| 发明名称 |
RECOMBINANT THREAT MODELING |
| 摘要 |
Dynamically developing and maintaining threat models, threat landscapes and threat matrices are described. Specifically described are techniques on how to relate: (1) attack surfaces, (2) attack histories, (3) threats and (4) historical responses, by loading these four types of data, as well as other data, into a data store. One example data store disclosed includes some variations of a graph data structure. Upon loading the data, the populated data store may be used to develop Threat Models that will represent a Threat Landscape and a Threat Matrix. These may then be queried for recommended reactive and proactive responses with respect to an installation, in order to improve security. |
| 申请公布号 |
US2016162690(A1) |
申请公布日期 |
2016.06.09 |
| 申请号 |
US201514958792 |
申请日期 |
2015.12.03 |
| 申请人 |
T-Mobile USA, Inc. |
发明人 |
Reith Gregory Robert;Peppe Brett Christopher |
| 分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system to perform computer security threat analysis, comprising:
a processor, configured to execute computer executable instructions; a memory, communicatively coupled with the processor; a computer readable medium, communicatively coupled with the processor; a data storage structure, resident in the computer readable medium configured to store a plurality of attack surface instances, a plurality of attack vector data instances, each attack vector data instance configured to store an association to one or more attack surface instances, a plurality of threat model instances, and a plurality of associations between attack surface instances and threat model instances; and a software query component resident in the memory and communicatively coupled to the data storage structure, the software query component configured to return data based at least on an association between an attack surface instance and a threat model instance. |
| 地址 |
Bellevue WA US |
