PASSPORT-CONTROLLED FIREWALL
First Claim
1. A method for dynamically modifying rules in a firewall infrastructure for an application code, said method comprising:
- receiving, by one or more processors, a unit of deployment at a requestor module on a server, wherein the unit of deployment comprises the application code and a signed passport, and wherein the passport comprises a firewall rule and a first application hash value;
said one or more processors authenticating the received passport;
said one or more processors hashing the received application code, resulting in a second application hash value;
said one or more processors validating that the received first application hash value and the second application hash value are equal; and
in response to said authenticating and said validating, said one or more processors receiving the passport by a border control agent of the firewall from the requestor module, modifying a firewall in the firewall infrastructure according to the received firewall rule, and communicating with the application code through the modified firewall.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, and associated system and computer program product, for dynamically modifying rules in a firewall infrastructure. A unit of deployment is received at a requestor module at a server. The unit of deployment includes the application code and a signed passport. The passport includes a firewall rule and a first application hash value. The received passport is authenticated, the received application code is hashed resulting in a second application hash value, and it is validated that the received first application hash value and the generated application hash value are equal. In response to the validation, the passport is received by a border control agent of the firewall from the server, a firewall is modified in the firewall infrastructure according to the received firewall rule, and communicating with the application is enabled through the modified firewall.
27 Citations
20 Claims
-
1. A method for dynamically modifying rules in a firewall infrastructure for an application code, said method comprising:
-
receiving, by one or more processors, a unit of deployment at a requestor module on a server, wherein the unit of deployment comprises the application code and a signed passport, and wherein the passport comprises a firewall rule and a first application hash value; said one or more processors authenticating the received passport; said one or more processors hashing the received application code, resulting in a second application hash value; said one or more processors validating that the received first application hash value and the second application hash value are equal; and in response to said authenticating and said validating, said one or more processors receiving the passport by a border control agent of the firewall from the requestor module, modifying a firewall in the firewall infrastructure according to the received firewall rule, and communicating with the application code through the modified firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product, comprising one or more computer readable hardware storage devices having computer readable program code stored therein, said program code containing instructions executable by one or more processors to implement a method for dynamically modifying rules in a firewall infrastructure for an application code, said method comprising:
-
said one or more processors receiving a unit of deployment at a requestor module on a server, wherein the unit of deployment comprises the application code and a signed passport, and wherein the passport comprises a firewall rule and a first application hash value; said one or more processors authenticating the received passport; said one or more processors hashing the received application code, resulting in a second application hash value; said one or more processors validating that the received first application hash value and the second application hash value are equal; and in response to said authenticating and said validating, said one or more processors receiving the passport by a border control agent of the firewall from the requestor module, modifying a firewall in the firewall infrastructure according to the received firewall rule, and communicating with the application code through the modified firewall. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer system, comprising one or more processors, one or more memories, and one or more computer readable hardware storage devices, said one or more storage device containing program code executable by the one or more processors via the one or more memories to implement a method for dynamically modifying rules in a firewall infrastructure for an application code, said method comprising:
-
said one or more processors receiving a unit of deployment at a requestor module on a server, wherein the unit of deployment comprises the application code and a signed passport, and wherein the passport comprises a firewall rule and a first application hash value; said one or more processors authenticating the received passport; said one or more processors hashing the received application code, resulting in a second application hash value; said one or more processors validating that the received first application hash value and the second application hash value are equal; and in response to said authenticating and said validating, said one or more processors receiving the passport by a border control agent of the firewall from the requestor module, modifying a firewall in the firewall infrastructure according to the received firewall rule, and communicating with the application code through the modified firewall. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification