Systems and methods of associating security vulnerabilities and assets

US 8,095,984 B2
Filed: 03/02/2006
Issued: 01/10/2012
Est. Priority Date: 09/22/2005
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities;

a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and

an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.

82 Citations

View as Search Results

13 Claims

1. An apparatus comprising:
- a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities;
  
  a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and
  
  an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the association module is further configured for creating a further association between the security vulnerability and the other asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform.
  - 3. The apparatus of claim 1, wherein the association module is configured for associating the security vulnerability and the particular asset by modifying at least one of:
    - the security vulnerability definition and the definition of the particular asset.
  - 4. The apparatus of claim 1, wherein the association module is configured for associating the security vulnerability and the particular asset by accessing a memory to create a logical association between the security vulnerability and the particular asset.
  - 5. The apparatus of claim 1, wherein the association module is further configured for performing, where the further association is to be created, an operation selected from the group consisting of:
    - aborting the associating of the security vulnerability and the particular asset, and removing an association between the security vulnerability and the particular asset.
  - 6. The apparatus of claim 1, wherein the comparison module is configured for comparing the exploited asset platform to a definition of each asset in a first group of the assets, and for comparing the affected asset platform to a definition of each asset in a second group of the assets where the definition of at least one asset in the first group identifies the exploited asset platform.
  - 7. The apparatus of claim 6, wherein the second group comprises the at least one asset and each asset having a relationship with the at least one asset.

8. A method comprising:
- a comparison module comparing a definition of a security vulnerability with respective definitions of assets of an information system stored in a memory, the memory further storing relationships between the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability;
  
  the comparison module determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform;
  
  an association module associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform; and
  
  the association module creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform,wherein at least one of the comparison module and the association module is implemented using hardware.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, further comprising:
    - the association module creating a further association between the security vulnerability and the other asset where (i) the definition of the particular asset identifies the exploited asset platform and the definition of the other asset identifies the affected asset platform.
  - 10. The method of claim 8, wherein associating comprises accessing a memory to create a logical association between the security vulnerability and the particular asset.
  - 11. A non-transitory machine-readable medium storing instructions which when executed perform the method of claim 8.

12. An apparatus comprising:
- a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities;
  
  a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform;
  
  an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and
  
  a display, operatively coupled to the comparison module and to the association module, configured for providing;
  
  a representation of the security vulnerability;
  
  a representation of the particular asset;
  
  a representation of the other asset;
  
  a first type of representation of the association between the security vulnerability and the particular asset;
  
  a second type of representation of the further association between the security vulnerability and the other asset;
  
  a representation of the further asset; and
  
  a representation of the relationship between the particular asset and the further asset.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, wherein the display is further configured for providing:
    - a representation of the relationship between the particular asset and the other asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
McFarlane, Bradley Kenneth, Wiemer, Douglas, McNamee, Kevin
Primary Examiner(s)
Pearson, David
Assistant Examiner(s)
Mehedi, Morshed

Application Number

US11/366,100
Publication Number

US 20070067846A1
Time in Patent Office

2,140 Days
Field of Search

726/25, 726/24
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Systems and methods of associating security vulnerabilities and assets

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of associating security vulnerabilities and assets

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links