system includes system files each having an associated protection code, andsaid plurality of inspection modules includes a system file protection inspection module for enabling said processor to determine whether each system file has a predetermined protection code level.

18. A method of checking the security of a computer system having a common memory which includes a plurality of storage locations for storing information, comprising:
- performing a plurality of security flaw check operations by means resident within said computer system to identify whether security flaws are present;
  
  storing indicia identifying located security flaws in said common memory;
  
  controlling each of said plurality of security flaw check operations in response to a security flaw test request from an operator; and
  
  performing a security evaluation operation in connection with said stored indicia.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 19. The method of claim 18 further comprisingidentifying possible security problems with a user application which performs communications over a network.
  - 20. The method of claim 19 further comprising the step ofdetermining whether said applications programs permit said user to perform operations which violate the security of said computer system.
  - 21. The method of claim 20 further comprisingexamining an executable image of said applications program to determine whether said applications program can perform certain operations which would permit said user to violate the security of the computer system.
  - 22. The method of claim 20 further comprisingexamining the source code of said applications program to determine whether said applications program can perform certain operations which would permit said user to violate the security of said computer system.
  - 23. The method of claim 19 further comprising determining whether said user application enables information to be transferred over said network in plain text;
    - andif so, identifying a security flaw.
  - 24. The method of claim 19 further comprising determining whether said user application transfers passwords over said network;
    - andif so, identifying a security flaw.
  - 25. The method of claim 19 further comprising determining whether a user may escape to an operating system level during log-in;
    - andif so, identifying a security flaw.
  - 26. The method of claim 18 further comprisingdetecting whether a user who is authorized to use said computer system has selected an easily predictable password.
  - 27. The method of claim 18 further comprisingdetermining if said computer system includes a plurality of interconnected nodes and whether a user can execute a program of enable a remote node to execute an applications program while in a default account.
  - 28. The method of claim 18 whereinsaid common memory includes system files having protective codes, and further comprisingdetermining whether each system file has the proper protection code level.
  - 29. The method of claim 18 further comprisingminimizing jeopardy to security in connection with user applications.
  - 30. The method of claim 22 wherein said minimizing further includesinspecting information in a user authorization file associated with a particular applications program, andensuring that said user authorization file complies with requirements of said particular applications program.

31. A security inspection system in a computer system comprising:
- common memory means having a plurality of storage locations for storing information;
  
  a plurality of inspection means operative within the computer system, each performing a predetermined class of security check operations in connection with said computer system, for identifying security flaws in said computer system, said plurality of inspection means storing, in said common memory means, indicia identifying located security flaws;
  
  analyzing means for performing a security evaluation operation in connection with said indicia stored by said plurality of inspection means in said common memory means; and
  
  control means, resident within the computer system and connected to each one of said plurality of inspection means and said analyzing means, for controlling each one of said plurality of inspection means in response to a security test request from an operator.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 32. The system of claim 31 whereinsaid computer system includes a user application program, andsaid plurality of inspection means includes an application inspection means for minimizing jeopardy to security in connection with said user applications program.
  - 33. The system of claim 32 wherein said application inspection means includes a network communication inspection means for identifying predetermined security conditions with any user application programs which perform communications over a network.
  - 34. The system of claim 33 wherein said network communication inspection means determines whether a said user application program enables information to be transferred over said network in plain text.
  - 35. The system of claim 33 wherein said network communication inspection means determines whether a said user application program transfers passwords over said network.
  - 36. The system of claim 32 wherein said application inspection means includes an applications program inspection means for determining whether said applications programs permit said user to perform operations which violate the security of said computer system.
  - 37. The system of claim 36 wherein said applications program inspection means includes an executable image specialist means for examining an executable image of said applications program to determine whether said applications program can perform certain operations which would permit said user to violate the security of the computer system.
  - 38. The system of claim 36 wherein said applications program inspection means includes a program code specialist means for examining the source code of said applications program to determine whether said applications program can perform certain operations which would permit said user to violate the security of said computer system.
  - 39. The system of claim 32 whereinsaid computer system includes a user authorization file associated with a respective user applications program, andsaid application inspection means includes a captive account inspection means for inspecting information in a particular user authorization file associated with a particular applications program and ensuring that said user authorization file complies with requirements of said particular applications program.
  - 40. The system of claim 32 whereinsaid computer system includes a plurality of operating levels, andsaid application inspection means includes a log-in procedure inspection means for determining whether a user may transfer control of the computer system level during log-in.
  - 41. The system of claim 31 wherein at least one of said plurality of inspection means comprises a password inspection means for detecting whether a user who is authorized to use said computer system has selected a password which may be easily determined by an intruder.
  - 42. The system of claim 41 wherein said password which may be easily determined by an intruder is a node name.
  - 43. The system of claim 41 wherein said password which may be easily determined by an intruder is an account name.
  - 44. The system of claim 41 wherein said password which may be easily determined by an intruder is a name of a company.
  - 45. The system of claim 41 wherein said password which may be easily determined by an intruder is identifying numbers of users of said system.
  - 46. The system of claim 31 wherein a said plurality of inspection means includes a network default account inspection means for determining whether said computer system includes a plurality of interconnected nodes and whether a user can execute a program to enable one of said plurality of interconnected nodes to execute an applications program while in a default account.
  - 47. The system of claim 31 whereinsaid computer system includes a plurality of system files, each system file having an associated protection code, andwherein at least one of said plurality of inspection means includes a system file protection inspection means for determining whether each system file has the proper protection code level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Teng, Henry Shao-Lin
Primary Examiner(s)
Harrell, Robert B.

Application Number

US08/008,066
Time in Patent Office

2,070 Days
Field of Search

364/DIG. 1 MS File, 364/DIG. 2 MS File, 395/200, 395/325, 395/425, 395/575, 395/600, 395/650, 395/700, 395/800, 395/186, 395/187.01, 380/3, 380/4, 380/23, 380/24, 380/25
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Expert system having a plurality of security inspectors for detecting security flaws in a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

249 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Expert system having a plurality of security inspectors for detecting security flaws in a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

249 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links