Security component for a computing device
First Claim
1. A network system, comprising:
- a first device to maintain an original resource;
a second device to maintain a replica resource remotely from the first device, the replica resource being replicated from the original resource;
memory to store a cached descriptor corresponding to the original resource;
a security component to determine whether the replica resource will pose a security risk to the second device upon receipt of a request for the replica resource, the security component;
formulating a descriptor corresponding to the replica resource and comparing the formulated descriptor with the cached descriptor; and
if the formulated descriptor and the cached descriptor are not equivalent, formulating a second descriptor corresponding to the original resource and comparing the formulated descriptor with the second descriptor.
2 Assignments
0 Petitions
Accused Products
Abstract
A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.
86 Citations
75 Claims
-
1. A network system, comprising:
-
a first device to maintain an original resource;
a second device to maintain a replica resource remotely from the first device, the replica resource being replicated from the original resource;
memory to store a cached descriptor corresponding to the original resource;
a security component to determine whether the replica resource will pose a security risk to the second device upon receipt of a request for the replica resource, the security component;
formulating a descriptor corresponding to the replica resource and comparing the formulated descriptor with the cached descriptor; and
if the formulated descriptor and the cached descriptor are not equivalent, formulating a second descriptor corresponding to the original resource and comparing the formulated descriptor with the second descriptor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19)
-
-
14. A network server, comprising:
-
a server component to receive a request for a resource maintained on the network server and, in response to the request, implement security policies to prevent unauthorized access to the resource; and
a security component that is registerable with the server component during run-time to determine whether the request will pose a security risk to the network server.
-
-
20. A network server, comprising:
-
a server component to receive a request for a resource maintained on the network server and, in response to the request, implement security policies to prevent unauthorized access to the resource; and
a security component that is registerable with the server component during run-time to determine whether the resource will pose a security risk to the network server upon receipt of the request. - View Dependent Claims (21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32)
-
-
25. A network server, comprising:
-
an Internet server to receive a request for a resource maintained on the network server and, in response to the request, implement security policies to prevent unauthorized access to the resource;
a security component that is registerable with the Internet server during run-time, the security component having;
a validation component to determine whether the request will pose a security risk to the network server; and
an integrity verification component to determine whether the resource will pose a security risk to the network server upon receipt of the request.
-
-
33. A computing device, comprising:
-
an operating system to access resources to service requests;
a security component to determine whether a resource will pose a security risk to the computing device upon receipt of a request to access the resource;
the security component configured to;
formulate a descriptor corresponding to the resource;
retrieve a cached descriptor corresponding to the resource, the cached descriptor stored on a remote second computing device;
compare the formulated descriptor with the cached descriptor; and
determine that the resource is not a security risk if the formulated descriptor and the cached descriptor are equivalent. - View Dependent Claims (34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
37. One or more computer readable media containing a security application, comprising:
-
a validation component to determine whether a request for a resource poses a security risk; and
an integrity verification component to determine whether the resource poses a security risk.
-
-
45. A method, comprising:
-
receiving a request for a replica resource stored on a computing device;
formulating a descriptor corresponding to the replica resource;
comparing the formulated descriptor with a cached descriptor corresponding to an original resource stored on a second computing device remotely located from the computing device, the replica resource being replicated from the original resource;
determining that the replica resource does not pose a security risk if the formulated descriptor and the cached descriptor are equivalent;
if the formulated descriptor and the cached descriptor are not equivalent, formulating a second descriptor corresponding to the original resource;
comparing the formulated descriptor with the second descriptor; and
determining that the replica resource does not pose a security risk if the formulated descriptor and the second descriptor are equivalent.
-
-
61. A method, comprising:
-
receiving a request for a resource;
implementing security policies to prevent unauthorized access to the resource;
determining whether the request will pose a security risk; and
determining whether the resource will pose a security risk if allowing the request. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. A method to determine whether an operating system can access a resource without a security risk, the method comprising:
-
formulating a descriptor corresponding to the resource;
retrieving a cached descriptor corresponding to the resource, the cached descriptor stored remotely;
comparing the formulated descriptor with the cached descriptor; and
determining that the resource is not a security risk if the formulated descriptor and the cached descriptor are equivalent. - View Dependent Claims (72, 73, 74, 75)
-
Specification