US 9607156 B2 - System And Method For Patching A Device Through Exploitation - The Lens - Free & Open Patent and Scholarly Search

Patents

US 9607156 B2

System And Method For Patching A Device Through Exploitation

Published: Mar 28, 2017
Earliest Priority: Feb 22 2013
Family: 2
Cited Works: 6
Cited by: 0
Cites: 176
Additional Info: Cited Works Full text

Abstract

A system and method that includes identifying a vulnerability in a computing device; accessing a vulnerability exploitation mapped to the identified vulnerability; at the computing device, executing the vulnerability exploitation and entering an operating mode of escalated privileges; and while in the operating mode of escalated privileges, updating the system with a vulnerability resolution.

Claims

A method comprising:
identifying a vulnerability in a computing device;

accessing a vulnerability exploitation mapped to the identified vulnerability, wherein the vulnerability exploitation comprises pre-identified computer-executable scripts or routines specifically provided to target the identified vulnerability in the computing device to thereby resolve or reduce the identified vulnerability, wherein, once executed, the pre-identified computer-executable scripts or routines of the vulnerability exploitation automatically change an operating mode of the computing device from an operating mode with less privileges to an operating mode with increased privileges;

at the computing device, executing the pre-identified scripts or routines of the vulnerability exploitation and, through execution of the pre-identified scripts or routines of the vulnerability exploitation causing an entering into an operating mode of escalated privileges within the computing device; and

while in the operating mode of escalated privileges, updating the computing device with a vulnerability resolution that functions to automatically use the escalated privileges to resolve or reduce the identified vulnerability.
The method of claim 1, wherein identifying the vulnerability in the computing device comprises: (i) collecting data object identifiers of one or more components of the computing device; and (ii) querying, using each of the collected data object identifiers, a map of object identifiers mapped to known vulnerability assessments for the object identifiers thereby searching for vulnerabilities mapped to the collected data object identifiers.
The method of claim 1, further comprising presenting the presence of the identified vulnerability.
The method of claim 1, wherein accessing the vulnerability exploit comprises digitally signing a request to access a cryptographically secured vulnerability exploit.
The method of claim 1, wherein updating the computing device with a vulnerability resolution comprises persistently applying the vulnerability resolution on the computing device.
The method of claim 1, wherein updating the computing device with a vulnerability resolution comprises applying the vulnerability resolution on the computing device in non-persistent memory; and further comprising reactivating the vulnerability resolution on the device in the non-persistent memory during restart of the computing device.
The method of claim 1, further comprising while in the operating mode of escalated privileges, establishing a reference monitor; and further comprising identifying a second vulnerability in a computing device; entering an operating mode of backdoor escalated privileges through the reference monitor; and while in the operating mode of backdoor escalated privileges, updating the computing device with a vulnerability resolution of the second vulnerability.
The method of claim 1, wherein more than one vulnerability is identified; and wherein updating the computing device with a vulnerability resolution comprises updating the computing device with a vulnerability resolution for more than one vulnerability.
The method of claim 1, wherein identifying a vulnerability in a computing device further comprises collecting data object identifiers of the computing device, transmitting the data object identifiers to a remote vulnerability assessment cloud service; and receiving a vulnerability assessment that identifies at least one vulnerability of the computing device.
The method of claim 9, wherein receiving a vulnerability assessment that identifies at least one latent vulnerability of the computing device occurs asynchronously to the transmitting the data object identifiers.
A method comprising:
identifying a first vulnerability in a system;

exploiting the first vulnerability using a pre-identified set of escalated code execution privileges mapped to the first vulnerability, wherein the set of escalated execution privileges are accessible through the first vulnerability for the purpose of resolving or reducing the first vulnerability;

establishing a reference monitor during the escalated code execution privileges;

identifying a second vulnerability in the system;

entering an operating mode of escalated privileges through the reference monitor on the system, wherein the escalated privileges of the operating mode are different than the set of escalated execution privileges mapped to the first vulnerability; and

