US 12,462,016 B2
System and methods for sandboxed software analysis with automated vulnerability detection and patch development, deployment and validation
Jason Crabtree, Vienna, VA (US); and Richard Kelley, Woodbridge, VA (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX LLC, Reston, VA (US)
Filed on Apr. 12, 2023, as Appl. No. 18/299,470.
Application 18/299,470 is a continuation in part of application No. 18/161,862, filed on Jan. 30, 2023, abandoned.
Application 18/161,862 is a continuation in part of application No. 17/028,979, filed on Sep. 22, 2020, granted, now 11,568,042, issued on Jan. 31, 2023.
Application 17/028,979 is a continuation of application No. 15/887,496, filed on Feb. 2, 2018, granted, now 10,783,241, issued on Sep. 22, 2020.
Application 15/887,496 is a continuation in part of application No. 15/823,285, filed on Nov. 27, 2017, granted, now 10,740,096, issued on Aug. 11, 2020.
Application 15/887,496 is a continuation in part of application No. 15/818,733, filed on Nov. 20, 2017, granted, now 10,673,887, issued on Jun. 2, 2020.
Application 15/823,285 is a continuation in part of application No. 15/788,718, filed on Oct. 19, 2017, granted, now 10,861,014, issued on Dec. 8, 2020.
Application 15/788,718 is a continuation in part of application No. 15/788,002, filed on Oct. 19, 2017, abandoned.
Application 15/788,002 is a continuation in part of application No. 15/787,601, filed on Oct. 18, 2017, granted, now 10,860,660, issued on Dec. 8, 2020.
Application 15/818,733 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/787,601 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/655,113 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/141,752 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 15/141,752 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Claims priority of provisional application 62/568,307, filed on Oct. 4, 2017.
Claims priority of provisional application 62/568,312, filed on Oct. 4, 2017.
Claims priority of provisional application 62/568,305, filed on Oct. 4, 2017.
Prior Publication US 2024/0119140 A1, Apr. 11, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/53 (2013.01); G06F 8/65 (2018.01); G06F 9/455 (2018.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06Q 40/08 (2012.01); H04L 9/40 (2022.01); G06F 11/30 (2006.01); G06N 20/00 (2019.01); G06Q 50/00 (2012.01)
CPC G06F 21/53 (2013.01) [G06F 8/65 (2013.01); G06F 9/455 (2013.01); G06F 21/566 (2013.01); G06F 21/577 (2013.01); G06Q 40/08 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); G06F 11/3058 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2149 (2013.01); G06N 20/00 (2019.01); G06Q 50/01 (2013.01)] 4 Claims
OG exemplary drawing
 
1. A system for sandboxed software analysis with automated vulnerability detection, comprising:
a computing device comprising a memory and a processor;
a business operating system comprising a first plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to:
receive a file comprising executable machine code;
identify a type of device on which the executable machine code will operate;
transfer the executable machine code to a sandbox environment, the sandbox environment comprising a controlled environment that emulates functionality of the identified type of device;
receive an identified vulnerability from the sandbox environment; and
change an operational behavior of a real device of the identified type of device to prevent exploitation of the identified vulnerability through either address space layout randomization or data execution prevention;
wherein the sandbox environment comprises a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to:
receive the executable machine code from the business operating system;
create a first emulated environment configured to represent the identified type of device;
execute the executable machine code within the first emulated environment;
identify an irregularity in the execution of the executable machine code, the irregularity comprising two or more of the following activities performed in suspicious ways not normally performed by benign software: memory scanning, deletion of the file containing the executable machine code from storage media, access of system files, access of permissions, access of security settings, and access of network adapters;
identify a vulnerability of the identified type of device being targeted by the identified irregularity in the execution of the executable machine code; and
send the identified vulnerability to the business operating system.