Application layer security method and system
First Claim
1. An application layer security method comprising the steps of:
- receiving, at an application-level switch at least partially implemented in hardware, an operation request to be executed by an application,identifying an application attribute of said operation request,identifying an application path associated with said identified application attribute,directing, at the application-level switch, said operation request to said identified application path, andapplying one or more pipes to a portion of said operation request, wherein said one or more pipes are security components, and a number and each individual type of said one or more pipes are defined according to said identified application path.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides an application layer security method and system to secure trusted computer applications from executing out of their intended and authorized scope caused by illegal or harmful operation requests received from a distrusted environment. In an embodiment of the invention, a protective layer is implemented in between a trusted application and distrusted application operation requests. In operation, the protective layer identifies an application path of each operation request. Depending on the application path identified, one or more security pipes scrutinize the application contents of the operation request to determine if the operation request is illegal or harmful to the application or a surrounding environment.
111 Citations
22 Claims
-
1. An application layer security method comprising the steps of:
-
receiving, at an application-level switch at least partially implemented in hardware, an operation request to be executed by an application, identifying an application attribute of said operation request, identifying an application path associated with said identified application attribute, directing, at the application-level switch, said operation request to said identified application path, and applying one or more pipes to a portion of said operation request, wherein said one or more pipes are security components, and a number and each individual type of said one or more pipes are defined according to said identified application path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21, 22)
-
-
13. An application security system for protecting a trusted application comprising:
-
an application-level switch at least partially implemented in hardware and comprising; an application attribute identifier, wherein said application attribute identifier identifies an application attribute of a message directed to or from said trusted application and identifies an application path associated with said identified application attribute; and a message router, wherein said message router routes each message to said identified application path associated with said message; and a number of security pipes, wherein said number of security pipes are security components to protect or monitor functionality of said trusted application, and wherein a portion of said number of security pipes are associated with said identified application path and are implemented on said message upon routing of said message to said application path. - View Dependent Claims (14, 15)
-
-
16. An application security method comprising the steps of:
-
classifying, at an application-level switch at least partially implemented in hardware, an application attribute of a first message directed to or from a trusted application, identifying, at the application-level switch, a first application path associated with said classified application attribute of said first message, implementing on said first message a predetermined number of security pipes based on said identified first application path, wherein said predetermined number of security pipes are security components to protect or monitor functionality of a trusted application, classifying, at the application-level switch, an application attribute of a second message directed to or from a trusted application, identifying, at the application-level switch, a second application path associated with said classified application attribute of said second message, implementing on said second message a different predetermined number of security pipes based on said identified second application path. - View Dependent Claims (17, 18)
-
Specification