The patent's inventor is Plate, Henrik (Nice, FR).
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: "In operations security, information technology (IT) users and administrators deal with the secure set-up of computer systems. The secure set-up of computer systems can concern upgrade and patch management of software to check that installed components include the latest security patches. The secure set-up of computer systems can also concern secure software configuration settings, to check, for example, whether a personal firewall has been deactivated or a virus signature list is updated in an automated fashion. The security domain 'operations security' is relevant for both end-user computers and servers.
"Current tools for operations security are mostly proprietary and focus on software of a particular vendor (e.g., central management of front-end virus scanners, upgrade and patch management of components). Slowly, proprietary solutions have begun to adapt to recently developed standards for endpoint security validation. These standards enable the creation of standardized checks, independent of specific vendors or products. A repository of standardized checks can be maintained by a sponsoring organization for a variety of products.
"Check definitions (e.g., provided in extensible mark-up language (XML)) are created a-posteriori. Accordingly, a knowledgeable person creates a check definition for a given, already shipped product, based on the particular product knowledge of that person. Such a knowledgeable person can include a system or security administrator who is in charge of managing a certain landscape, and is required to reverse engineer the product. That is, the administrator would need to identify security-relevant configurations and their storage location (e.g., in registry entries, configuration files, environment variables). The knowledgeable person can also be a developer of the product vendor. In such a case, the person can typically access the required information more easily, but still does this manually.
"In any case, administrator or developer, the creation of a comprehensive checklist of all security-relevant configuration settings is a time-consuming, laborious and erroneous process, particularly when considering complex industry or business solutions that include hundreds of single components. Consequently, operations security processes and technologies are not very effective and either result in undetected, exploitable security vulnerabilities or decrease of efficiency and total cost of ownership (TCO)."
Supplementing the background information on this patent, NewsRx reporters also obtained the inventor's summary information for this patent: "Implementations of the present disclosure include computer-implemented methods for generating a configuration checklist template. In some implementations, methods include retrieving one or more source code files, each of the one or more source code files corresponding to a software product, scanning the one or more source code files using one or more computing devices to generate one or more configuration check building blocks, receiving first user input, processing the one or more configuration check building blocks and the first user input to generate one or more check definitions, receiving second user input, processing the one or more check definitions and the second user input to generate the configuration checklist template, electronically storing the configuration checklist template in a computer-readable storage medium, and transmitting the configuration checklist template to one or more computing devices associated with a customer entity over a network.
"In some implementations, scanning includes scanning the one or more source code files to identify read and write access to each configuration setting provided in the one or more source code files.
"In some implementations, transmitting further includes transmitting one or more software product artifacts to the customer entity over the network, the one or more software product artifacts being installable on a target platform of the customer.
"In some implementations, each of the one or more configuration check building blocks includes a list of one or more configuration objects and one or more potential states associated with each of the one or more configuration objects.
"In some implementations, each of the one or more check definitions comprises a textual description of security vulnerabilities associated with one or more configuration objects.
"In some implementations, each of the one or more check definitions corresponds to a standard. The standard includes the Open Vulnerability and Assessment Language (OVAL) standard.
"In some implementations, methods further include providing each of the one or more configuration check building blocks for display, and receiving third user input, the third user input including textual information that cannot be directly derived from the one or more source code files, the textual information describing how a configuration relates to security, the one or more check definitions including the textual information.
"In some implementations, scanning is based on explicit annotations that are embedded into each of the one or more source code files.
"In some implementations, scanning is based on accessing to one or more defined configuration application program interfaces (APIs) determinable from the one or more source code files.
"The present disclosure also provides a computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
"The present disclosure further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
"It is appreciated that methods in accordance with the present disclosure can include any combination of the aspects and features described herein. That is, methods in accordance with the present disclosure are not limited to the combinations of aspects and features specifically described herein, but also include any combination of the aspects and features provided.
"The details of one or more implementations of the present disclosure are set forth in the accompanying drawings and the description below. Other features and advantages of the present disclosure will be apparent from the description and drawings, and from the claims."
For the URL and additional information on this patent, see: Plate, Henrik. Standardized Configuration Checklists for Software Development. U.S. Patent Number 8782603, filed
Keywords for this news article include:
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- PBS Series Examines America's Demographic Shift
- Americans Bet Big on Gambling Industry
- Petri Likely Broke House Ethics Rules
- California's Ban on Plastic Bags: What Now?
- Texas Sees Gains in Hispanic College Enrollment
- Exxon Gives Nod to Fracking Risks
- Morgan: 'Can't Believe' Wal-Mart Blaming Him
- Can You Be Fired for Using Medical Marijuana?
- Wealth Gap Widens as Rich Spend More on Kids' Education
- Lack of Sea Ice Brings 35,000 Walruses Ashore