Browse Prior Art Database

Hierarchical software signatures catalog in level based software scans

IP.com Disclosure Number: IPCOM000222767D
Publication Date: 2012-Oct-22
Document File: 4 page(s) / 42K

Publishing Venue

The IP.com Prior Art Database

Abstract

The article describes hierarchical software signatures catalog in level based software scans for Software Asset Management tools.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Hierarchical software signatures catalog in level based software scans

As a number of different software grows continuously set of signatures for each product/component has more and more entries. There is no problem with size of this catalog (at least not now) but scanning for all entries on every endpoint takes too much time. To reduce scan time signatures are divided into platforms e.g signatures only for Unix or Windows, but each of these subsets still contains thousands of signatures for the agent to search for. Each signature needs to be evaluated. So the total execution time is strongly related with the number of signatures. Reduction of number of signatures in a scan is desirable. The idea is to create additional signatures for product families and software manufacturers. That change will illustrate hierarchical model of software where manufacturer and general family is known. Top-bottom approach will lower number of signatures to evaluate and increase software scan performance.

Found vendors and families provides additional input for not discovered software. So if there is a vendor or family detected but no related products/components are found we have additional information about signatures for which products/components are missing.

Algorithm:

1. In first phase search for software manufacturers signatures is performed (Vendor_1, Vendor_2, Vendor_3, …, Vendor_...).

2. In the second phase we are searching for signatures for product families (Family_1, Family_2, Family_3, …, Family_...) but only related with already discovered manufacturers and these not assigned to any manufacturer.

3. In the last phase product/component signatures (Product/Component_1, Product/Component_2, Product/Component_3, …, Product/Component_...) are the subject of search but once again only these related with discovered families, discovered manufacturers with no family assigned and also these which are not connected with any family or manufacturer.

1


Page 02 of 4

This approach reduce the time of scan on product/component level by eliminating signatures for products/components which are for sure not installed on given endpoint. We determine families and manufacturers whose software was installed on given endpoint by previous scan phases.

The manufacturer and family signatures are general rules for determination if any software of a given vendor in specified family is installed. It can be obtained by:


1. Regular expression matching in system native registries


2. Searching common executable


3. Checking if main process is running

Comparison of current approach and disclosed idea:

Current approach

Disclosed idea

1 x search for all products/components search only discovered fa...