Safe mode for inverse query evaluations
First Claim
1. In an inverse query engine configured to evaluate messages against query expressions executed in a runtime safe mode, a method of mitigating attacks on the inverse query engine by comparing monitored runtime data for the messages against quota restrictions, the method comprising:
- receiving a message that includes one or more inputs used in runtime evaluation of the message against query expressions for determining if the one or more inputs satisfy the criteria thereof;
monitoring the runtime evaluation of the one or more inputs for collecting runtime data used in determining if the evaluation overly consumes processing time, memory resources, or both;
accessing one or more runtime quotas, which define a threshold of tolerable limits in terms of data size, processing lengths, or both; and
comparing the runtime data against the one or more runtime quotas for determining if an exception or other violation indication will be thrown based on one or more runtime data values that exceed the threshold limits of the one or more runtime quotas.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments herein prevent or mitigate attacks on inverse query engines by providing safe mode routines that allow for the acceptance of third party messages and/or query expressions, as well as prevent trusted sources from accidental attacks. The mitigations fall into two categories: compile-time and runtime. Compile-time mitigations prevent query expressions from being accepted and compiled that are susceptible to known attacks. For example, the complexity of query expressions may be limited to functions with linear runtimes; constant memory usage; or ones that do not create large strings. Further, language constructs for the criteria in the query expression may not allow for nested predicates complexities. Runtime mitigations, on the other hand, monitor the data size and processing lengths of messages against the various query expressions. If these runtime quotas are exceeded, an exception or other violation indication may be thrown (e.g., abort), deeming the evaluation as under attack.
28 Citations
20 Claims
-
1. In an inverse query engine configured to evaluate messages against query expressions executed in a runtime safe mode, a method of mitigating attacks on the inverse query engine by comparing monitored runtime data for the messages against quota restrictions, the method comprising:
-
receiving a message that includes one or more inputs used in runtime evaluation of the message against query expressions for determining if the one or more inputs satisfy the criteria thereof;
monitoring the runtime evaluation of the one or more inputs for collecting runtime data used in determining if the evaluation overly consumes processing time, memory resources, or both;
accessing one or more runtime quotas, which define a threshold of tolerable limits in terms of data size, processing lengths, or both; and
comparing the runtime data against the one or more runtime quotas for determining if an exception or other violation indication will be thrown based on one or more runtime data values that exceed the threshold limits of the one or more runtime quotas. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In an inverse query engine configured to evaluate messages against criteria for a query expression, a method of evaluating the reliability of the query expression by comparing complexities of the criteria against acceptable limitations when compiling the query expression in a safe mode, the method comprising:
-
receiving a query expression that includes one or more criteria for applying against inputs of messages;
prior to compiling the query expression, determining the complexities of the one or more criteria in terms of criteria functions, language constructs, or both; and
comparing the complexities of the one or more criteria with one or more complexity limitations that define the reliability of criteria in terms of execution time, memory consumption, or both;
for determining whether the query expression should be compiled for evaluation against the inputs of the messages. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification