System for cross-host, multi-thread session alignment

US 10,063,567 B2
Filed: 11/12/2015
Issued: 08/28/2018
Est. Priority Date: 11/13/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method of detecting aberrant behavior in a software application, the method comprising:

instantiating a plurality of replicated applications on at least one computing device using an identical initial setting, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application;

enforcing deterministic behavior so that each replicated application thread;

independently of the other replicated applications executes application program interface (API) calls in the same sequence, andindependently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding application thread;

obtaining first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials;

obtaining second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials;

in response to determining the first call identifier and the second call identifier are identical, determining whether the first digest matches the second digest; and

in response to the first digest not matching the second digest, signaling that aberrant behavior has occurred.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of detecting aberrant behavior in a software application is described. The method includes instantiating replicated applications on computing devices using identical initial setting. Each replicated application is a replicated instance of the software application. Information associated with a first API call from the first replicated application, and information associated with a second API call from the second replicated application is received. The information includes a call identifier of the API call and a digest. The call identifier is unique during the lifetime of the replicated application issuing it and is identical across the replicated applications. If the first and second call identifiers are identical, the method determines whether the first and second digests match. The method also includes, in response to the first and second digests not matching, signaling that aberrant behavior has occurred. Apparatus and computer readable media are also described.

Citations

23 Claims

1. A computerized method of detecting aberrant behavior in a software application, the method comprising:
- instantiating a plurality of replicated applications on at least one computing device using an identical initial setting, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application;
  
  enforcing deterministic behavior so that each replicated application thread;
  
  independently of the other replicated applications executes application program interface (API) calls in the same sequence, andindependently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding application thread;
  
  obtaining first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials;
  
  obtaining second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials;
  
  in response to determining the first call identifier and the second call identifier are identical, determining whether the first digest matches the second digest; and
  
  in response to the first digest not matching the second digest, signaling that aberrant behavior has occurred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the first API call is a consistency check and the method further comprises, in response to the first digest matching the second digest, responding to the first information with an indication that the plurality of replicated applications are consistent.
  - 3. The method of claim 1, wherein the plurality of replicated applications includes a third replicated application, and the method further comprising:
    - obtaining third information associated with a third API call from the third replicated application, the third information including a third call identifier of the third API call and a third digest, wherein the third digest is computed based at least in part on one or more of the third call identifier, a third static call identifier, third call-related data, and third user credentials;
      
      in response to determining the first call identifier, the second call identifier and the third call identifier are identical, determining whether the third digest matches both the first digest and the second digest; and
      
      in response to the third digest not matching either the first digest or the second digest, signaling that aberrant behavior has occurred.
  - 4. The method of claim 3, further comprising, in response to signaling aberrant behavior has occurred:
    - determining a divergent application in the plurality of replicated applications; and
      
      ignoring any future communication from the divergent application.
  - 5. The method of claim 4, further comprising assigning the third replicated application as a replacement for the divergent application.
  - 6. The method of claim 1, wherein the first API call is one of:
    - an input operation, an output operation, a request for a globally unique identifier.
  - 7. The method of claim 1, further comprising calculating a digest further based on at least one datum within an associated API call using at least one of:
    - a checksum function;
      
      a hash function;
      
      an encryption function; and
      
      a user defined function.
  - 8. The method of claim 1, wherein a call identifier is a concatenation of a thread identifier of a thread issuing the call and a value of a call counter of the thread issuing the call.
  - 9. The method of claim 1, further comprising,issuing the first API call by a thread in the first replicated application,issuing the second API call by a thread in the second replicated application,suspending operation of the thread in the first replicated application upon issuing the first API call,suspending operation of the thread in the second replicated application upon issuing the second API call,processing the first API call by, in response to the first digest matching the second digest, responding to the first API call and releasing the thread in the first replicated application to resume operation, andprocessing the second API call by, in response to the first digest matching the second digest, responding to the second API call and releasing the thread in the second replicated application to resume operation.
  - 10. The method of claim 1, further comprising, delaying execution of the second API call from execution of the first API call.
  - 11. The method of claim 1, further comprising, in response to obtaining from the first replicated application a first request for data, sending a data command to the second replicated application.
  - 12. The method of claim 11, wherein the first request for data includes a request for at least one of:
    - a globally unique identifier, a random number, a timestamp, a time of day, a memory access, and data input from a client application.
  - 13. The method of claim 1, wherein instantiating the plurality of replicated applications includes instantiating the first replicated application on a first hardware device and instantiating the second replicated application on a second hardware device, and wherein the first hardware device operates independently of the second hardware device.
  - 14. The method of claim 1, further comprising storing a record of the first API call in a journal of API calls performed by the first replicated application.
  - 15. The method of claim 14, wherein storing the record of the first API call further comprises storing call information, wherein the call information includes at least one of:
    - an IP address, user credentials and contextual information.
  - 16. The method of claim 1, wherein determining whether the first digest matches the second digest is performed independently of the other replicated applications for each replicated application in the plurality of replicated applications.

