System for cross-host, multi-thread session alignment
First Claim
1. A computerized method of detecting aberrant behavior in a software application, the method comprising:
- instantiating a plurality of replicated applications on at least one computing device using an identical initial setting, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application;
enforcing deterministic behavior so that each replicated application thread;
independently of the other replicated applications executes application program interface (API) calls in the same sequence, andindependently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding application thread;
obtaining first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials;
obtaining second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials;
in response to determining the first call identifier and the second call identifier are identical, determining whether the first digest matches the second digest; and
in response to the first digest not matching the second digest, signaling that aberrant behavior has occurred.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of detecting aberrant behavior in a software application is described. The method includes instantiating replicated applications on computing devices using identical initial setting. Each replicated application is a replicated instance of the software application. Information associated with a first API call from the first replicated application, and information associated with a second API call from the second replicated application is received. The information includes a call identifier of the API call and a digest. The call identifier is unique during the lifetime of the replicated application issuing it and is identical across the replicated applications. If the first and second call identifiers are identical, the method determines whether the first and second digests match. The method also includes, in response to the first and second digests not matching, signaling that aberrant behavior has occurred. Apparatus and computer readable media are also described.
-
Citations
23 Claims
-
1. A computerized method of detecting aberrant behavior in a software application, the method comprising:
-
instantiating a plurality of replicated applications on at least one computing device using an identical initial setting, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application; enforcing deterministic behavior so that each replicated application thread; independently of the other replicated applications executes application program interface (API) calls in the same sequence, and independently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding application thread; obtaining first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials; obtaining second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials; in response to determining the first call identifier and the second call identifier are identical, determining whether the first digest matches the second digest; and in response to the first digest not matching the second digest, signaling that aberrant behavior has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for detecting aberrant behavior in a software application, the system comprising at least one computing device including at least one processor and at least one memory including computer program code stored therein, the at least one processor operative to execute the computer program code out of the at least one memory to:
-
instantiate a plurality of replicated applications on the at least one computing device using an identical initial setting for each one of the plurality of replicated applications, wherein each replicated application in the plurality of replicated applications is a replicated instance of the software application executing at least one thread, and the plurality of replicated applications includes a first replicated application and a second replicated application; enforce deterministic behavior so that each replicated application thread; independently of the other replicated applications executes application program interface (API) calls in the same sequence and independently of the other replicated applications generates call identifiers which are unique for each occurrence of an API call by the replicated application and identical across the plurality of replicated applications for each corresponding thread of each replicated application; obtain first information associated with a first API call from the first replicated application, the first information including a first call identifier of the first API call and a first digest, wherein the first digest is computed based at least in part on one or more of the first call identifier, a first static call identifier, first call-related data, and first user credentials of the first replicated application; obtain second information associated with a second API call from the second replicated application, the second information including a second call identifier of the second API call and a second digest, wherein the second digest is computed based at least in part on one or more of the second call identifier, a second static call identifier, second call-related data, and second user credentials; in response to determining the first call identifier and the second call identifier are identical, determine whether the first digest matches the second digest; and in response to the first digest not matching the second digest, signal that aberrant behavior has occurred. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification