Security-Aware Admission Control of Requests in a Distributed System

US 20140259089A1
Filed: 03/08/2013
Published: 09/11/2014
Est. Priority Date: 03/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a request dropped by a first application component in a distributed system;

determining one or more actions to take with respect to the dropped request, said determining comprises;

identifying one or more policies of the first application component responsible for the dropped request; and

identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies; and

executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components;

wherein at least one of the steps is carried out by a computer device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques, systems and articles of manufacture for security-aware admission control of requests in a distributed system. A method includes identifying a request dropped by a first application component in a distributed system, determining one or more actions to take with respect to the dropped request, said determining comprises identifying one or more policies of the first application component responsible for the dropped request and identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies, and executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components.

10 Citations

View as Search Results

16 Claims

1. A method comprising:
- identifying a request dropped by a first application component in a distributed system;
  
  determining one or more actions to take with respect to the dropped request, said determining comprises;
  
  identifying one or more policies of the first application component responsible for the dropped request; and
  
  identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies; and
  
  executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components;
  
  wherein at least one of the steps is carried out by a computer device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said executing said one or more actions comprises executing said one or more actions until the one or more policies responsible for the dropped request are determined to be consistent across the first application component and the one or more additional application components.
  - 3. The method of claim 1, wherein said one or more actions comprise recording the one or more requests associated with the dropped request.
  - 4. The method of claim 1, wherein said one or more actions comprise throttling the one or more requests associated with the dropped request.
  - 5. The method of claim 1, wherein said one or more actions comprise dropping the one or more requests associated with the dropped request.
  - 6. The method of claim 1, wherein said one or more actions comprise forwarding the one or more requests associated with the dropped request to a replica.
  - 7. The method of claim 1, wherein said determining one or more actions to take comprises determining if credential information used by the first application component is the same credential information for the one or more additional application components.
  - 8. The method of claim 1, wherein said determining one or more actions to take comprises determining if credential information used by the dropped request to utilize a service of the first application component has expired and/or been revoked.
  - 9. The method of claim 1, wherein said determining one or more actions to take comprises determining if a session to which the dropped request refers is valid.
  - 10. The method of claim 1, wherein said determining one or more actions to take comprises determining if the one or more additional application components have received a pre-determined number of requests similar to the dropped request within a pre-determined time period.
  - 11. The method of claim 1, wherein said determining one or more actions to take comprises determining if the one or more policies of the one or more additional application components have been altered.
  - 12. The method of claim 1, comprising:
    - generating one or more alerts to one or more system administrators pertaining to the execution of the one or more actions.
  - 13. The method of claim 1, comprising:
    - storing one or more session attributes and one or more credentials of the dropped request.
  - 14. The method of claim 1, comprising:
    - storing a reason for which the dropped request was not authorized.
  - 15. The method of claim 14, wherein said reason comprises one or more of a lack of credentials, a value of one or more parameters that leads to an overflow of a buffer, an input that injects malicious code, and/or a parameter of the request that contributes to detection of a potential security violation.

16-25. -25. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Kundu, Ashish, Mohindra, Ajay, Sahu, Sambit

Granted Patent

US 9,231,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

Security-Aware Admission Control of Requests in a Distributed System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Security-Aware Admission Control of Requests in a Distributed System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others