Application-layer security method and system

US 7,313,822 B2
Filed: 03/16/2001
Issued: 12/25/2007
Est. Priority Date: 03/16/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:

determining whether an operation request is illegal or harmful to an environment of an application,preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;

converting every consecutive specified number of characters in said operation request into n-bits of binary code;

computing a hash value for said every consecutive specified number of characters in said operation request; and

comparing every hash value to stored hash values representing vulnerability patterns.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention secures applications from executing illegal or harmful operation requests received from a distrusted environment, thereby, preventing an application from damaging itself, other applications, performance, files, buffers, databases, and confidentiality of information. An operation reverse engineering layer is positioned in front of an application in a trusted environment and between the application and the incoming application operation requests that are received from an unknown or distrusted environment. The operation reverse engineering layer checks the requests for either form, content, or both, to insure that only legal and harmless requests will pass to the given application. Hardware, software, or both, are employed to implement the operation reverse engineering layer.

136 Citations

View as Search Results

22 Claims

1. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application,preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns.

2. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application,preventing said application from executing an illegal or harmful operation request, wherein said step of preventing comprises the step of replacing said illegal or harmful operation request into a legal or harmless operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns.

3. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- designating an application path of an application as restricted,determining whether an operation request is illegal or harmful to an environment of said application,preventing said application from executing an illegal or harmful operation request, wherein said step of determining comprises the step of checking said operation request for an existence of an embedded command causing database manipulation and wherein said step of preventing comprises the step of modifying said illegal or harmful operation request into a legal or harmless operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 3, wherein said embedded command is an SQL based command.
  - 5. The method of claim 3, further comprising the steps of:
    - parsing said operation request into one or more expressions;
      
      building a state-automate;
      
      inspecting said one or more expressions for improper syntax and characters not defined in a first alphabet; and
      
      applying said state-automate to said operation request.
  - 6. The method of claim 5, wherein said alphabet is selected from the group consisting of:
    - letters, digits, and encoded characters;
      
      blocks of letters;
      
      groups of said blocks; and
      
      any combination thereof.

7. A method for protecting an application from executing an illegal or harmful operation request received from a distrusted environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application,preventing said application from executing an illegal or harmful operation request,comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns.
- View Dependent Claims (8)
- - 8. The method of claim 7, wherein said n-bits is 8 bits and said specified number is equal to four.

9. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application;
  
  comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns;
  
  preventing said application from executing an illegal or harmful operation request;
  
  sending a legal or harmless operation request to said application;
  
  generating a reply to said operation request.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein said step of determining further comprises the steps of:
    - determining a first set of internal URLs and parameters values contained in said reply;
      
      receiving a second operation request in response to said reply;
      
      comparing a second set of internal URLs and parameters values contained in said second operation request with said first set to determine if said sets correspond; and
      
      rejecting said second operation request if said sets do not correspond.
  - 11. The method of claim 9, further comprising the steps of:
    - identifying a single client to interact with said application;
      
      determining a first set of parameter names and values in said reply;
      
      receiving a second operation request from said client in response to said reply;
      
      determining a second set of parameter names and values in said second operation request; and
      
      forwarding said second request to said application only if said first set matches said second set.
  - 12. The method of claim 9, further comprising the steps of:
    - identifying a cookie message header in said reply;
      
      encrypting values in said cookie message header; and
      
      modifying said reply to reflect said encrypted values.

13. A method for protecting an application from executing an illegal or harmful operation request received from a distributed environment, the method comprising the steps of:
- determining whether an operation request is illegal or harmful to an environment of an application;
  
  comparing said operation request against stored known vulnerability patterns to determine a match, andblocking said operation request if said match is found,wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request;
  
  comparing every hash value to stored hash values representing vulnerability patterns; and
  
  preventing said application from executing an illegal or harmful operation request, wherein said step of determining comprises the steps of;
  
  identifying a cookie message header in said operation request;
  
  decrypting values in said cookie message header; and
  
  modifying said operation request to reflect said decrypted values.

14. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
- receiving one or more operation requests;
  
  formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested;
  
  indexing said one or more formatted messages;
  
  storing a copy of said indexed one or more formatted messages;
  
  translating said formatted messages into internal messages according to an encoding scheme;
  
  resolving a destination node for each operation request;
  
  matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application; and
  
  determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of;
  
  applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, wherein application of a pipe comprises the steps of;
  
  parsing a first operation request into one or more expressions;
  
  building a state-automate;
  
  inspecting said one or more expressions for improper syntax and characters not defined in a first alphabet; and
  
  applying said state-automate to said first operation request.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein said alphabet is selected from the group consisting of:
    - letters, digits, and encoded characters;
      
      blocks of letters;
      
      groups of said blocks; and
      
      any combination thereof.

16. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
- receiving one or more operation requests;
  
  formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested;
  
  indexing said one or more formatted messages;
  
  storing a copy of said indexed one or more formatted messages;
  
  translating said formatted messages into internal messages according to an encoding scheme;
  
  resolving a destination node for each operation request;
  
  matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application; and
  
  determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of;
  
  applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, wherein application of a pipe comprises the steps of;
  
  comparing said operation request against stored known vulnerability patterns to determine a match, wherein said step of comparing comprises the steps of;
  
  converting every consecutive specified number of characters in said operation request into n-bits of binary code;
  
  computing a hash value for said every consecutive specified number of characters in said operation request; and
  
  comparing every hash value to stored hash values representing vulnerability patterns; and
  
  blocking said operation request if said match is found.
- View Dependent Claims (17)
- - 17. The method of claim 16, wherein said n-bits is 8-bits and said specified number is equal to four.

18. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
- receiving one or more operation requests;
  
  formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested;
  
  indexing said one or more formatted messages;
  
  storing a copy of said indexed one or more formatted messages;
  
  translating said formatted messages into internal messages according to an encoding scheme;
  
  resolving a destination node for each operation request;
  
  matching each operation request to an application path, wherein said application path is a virtual directory or a subdirectory of said application;
  
  determining whether each operation request is illegal or harmful to an environment of said application, wherein said step of determining comprises the step of;
  
  applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request;
  
  sending legal or harmless operation requests to said operation; and
  
  generating a reply to said operation request.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein application of a pipe comprises the steps of:
    - determining a first set of internal URLs and parameters values contained in said reply;
      
      receiving a second operation request in response to said reply;
      
      comparing a second set of internal URLs and parameters values contained in said second operation request with said first set to determine if said sets correspond; and
      
      rejecting said second operation request if said sets do not correspond.
  - 20. The method of claim 18, wherein application of a pipe comprises the steps of:
    - identifying a single client to interact with said application;
      
      determining a first set of parameter names and values in said reply;
      
      receiving a second operation request from said client in response to said reply;
      
      determining a second set of parameter names and values in said second operation request; and
      
      forwarding said second request to said application only if said first set matches said second set.

21. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
- receiving one or more operation requests;
  
  formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested;
  
  indexing said one or more formatted messages;
  
  storing a copy of said indexed one or more formatted messages;
  
  translating said formatted messages into internal messages according to an encoding scheme;
  
  resolving a destination node for each operation request; and
  
  applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, and wherein application of a pipe comprises the steps of;
  
  identifying a cookie message header in said operation request;
  
  decrypting values in said cookie message header; and
  
  modifying said operation request to reflect said decrypted values.

22. A method for preventing one or more applications from executing out of their intended scopes of operation, comprising the steps of:
- receiving one or more operation requests;
  
  formatting each operation request into a formatted message according to a designated communications protocol, wherein said designation communication protocol is determined by the type of application being requested;
  
  indexing said one or more formatted messages;
  
  storing a copy of said indexed one or more formatted messages;
  
  translating said formatted messages into internal messages according to an encoding scheme;
  
  resolving a destination node for each operation request; and
  
  applying one or more security pipes to each operation request, wherein the number and types of pipes applied to each operation request are based on said resolved destination node of each operation request, and wherein application of a pipe comprises the steps of;
  
  identifying a cookie message header in said reply;
  
  encrypting values in said cookie message header; and
  
  modifying said reply to reflect said encrypted values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kavado, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Ben-Itzhak, Yuval
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
CHEN, SHIN HON

Application Number

US09/809,030
Publication Number

US 20030023873A1
Time in Patent Office

2,475 Days
Field of Search

713151-154, 713/160, 713/165, 713200-201, 713187-189, 709223-230, 726 22- 25
US Class Current

726/24
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

H04L 63/0245   Filtering by information in...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

Application-layer security method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

136 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Application-layer security method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links