Security-Aware Admission Control of Requests in a Distributed System

US 20140259091A1
Filed: 08/16/2013
Published: 09/11/2014
Est. Priority Date: 03/08/2013
Status: Active Grant

First Claim

Patent Images

1. An article of manufacture comprising a computer readable storage medium having computer readable instructions tangibly embodied thereon which, when implemented, cause a computer to carry out a plurality of method steps comprising:

identifying a request dropped by a first application component in a distributed system;

determining one or more actions to take with respect to the dropped request, said determining comprises;

to identifying one or more policies of the first application component responsible for the dropped request; and

identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies; and

executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and articles of manufacture for security-aware admission control of requests in a distributed system include identifying a request dropped by a first application component in a distributed system, determining one or more actions to take with respect to the dropped request, said determining comprises identifying one or more policies of the first application component responsible for the dropped request and identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies, and executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components.

Citations

20 Claims

1. An article of manufacture comprising a computer readable storage medium having computer readable instructions tangibly embodied thereon which, when implemented, cause a computer to carry out a plurality of method steps comprising:
- identifying a request dropped by a first application component in a distributed system;
  
  determining one or more actions to take with respect to the dropped request, said determining comprises;
  
  to identifying one or more policies of the first application component responsible for the dropped request; and
  
  identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies; and
  
  executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The article of manufacture of claim 1, wherein said executing said one or more actions comprises executing said one or more actions until the one or more policies responsible for the dropped request are determined to be consistent across the first application component and the one or more additional application components.
  - 3. The article of manufacture of claim 1, wherein said one or more actions comprise recording the one or more requests associated with the dropped request.
  - 4. The article of manufacture of claim 1, wherein said one or more actions comprise throttling the one or more requests associated with the dropped request.
  - 5. The article of manufacture of claim 1, wherein said one or more actions comprise dropping the one or more requests associated with the dropped request.
  - 6. The article of manufacture of claim 1, wherein said one or more actions comprise forwarding the one or more requests associated with the dropped request to a replica.
  - 7. The article of manufacture of claim 1, wherein said determining one or more actions to take comprises determining if credential information used by the first application component is the same credential information for the one or more additional application components.
  - 8. The article of manufacture of claim 1, wherein said determining one or more actions to take comprises determining if credential information used by the dropped request to utilize a service of the first application component has expired and/or been revoked.
  - 9. The article of manufacture of claim 1, wherein said determining one or more actions to take comprises determining if a session to which the dropped request refers is valid.
  - 10. The article of manufacture of claim 1, wherein said determining one or more actions to take comprises determining if the one or more additional application components have received a pre-determined number of requests similar to the dropped request within a pre-determined time period.
  - 11. The article of manufacture of claim 1, wherein said determining one or more actions to take comprises determining if the one or more policies of the one or more additional application components have been altered.
  - 12. The article of manufacture of claim 1, wherein the method steps comprise:
    - generating one or more alerts to one or more system administrators pertaining to the execution of the one or more actions.
  - 13. The article of manufacture of claim 1, wherein the method steps comprise:
    - storing one or more session attributes and one or more credentials of the dropped request.
  - 14. The article of manufacture of claim 1, wherein the method steps comprise:
    - storing a reason for which the dropped request was not authorized.
  - 15. The article of manufacture of claim 14, wherein said reason comprises one or more of a lack of credentials, a value of one or more parameters that leads to an overflow of a buffer, an input that injects malicious code, and/or a parameter of the request that contributes to detection of a potential security violation.

16. A system comprising:
- at least one distinct software module, each distinct software module being embodied on a tangible computer-readable medium;
  
  a memory; and
  
  at least one processor coupled to the memory and operative for;
  
  identifying a request dropped by a first application component in a distributed system;
  
  determining one or more actions to take with respect to the dropped request, said determining comprises;
  
  identifying one or more policies of the first application component responsible for the dropped request; and
  
  identifying one or more additional application components in the distributed system to be affected based on the identified one or more policies; and
  
  executing said one or more actions to control admission of one or more requests associated with the dropped request at the one or more additional application components.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein said one or more actions comprise recording the one or more requests associated with the dropped request.
  - 18. The system of claim 16, wherein said one or more actions comprise throttling the one or more requests associated with the dropped request.
  - 19. The system of claim 16, wherein said one or more actions comprise dropping the one or more requests associated with the dropped request.
  - 20. The system of claim 16, wherein said one or more actions comprise forwarding the one or more requests associated with the dropped request to a replica.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (FIG LLC (d/b/a Fortress Investment Group LLC))
Original Assignee
International Business Machines Corporation
Inventors
Kundu, Ashish, Mohindra, Ajay, Sahu, Sambit

Granted Patent

US 9,172,717 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

Security-Aware Admission Control of Requests in a Distributed System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security-Aware Admission Control of Requests in a Distributed System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links