17. A system for detecting aberrant behavior in a software application, the system comprising at least one computing device including at least one processor and at least one memory including computer program code stored therein, the at least one processor operative to execute the computer program code out of the at least one memory to:
- instantiate a plurality of replicated applications on the at least one computing device using an identical initial setting for each one of the plurality of replicated applications, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application;
  
  enforce deterministic behavior so that each replicated application thread;
  
  independently of the other replicated applications executes application program interface (API) calls in the same sequence andindependently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding thread of each replicated application;
  
  obtain first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials of the first replicated application;
  
  obtain second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials;
  
  in response to determining the first call identifier and the second call identifier are identical, determine whether the first digest matches the second digest; and
  
  in response to the first digest not matching the second digest, signal that aberrant behavior has occurred.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein the plurality of replicated applications includes a third replicated application, and the at least one processor executing the computer program code out of the at least one memory is further operative to:
    - obtain third information associated with a third API call from the third replicated application, the third information including a third call identifier of the third API call and a third digest, wherein the third digest is computed based at least in part on one or more of the third call identifier, a third static call identifier, third call-related data, and third user credentials;
      
      in response to determining the first call identifier, the second call identifier and the third call identifier are identical, determine whether the third digest matches both the first digest and the second digest; and
      
      in response to the third digest not matching either the first digest or the second digest, signal that aberrant behavior has occurred.
  - 19. The system of claim 18, wherein the at least one processor executing the computer program code out of the at least one memory is further operative, in response to signaling that aberrant behavior has occurred, to:
    - determine a divergent application in the plurality of replicated applications; and
      
      ignore any future communication from the divergent application.
  - 20. The system of claim 19, wherein the divergent application was instantiated on a first computing device of the at least one computing device and the at least one processor executing the computer program code out of the at least one memory is further operative to, when instantiating a new replicated application, instantiate the new replicated application on a second computing device which operates independently of the first computing device.
  - 21. The system of claim 17, wherein the at least one processor executing the computer program code out of the at least one memory is further operative to further calculate each digest based on at least one datum within an associated API call using at least one of:
    - a checksum function;
      
      a hash function;
      
      an encryption function; and
      
      a user defined function.
  - 22. The system of claim 17, wherein the first API call is created by a thread in the first replicated application,operation of the thread in the first replicated application is suspended upon sending the first API call, andthe at least one processor executing the computer program code out of the at least one memory is further operative to process the first API call by, in response to the first digest matching the second digest, responding to the first API call and enabling the thread to resume operation.
  - 23. The system of claim 17, wherein the at least one processor executing the computer program code out of the at least one memory is further operative to, in response to obtaining from the first replicated application a first request for data, send a data command to the second replicated application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Virtual Software Systems, Inc.
Original Assignee
Virtual Software Systems, Inc.
Inventors
Fiorentino, Richard D., Kaman, Charles H., Troiani, Mario, Muench, Erik
Primary Examiner(s)
Edwards, Linglan E

Application Number

US14/939,467
Publication Number

US 20160142422A1
Time in Patent Office

1,020 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1438   Restarting or rejuvenating

G06F 11/1492   by run-time replication per...

G06F 21/52   during program execution, e...

G06F 9/54   Interprogram communication

H04L 63/123   received data contents, e.g...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

System for cross-host, multi-thread session alignment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System for cross-host, multi-thread session alignment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links