while in the operating mode of escalated privileges, updating the system with a vulnerability resolution of the second vulnerability.
The method of claim 11, wherein exploiting the first vulnerability comprises digitally signing a request to access a cryptographically secured vulnerability exploit of the first vulnerability and receiving the granting escalated code execution privileges through executing the cryptographically secured vulnerability exploit.
The method of claim 11, wherein entering an operating mode of escalated privileges through the reference monitor comprises authenticating a vulnerability tool wherein the vulnerability tool completes updating the system with a vulnerability resolution of the second vulnerability.
The method of claim 11, further comprising presenting the presence of the identified vulnerability through a user interface of the system.
The method of claim 11, wherein updating the system with a vulnerability resolution comprises persistently applying the vulnerability resolution on the device.
The method of claim 11, wherein updating the system with a vulnerability resolution comprises applying the vulnerability resolution on the system in non-persistent memory; and further comprising upon refreshing the system, entering an operating mode of escalated privileges through the reference monitor and reactivating the vulnerability resolution on the device in the non-persistent memory.
The method of claim 11, wherein the vulnerability is a system level vulnerability.
The method of claim 11, wherein the vulnerability is an application level vulnerability.
A method for patching a computing device in a closed system administration ecosystem comprising:
collecting data object identifiers of the computing device at a first instance;

querying, using the collected data object identifiers, a map of object identifiers to vulnerabilities and identifying at least one vulnerability associated with at least one of the collected data object identifiers;

accessing a vulnerability exploitation mapped to the identified vulnerability, wherein the vulnerability exploitation comprises pre-identified computer-executable scripts or routines specifically provided to target the identified vulnerability in the computing device to thereby resolve or reduce the identified vulnerability, wherein, once executed, the pre-identified computer-executable scripts or routines of the vulnerability exploitation automatically change an operating mode of the computing device from an operating mode with less privileges to an operating mode with increased privileges;

at the computing device, executing the vulnerability exploitation and entering a first operating mode of escalated privileges through the vulnerability exploitation; and

while in the first operating mode of escalated privileges, updating the computing device with a first vulnerability resolution of the at least one vulnerability and establishing a reference monitor;

collecting data object identifiers of the computing device at a second instance;

identifying a second vulnerability from the data object identifiers of the computing device at a second instance;

entering a second operating mode of backdoor escalated privileges through the reference monitor, wherein the second operating mode is different than the first operating mode; and

while in the second operating mode of backdoor escalated privileges, updating the system with a second vulnerability resolution of the second vulnerability, wherein the second vulnerability resolution is different than the first vulnerability resolution.

Owners (US)

Duo Security Inc (Feb 24 2014)
Explore more patents:
- View all patents where Owners (US) DUO SECURITY INC

Applicants

Duo Security Inc
Explore more patents:
- View all patents where Applicants DUO SECURITY INC

Inventors

Oberheide Jon
Explore more patents:
- View all patents where Inventors OBERHEIDE JON
Song Douglas
Explore more patents:
- View all patents where Inventors SONG DOUGLAS

CPC Classifications

G06F21/577
Explore more patents:
- View all patents where CPC Classifications G06F21/577
- View in Classification Explorer
H04L63/1433
Explore more patents:
- View all patents where CPC Classifications H04L63/1433
- View in Classification Explorer

IPC Classifications

G06F21/57
Explore more patents:
- View all patents where IPC Classifications G06F21/57
- View in Classification Explorer
H04L29/06
Explore more patents:
- View all patents where IPC Classifications H04L29/06
- View in Classification Explorer

Download PDF

Document Preview

Document History

Publication: Mar 28, 2017
US 9607156 B2
Application: Feb 24, 2014
US 201414188492 A
Priority: Feb 24, 2014
US 201414188492 A
Priority: Feb 22, 2013
US 201361768256 P

Download Citation