APPLICATION PROTECTION FROM MALICIOUS NETWORK TRAFFIC
First Claim
1. A computer program embodied on a computer readable medium, comprising:
- program instructions for receiving network packets within an application;
program instructions for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and
program instructions for allowing only the network packets not identified as the malicious packets to be processed by the application.
2 Assignments
0 Petitions
Accused Products
Abstract
A program, method and system for embedding a programmable packet filter into an application to protect the application against malicious network packets are disclosed. Traditional packet filtering techniques to protect against malicious packets designed to exploit defects in applications, based on external packet filtering devices create a bottleneck in network traffic and present a large overhead cost. In addition, when security vulnerabilities in applications are discovered, traditional application updating methods lack a fast enough turn-around time to protect the application and users data from attack. These problems can be overcome by embedding a programmable packet filter into the application itself. The application can use the filter to discard malicious network packets. Furthermore, the filter can be updated via configuration files downloaded from the application vendor to update the application'"'"'s embedded programmable packet filter without having to update the entire program code of the application.
-
Citations
20 Claims
-
1. A computer program embodied on a computer readable medium, comprising:
-
program instructions for receiving network packets within an application; program instructions for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and program instructions for allowing only the network packets not identified as the malicious packets to be processed by the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
receiving network packets within an application; filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets; and allowing only the network packets not identified as the malicious packets to be processed by the application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system, comprising:
-
a network connection for receiving network packets within an application; and a processor for filtering the network packets with a programmable packet filter embedded in the application to identify whether the network packets are malicious packets and allowing only the network packets not identified as the malicious packets to be processed by the application. - View Dependent Claims (20)
-
Specification