Method and system for containment of usage of language interfaces

US 7,840,968 B1
Filed: 12/17/2003
Issued: 11/23/2010
Est. Priority Date: 12/17/2003
Status: Active Grant

First Claim

Patent Images

1. A method for containment of usage of a language interface to be executed by a processor in an electronic environment, comprising:

determining a first linguistic interface of a service implementation that includes a plurality of directives executed by an operating system of a local computer, wherein the first linguistic interface is configured to be invoked by requests that conform to a first grammar type;

generating a unique client program based on a standard client program, wherein the unique client program is configured to interact with the service implementation via a second linguistic interface; and

generating the second linguistic interface and an interceptor, wherein the second linguistic interface is configured to be invoked by requests that conform to a second grammar type that is different from the first grammar type, the interceptor being configured to perform the steps of;

capturing a first service request from the unique client program andtranslating the first service request to a second service request, wherein the first service request is expressed in the second grammar type directed to the second linguistic interface, and wherein the second service request is expressed in the first grammar type and subsequently directed to the first linguistic interface after the translating to interact with the service implementation;

wherein the first and second linguistic interfaces are distinct.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Client software is modified by a translator to use unique variant of linguistic interface of a service. An interceptor pre-processes subsequent client service requests from translated unique linguistic interface to standard linguistic interface implemented by service. Usage of linguistic interfaces of service is contained, rendering service incapable of executing arbitrary input, even if such input is crafted specifically for the service interface.

136 Citations

View as Search Results

15 Claims

1. A method for containment of usage of a language interface to be executed by a processor in an electronic environment, comprising:
- determining a first linguistic interface of a service implementation that includes a plurality of directives executed by an operating system of a local computer, wherein the first linguistic interface is configured to be invoked by requests that conform to a first grammar type;
  
  generating a unique client program based on a standard client program, wherein the unique client program is configured to interact with the service implementation via a second linguistic interface; and
  
  generating the second linguistic interface and an interceptor, wherein the second linguistic interface is configured to be invoked by requests that conform to a second grammar type that is different from the first grammar type, the interceptor being configured to perform the steps of;
  
  capturing a first service request from the unique client program andtranslating the first service request to a second service request, wherein the first service request is expressed in the second grammar type directed to the second linguistic interface, and wherein the second service request is expressed in the first grammar type and subsequently directed to the first linguistic interface after the translating to interact with the service implementation;
  
  wherein the first and second linguistic interfaces are distinct.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising:
    - installing the interceptor on a computer system.

3. A system for containment of usage of a language interface, comprising:
- a processor;
  
  a memory having stored thereon;
  
  a unique client program generated based on a standard client program, wherein the unique client program is configured to issue a first service request expressed in a second grammar type directed to a second linguistic interface configured to be invoked by requests that conform to the second grammar type; and
  
  a first linguistic interface of a service implementation configured to receive a second service request from an interceptor, the second service request expressed in a first grammar type directed to the first linguistic interface, the service implementation including a plurality of directives executed by an operating system of a local computer, wherein the first linguistic interface is configured to be invoked by requests that conform to the first grammar type that is different from the second grammar type;
  
  wherein the interceptor (a) captures the first service request from the unique client program and (b) transforms the first service request to obtain the second service request, and wherein the second service request is subsequently directed to the first linguistic interface after the translating to interact with the service implementation, the first linguistic interface distinct from the second linguistic interface, and the second service request equivalent to the first service request.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
- - 4. The system of claim 3, wherein the service implementation, the interceptor and the unique client program reside on the same host.
  - 5. The system of claim 3, wherein the service implementation and the unique client program reside on distinct hosts.
  - 6. The system of claim 5, wherein the interceptor resides on the same host as the unique client program.
  - 7. The system of claim 5, wherein the interceptor resides on the same host as the service implementation.
  - 8. The system of claim 5, wherein the interceptor resides on a network element.
  - 9. The system of claim 8, wherein the network element is a switch or a router.
  - 10. The system of claim 3, wherein the service implementation, the interceptor and the unique client program each reside on distinct hosts, the service implementation and the interceptor communicating via a first network, the interceptor and the unique client program communicating via a second network.
  - 11. The system of claim 10, wherein any communication between the unique client program and the service implementation not passing through the interceptor is blocked by a network element residing in a communication path between the unique client program and the service implementation.

12. A method for containment of usage of a language interface to be executed by a processor in an electronic environment, comprising:
- determining a first client program and a first linguistic interface of a service implementation that includes a plurality of directives executed by an operating system of a local computer, wherein the first linguistic interface is configured to be invoked by requests that conform to a first grammar type, the first client program generating a first service request expressed in the first grammar type; and
  
  generating a second client program based on the first client program, a second linguistic interface and an interceptor, the second client program generating a second service request expressed in a second grammar type directed to the second linguistic interface, wherein the second linguistic interface is configured to be invoked by requests that conform to the second grammar type that is different from the first grammar type, the interceptor being configured to perform the steps of;
  
  capturing the first service request and the second service request,translating only the second service request or any one of one or more requests that conform to the second grammar type to a third service request, andsending the third service request to the service implementation, the third service request expressed in the first grammar type and subsequently directed to the first linguistic interface after the translating to interact with the service implementation;
  
  wherein the first linguistic interface differs from the second linguistic interface, and the first and second and third service requests are equivalent.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising the step of installing a client transformer and a service interface transformer, the client transformer configured to generate the second client program based on the first client program, the service interface transformer configured to generate the second linguistic interface and the interceptor.
  - 14. The method of claim 13, wherein the client transformer resides on a first host and generates the second client program on the first host, and wherein the second client program is sent from the first host to a second host, the first host distinct from the second host.
  - 15. The method of claim 13, wherein the service interface transformer resides on a first host and generates the second linguistic interface and the interceptor on the first host, and wherein the interceptor is sent from the first host to a second host, the first host distinct from the second host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sebes, E. John, Sharma, Rosen, Shah, Bakul
Primary Examiner(s)
Wu; Qing

Application Number

US10/739,230
Time in Patent Office

2,533 Days
Field of Search

719/313, 719/320, 719/328, 719/330, 726 26- 27, 718/1
US Class Current

719/313
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/12   Protecting executable software

G06F 21/121   Restricting unauthorised ex...

G06F 21/54   by adding security routines...

G06F 21/554   involving event detection a...

G06F 21/564   by virus signature recognition

G06F 2209/542   Intercept

G06F 2221/2105   Dual mode as a secondary as...

G06F 8/20   Software design

G06F 8/30   Creation or generation of s...

G06F 8/40   Transformation of program code

G06F 9/46   Multiprogramming arrangements

G06F 9/541   via adapters, e.g. between ...

H04N 21/8133   specifically related to the...

Method and system for containment of usage of language interfaces

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for containment of usage of language interfaces

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links