Application-layer security method and system
First Claim
1. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application,preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
converting every consecutive specified number of characters in said operation request into n-bits of binary code;
computing a hash value for said every consecutive specified number of characters in said operation request; and
comparing every hash value to stored hash values representing vulnerability patterns.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention secures applications from executing illegal or harmful operation requests received from a distrusted environment, thereby, preventing an application from damaging itself, other applications, performance, files, buffers, databases, and confidentiality of information. An operation reverse engineering layer is positioned in front of an application in a trusted environment and between the application and the incoming application operation requests that are received from an unknown or distrusted environment. The operation reverse engineering layer checks the requests for either form, content, or both, to insure that only legal and harmless requests will pass to the given application. Hardware, software, or both, are employed to implement the operation reverse engineering layer.
136 Citations
22 Claims
-
1. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
-
determining whether an operation request is illegal or harmful to an environment of an application, preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request, comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns.
-
-
2. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
-
determining whether an operation request is illegal or harmful to an environment of an application, preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of replacing said illegal or harmful operation request into a legal or harmless operation request, comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns.
-
-
3. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
-
designating an application path of an application as restricted, determining whether an operation request is illegal or harmful to an environment of said application, preventing said application from executing an illegal or harmful operation request, wherein said step of determining comprises the step of checking said operation request for an existence of an embedded command causing database manipulation and wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request, comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns. - View Dependent Claims (4, 5, 6)
-
-
7. A method for protecting an application from executing an illegal or harmful operation request received from a distrusted environment, the method comprising the steps of:
-
determining whether an operation request is illegal or harmful to an environment of an application, preventing said application from executing an illegal or harmful operation request, comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns. - View Dependent Claims (8)
-
-
9. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
-
determining whether an operation request is illegal or harmful to an environment of an application; comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns; preventing said application from executing an illegal or harmful operation request; sending a legal or harmless operation request to said application; generating a reply to said operation request. - View Dependent Claims (10, 11, 12)
-
-
13. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
-
determining whether an operation request is illegal or harmful to an environment of an application; comparing said operation request against stored known vulnerability patterns to determine a match, and blocking said operation request if said match is found, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; comparing every hash value to stored hash values representing vulnerability patterns; and preventing said application from executing an illegal or harmful operation request, wherein said step of determining comprises the steps of; identifying a cookie message header in said operation request; decrypting values in said cookie message header; and modifying said operation request to reflect said decrypted values.
-
-
14. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
-
receiving one or more operation requests; formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested; indexing said one or more formatted messages; storing a copy of said indexed one or more formatted messages; translating said formatted messages into internal messages according to an encoding scheme; resolving a destination node for each operation request; matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application; and determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of; applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, wherein application of a pipe comprises the steps of; parsing a first operation request into one or more expressions; building a state-automate; inspecting said one or more expressions for improper syntax and characters not defined in a first alphabet; and applying said state-automate to said first operation request. - View Dependent Claims (15)
-
-
16. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
-
receiving one or more operation requests; formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested; indexing said one or more formatted messages; storing a copy of said indexed one or more formatted messages; translating said formatted messages into internal messages according to an encoding scheme; resolving a destination node for each operation request; matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application; and determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of; applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, wherein application of a pipe comprises the steps of; comparing said operation request against stored known vulnerability patterns to determine a match, wherein said step of comparing comprises the steps of; converting every consecutive specified number of characters in said operation request into n-bits of binary code; computing a hash value for said every consecutive specified number of characters in said operation request; and comparing every hash value to stored hash values representing vulnerability patterns; and blocking said operation request if said match is found. - View Dependent Claims (17)
-
-
18. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
-
receiving one or more operation requests; formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested; indexing said one or more formatted messages; storing a copy of said indexed one or more formatted messages; translating said formatted messages into internal messages according to an encoding scheme; resolving a destination node for each operation request; matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application; determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of; applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request; sending legal or harmless operation requests to said operation; and generating a reply to said operation request. - View Dependent Claims (19, 20)
-
-
21. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
-
receiving one or more operation requests; formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested; indexing said one or more formatted messages; storing a copy of said indexed one or more formatted messages; translating said formatted messages into internal messages according to an encoding scheme; resolving a destination node for each operation request; and applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, and wherein application of a pipe comprises the steps of; identifying a cookie message header in said operation request; decrypting values in said cookie message header; and modifying said operation request to reflect said decrypted values.
-
-
22. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
-
receiving one or more operation requests; formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested; indexing said one or more formatted messages; storing a copy of said indexed one or more formatted messages; translating said formatted messages into internal messages according to an encoding scheme; resolving a destination node for each operation request; and applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, and wherein application of a pipe comprises the steps of; identifying a cookie message header in said reply; encrypting values in said cookie message header; and modifying said reply to reflect said encrypted values.
-
Specification