Computer model of security risks

US 7,472,421 B2
Filed: 09/30/2002
Issued: 12/30/2008
Est. Priority Date: 09/30/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of quantifying a security risk associated with a computer system, the method comprising:

identifying a computer system;

analyzing an actual configuration of the computer system by;

identifying a vulnerability path of one or more intermediary systems, the vulnerability path comprising a sequence of vulnerabilities in which a first event must interrupt a normal operating mode on a first system before a second event may occur on a second system;

identifying a risk for the actual configuration associated with the computer system, the risk relating to an event that may interrupt a normal operating mode of the computer system as a result of the vulnerability path being exploited;

determining a likelihood for the actual configuration that the event associated with the risk for the actual configuration will occur;

determining a cost for the actual configuration associated with the event occurring on the computer system; and

quantifying the risk into an impact value by using the likelihood for the actual configuration and the cost for the actual configuration;

accessing the actual configuration for the computer system;

analyzing an alternative configuration for the computer system by;

enabling a user to modify the actual configuration to create the alternative configuration;

identifying, using the alternative configuration, an alternative path of one or more intermediary systems, the alternative path comprising a sequence of vulnerabilities in the alternative configuration;

identifying an alternative risk associated with the alternative configuration;

determining an alternative likelihood that an event associated with the alternative risk will occur; and

determining an alternative cost associated with the alternative configuration;

quantifying the alternative risk into an alternative value by using the alternative likelihood and the alternative cost; and

enabling the user to perceive the impact value for the actual configuration and the alternative value for the alternative configuration.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The security risk associated with a computer system may be quantified by identifying a computer system, identifying a risk associated with the computer system, the risk relating to an event that may interrupt a normal operating mode of the computer system, determining a likelihood that the event associated with the risk will occur, determining a cost associated with the event occurring on the computer system, and quantifying the risk into an impact value by using the likelihood and the cost.

68 Citations

View as Search Results

33 Claims

1. A computer-implemented method of quantifying a security risk associated with a computer system, the method comprising:
- identifying a computer system;
  
  analyzing an actual configuration of the computer system by;
  
  identifying a vulnerability path of one or more intermediary systems, the vulnerability path comprising a sequence of vulnerabilities in which a first event must interrupt a normal operating mode on a first system before a second event may occur on a second system;
  
  identifying a risk for the actual configuration associated with the computer system, the risk relating to an event that may interrupt a normal operating mode of the computer system as a result of the vulnerability path being exploited;
  
  determining a likelihood for the actual configuration that the event associated with the risk for the actual configuration will occur;
  
  determining a cost for the actual configuration associated with the event occurring on the computer system; and
  
  quantifying the risk into an impact value by using the likelihood for the actual configuration and the cost for the actual configuration;
  
  accessing the actual configuration for the computer system;
  
  analyzing an alternative configuration for the computer system by;
  
  enabling a user to modify the actual configuration to create the alternative configuration;
  
  identifying, using the alternative configuration, an alternative path of one or more intermediary systems, the alternative path comprising a sequence of vulnerabilities in the alternative configuration;
  
  identifying an alternative risk associated with the alternative configuration;
  
  determining an alternative likelihood that an event associated with the alternative risk will occur; and
  
  determining an alternative cost associated with the alternative configuration;
  
  quantifying the alternative risk into an alternative value by using the alternative likelihood and the alternative cost; and
  
  enabling the user to perceive the impact value for the actual configuration and the alternative value for the alternative configuration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein determining the likelihood for the actual configuration comprises accessing a data store of risks and associated likelihoods.
  - 3. The method of claim 1 wherein identifying a computer system comprises identifying multiple computer systems by determining a configuration of a network of computer systems.
  - 4. The method of claim 1 wherein the cost for the actual configuration relates to expected damages if the event occurred.
  - 5. The method of claim 1 wherein determining the likelihood for the actual configuration comprises analyzing past security events.
  - 6. The method of claim 1 further comprising:
    - identifying an intermediary risk associated with the intermediary systems along the vulnerability path, anddetermining an intermediary likelihood that an event associated with the intermediary risk may occur.
  - 7. The method of claim 1 further comprising quantifying the risk for an end system accessible through the vulnerability path by using the intermediary likelihood, a likelihood for the end system, and the cost associated with the event occurring on the end system along the vulnerability path.
  - 8. The method of claim 1 further comprising displaying the impact value.
  - 9. The method of claim 8 wherein displaying the impact value includes calculating and displaying multiple impact values.
  - 10. The method of claim 9 wherein displaying the impact values comprises displaying the impact values in order of priority.
  - 11. The method of claim 8 further comprising displaying the impact value along with a corrective action to address the risk.
  - 12. The method of claim 1 wherein displaying the corrective action includes displaying a resource requirement to perform the corrective action.
  - 13. The method of claim 1 wherein identifying the risk for the actual configuration comprises probing the computer system with a software application designed to check for vulnerabilities.
  - 14. The method of claim 1 further comprising comparing multiple impact values to create a prioritized vulnerability list.
  - 15. The method of claim 1 wherein identifying a computer system includes creating a model of a computer system that does not physically exist.
  - 16. The method of claim 1 wherein the event includes failing to detect a hostile action.

17. A system configured to quantify a security risk associated with a computer system, the system comprising:
- an identifying processor structured and arranged to;
  
  identify a computer system andanalyze an actual configuration of the computer system;
  
  a path processor structured and arranged to identify a vulnerability path of one or more intermediary systems, the vulnerability path comprising a sequence of vulnerabilities in which a first event must interrupt a normal operating mode on a first system before a second event may occur on a second system;
  
  a risk processor structured and arranged to identify a risk for the actual configuration associated with the computer system, the risk relating to an event that may interrupt a normal operating mode of the computer system as a result of the vulnerability path being exploited;
  
  a likelihood processor structured and arranged to determine a likelihood for the actual configuration that the event associated with the risk for the actual configuration will occur;
  
  a cost processor structured and arranged to determine a cost for the actual configuration associated with the event occurring on the computer system; and
  
  an impact value processor structured and arranged to quantify the risk into an impact value by using the likelihood for the actual configuration and the cost for the actual configurationan alternative configuration processor structured and arranged to;
  
  access the actual configuration for the computer system;
  
  analyze an alternative configuration for the computer system by;
  
  enable a user to modify the actual configuration to create the alternative configuration;
  
  identify, using the alternative configuration, an alternative path of one or more intermediary systems, the alternative path comprising a sequence of vulnerabilities in the alternative configuration;
  
  identify an alternative risk associated with the alternative configuration;
  
  determining an alternative likelihood that an event associated with the alternative risk will occur; and
  
  determine an alternative cost associated with the alternative configuration;
  
  quantifying the alternative risk into an alternative value by using the alternative likelihood and the alternative cost; and
  
  enable the user to perceive the impact value for the actual configuration and the alternative value for the alternative configuration.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. The system of claim 17 wherein the likelihood processor is structured and arranged to access a data store of risks and associated likelihoods.
  - 19. The system of claim 17 wherein the identifying processor is structured and arranged to identify multiple computer systems by determining a configuration of a network of computer systems.
  - 20. The system of claim 17 wherein the cost processor is structured and arranged to determine a cost for the actual configuration that relates to expected damages if the event occurred.
  - 21. The system of claim 17 wherein the likelihood processor is structured and arranged to analyze past security events for the actual configuration.
  - 22. The system of claim 17 further comprising:
    - an intermediary risk processor structured and arranged to identify an intermediary risk associated with the intermediary systems along the vulnerability path, andan intermediary likelihood processor structured and arranged to determine an intermediary likelihood that an event associated with the intermediary risk may occur.
  - 23. The system of claim 17 further comprising a second impact value processor structured and arranged to quantify the impact value for an end system accessible through the vulnerability path by using the intermediary likelihood, a likelihood for the end system, and the cost associated with the event occurring on the end system.
  - 24. The system of claim 17 wherein the impact value processor is structured and arranged to calculate and display multiple impact values.
  - 25. The system of claim 24 wherein the impact value processor is structured and arranged to display the impact values in order of priority.
  - 26. The system of claim 17 further comprising a corrective action processor structured and arranged to display the impact value along with a corrective action to address the risk.
  - 27. The system of claim 17 wherein the corrective action processor is structured and arranged to display a resource requirement to perform the corrective action.
  - 28. The system of claim 17 wherein the identifying processor is structured and arranged to identify the risk for the actual configuration by probing the computer system with a software application designed to check for vulnerabilities.
  - 29. The system of claim 17 further comprising a comparing processor structured and arranged to compare multiple impact values to create a prioritized vulnerability list.
  - 30. The system of claim 17 wherein the identifying processor is structured and arranged to create a model of a computer system that does not physically exist.
  - 31. The system of claim 17 wherein the event includes failing to detect a hostile action.

32. A system configured to quantify a security risk associated with a computer system, the system comprising:
- means for identifying a computer system;
  
  means for analyzing an actual configuration of the computer system by;
  
  identifying a vulnerability path of one or more intermediary systems, the vulnerability path comprising a sequence of vulnerabilities in which a first event must interrupt a normal operating mode on a first system before a second event may occur on a second system;
  
  identifying a risk for the actual configuration associated with the computer system, the risk relating to an event that may interrupt a normal operating mode of the computer system as a result of the vulnerability path being exploited;
  
  determining a likelihood for the actual configuration that the event associated with the risk for the actual configuration will occur;
  
  determining a cost for the actual configuration associated with the event occurring on the computer system;
  
  quantifying the risk into an impact value by using the likelihood for the actual configuration and the cost for the actual configuration;
  
  means for accessing the actual configuration for the computer system;
  
  means for analyzing an alternative configuration for the computer system by;
  
  enabling a user to modify the actual configuration to create the alternative configuration;
  
  identifying, using the alternative configuration, an alternative path of one or more intermediary systems, the alternative path comprising a sequence of vulnerabilities in the alternative configuration;
  
  identifying an alternative risk associated with the alternative configuration;
  
  determining an alternative likelihood that an event associated with the alternative risk will occur; and
  
  determining an alternative cost associated with the alternative configuration;
  
  quantifying the alternative risk into an alternative value by using the alternative likelihood and the alternative cost; and
  
  means for enabling the user to perceive the impact value for the actual configuration and the alternative value for the alternative configuration.

33. A computer program on a computer-readable medium configured to quantify a security risk associated with a computer system, comprising:
- a first code segment structured and arranged to;
  
  identify a computer system; and
  
  analyze an actual configuration of the computer system;
  
  a path code segment structured and arranged to identify a vulnerability path of one or more intermediary systems, the vulnerability path comprising a sequence of vulnerabilities in which a first event must interrupt a normal operating mode on a first system before a second event may occur on a second system;
  
  a second code segment structured and arranged to identify a risk for the actual configuration associated with the computer system, the risk for the actual configuration relating to an event that may interrupt a normal operating mode of the computer system as a result of the vulnerability path being exploited;
  
  a third code segment structured and arranged to determine a likelihood for the actual configuration that the event associated with the risk for the actual configuration will occur;
  
  a fourth code segment structured and arranged to determine a cost for the actual configuration associated with the event occurring on the computer system;
  
  a fifth code segment structured and arranged to quantify the risk for the actual configuration into an impact value by using the likelihood for the actual configuration and the cost for the actual configuration;
  
  a sixth code segment structured and arranged to access the actual configuration for the computer system;
  
  a seventh code segment structured and arranged to analyze an alternative configuration for the computer system by;
  
  enabling a user to modify the actual configuration to create the alternative configuration;
  
  identifying, using the alternative configuration, an alternative path of one or more intermediary systems, the alternative path comprising a sequence of vulnerabilities in the alternative configuration;
  
  identifying an alternative risk associated with the alternative configuration;
  
  determining an alternative likelihood that an event associated with the alternative risk will occur; and
  
  determining an alternative cost associated with the alternative configuration;
  
  quantifying the alternative risk into an alternative value by using the alternative likelihood and the alternative cost; and
  
  an eighth code segment structured and arranged to enable the user to perceive the impact value for the actual configuration and the alternative value for the alternative configuration.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Cummins, Fred A.
Primary Examiner(s)
Revak; Christopher A
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US10/259,918
Publication Number

US 20060156407A1
Time in Patent Office

2,283 Days
Field of Search

726 23- 25
US Class Current

726/25
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

Computer model of security risks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Computer model of security risks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links