US 11,657,159 B2
Identifying security vulnerabilities using modeled attribute propagation
Matthew Michael Garcia Pardini, Middlesex, MA (US); Bodo Hoppe, Boeblingen (DE); Zoltan Tibor Hidvegi, Round Rock, TX (US); and Michael P Mullen, Poughkeepsie, NY (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Oct. 16, 2020, as Appl. No. 17/72,162.
Prior Publication US 2022/0121752 A1, Apr. 21, 2022
Int. Cl. G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); G06F 11/34 (2006.01); G06F 21/00 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 11/3447 (2013.01); G06F 21/606 (2013.01); G06F 21/62 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
generating a model of a device under test, the model comprising a data path similar to the device under test and an attribute network;
detecting an introduction of protected data into the model;
marking the protected data with an attribute to track a flow of the protected data along the data path within the device under test in real-time;
performing security mitigation process based on detecting an exposure of the protected data;
detecting, upon completion of the security mitigation process, an end point of the marked protected data along the data path; and
issuing, in response to the end point being indicative of a vulnerability, an alert.