- 专利标题: DEEP APPLICATION DISCOVERY AND FORENSICS FOR AUTOMATED THREAT MODELING
-
申请号: US17322874申请日: 2021-05-17
-
公开(公告)号: US20210357509A1公开(公告)日: 2021-11-18
- 发明人: Keshav Kamble , Chetan Gopal , Girish Joag , Annu Agrawal
- 申请人: Avocado Systems, Inc.
- 申请人地址: US CA San Jose
- 专利权人: Avocado Systems, Inc.
- 当前专利权人: Avocado Systems, Inc.
- 当前专利权人地址: US CA San Jose
- 主分类号: G06F21/57
- IPC分类号: G06F21/57 ; G06F16/955 ; G06F21/52 ; G06F21/51 ; G06F21/56
摘要:
In an embodiment, a method for deep application discovery and forensics of a reference system includes a computing device, such as an orchestrator, receiving and/or obtaining from an inspection layer executing on the reference system, during runtime of the reference system, architecture and configuration information describing the reference system. Also, the computing device generates, during runtime of the reference system, dependency matrices describing relationships between components of the reference system which allow for generation, during runtime of the reference system, at least one threat model describing vulnerabilities of the reference system based on the dependency matrices. The inspection layer identifies the applications and databases accessed by the applications. From this information, the inspection layer discovers components associated with the applications and databases, APIs, URIs, URLs, and individual processes spawned by the applications, along with storage tables, and store-procedures invoked between the applications and the databases.
公开/授权文献
信息查询