Universal patching machine

Abstract

A universal patching machine is used to provide security for a computer system. A conversion function is generated for the patching machine that modifies input data to the computer system so that the computer system has an output and state that match the output and state that would be produced by a vendor-patched version of the computer system. The universal patching machine detects security vulnerabilities in intercepted data traffic. If a vulnerability violation is detected, the universal patching machine modifies the data traffic to remove the violation. Fixing the data traffic in this way ensures that the vulnerability cannot be exploited in an attack against the data network. The universal patching machine is formed from patch processors and a packet controller. The patch processors are formed from network patches. In operation, the patch processors detect vulnerabilities and issue modification commands that direct the packet controller to fix the data traffic.

Description

[0001] This application is a division of patent application Ser. No. 11 / 029,098, filed Jan. 3, 2005, which is hereby incorporated by reference herein in its entirety.BACKGROUNDS OF THE INVENTION [0002] This invention relates to computer security, and more particularly, to applying patches to fix security vulnerabilities. [0003] Security vulnerabilities in deployed software are discovered with regularity. Both operating systems and application software are affected. As vulnerabilities are identified by the computer security community, they are often included in a list of common vulnerabilities and exposures (CVE). The CVE list attempts to standardize the names of known vulnerabilities. [0004] Computers in which vulnerabilities are not addressed become exposed to security risks. Often these risks are intolerable, so it becomes necessary to install security patches. Patches (also sometimes called “updates” or “bug fixes”) are used to fix the portion of the software that gave rise to th...

AI Technical Summary

Benefits of technology

The patent describes a universal patching machine that protects data networks from security vulnerabilities. The machine is located at the edge of a network and can intercept data traffic between the internet and the network. The machine uses patch processors and a packet controller to efficiently detect and modify vulnerabilities in the data traffic. The patch processors are formed from network patches that address different vulnerabilities and the machine code libraries of helper functions are used to merge the state machines of the network patches. The universal patching machine can be updated in real-time without disrupting the flow of data traffic. The technical effects of the invention are improved security and efficiency in protecting data networks from vulnerabilities.

Problems solved by technology

Computers in which vulnerabilities are not addressed become exposed to security risks.

Often these risks are intolerable, so it becomes necessary to install security patches.

In modern computer system environments, patch management can be exceedingly complex.

As a result, it is practically impossible to test new patches exhaustively.

System administrators are reluctant to install patches without testing, particularly on critical machines, so in practice many patches are not installed or are not installed in a timely fashion.

This leaves many computer systems at risk of attack.

Images