Flow data for security data loss prevention
First Claim
1. A method comprising:
- tracing a transaction that is processed by a sequence of software components that execute on an electronic device, the tracing is performed by a circuit on the electronic device, the tracing including collecting performance data for the transaction;
accessing transaction data that is associated with the transaction as the transaction flows through the sequence of software components, the transaction data being included in the performance data, the accessing is performed by a circuit on the electronic device; and
analyzing the data associated with the transaction to detect a possible data loss event that involves the transaction data.
1 Assignment
0 Petitions
Accused Products
Abstract
There are techniques for detecting and preventing possible security violations in a computer network. The security violation detection may be based on data attached to transactions as they flow through one or more software applications. A transaction that is processed by a sequence of software components that execute on one or more electronic devices may be traced. Data that is associated with the transaction as the transaction flows through the sequence of software components may be accessed. The accessed data may be analyzed to detect a possible security violation. The accessed data may be compared to one or more pre-defined patterns. The transaction may be intercepted upon detection of a possible security violation.
35 Citations
24 Claims
-
1. A method comprising:
-
tracing a transaction that is processed by a sequence of software components that execute on an electronic device, the tracing is performed by a circuit on the electronic device, the tracing including collecting performance data for the transaction; accessing transaction data that is associated with the transaction as the transaction flows through the sequence of software components, the transaction data being included in the performance data, the accessing is performed by a circuit on the electronic device; and analyzing the data associated with the transaction to detect a possible data loss event that involves the transaction data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
a hardware processor programmed to; collect application mapping data for transactions as the transactions flow through a software application, the application mapping data describes dependencies between software components in the software application as the transactions flow; access transaction data attached to transactions as the transactions flow through the software application, the transaction data being included in the application mapping data; and compare the transaction data attached to each of the transactions to pre-defined patterns to detect possible data loss events that involve the transaction data. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
determining a sequence of software components that process a transaction being processed by the software components that execute on an application server, the transaction is performed in response to a request from a client device over a network to the application server, the determining including collecting dependency data for the transaction, the dependency data comprising vertices that each describe a software component used to execute the transaction and edges that each describe an ordered pair of the software component used to execute the transaction, the determining is performed by a circuit on the application server; accessing transaction data that is attached to the transaction as the transaction flows through the sequence of software components, the transaction data being included in the dependency data, the accessing is performed by a circuit on the application server; and comparing the data that is attached to the transaction with a pre-defined pattern to determine whether the transaction data is subject to being lost in a security violation. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A computer program product comprising:
-
a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising; computer readable program code configured to trace a transaction that is processed by a sequence of software components that execute on an electronic device; computer readable program code configured to collect performance data for the transaction while tracing the transaction; computer readable program code configured to access transaction data that is associated with the transaction as the transaction flows through the sequence of software components, the transaction data being included in the performance data; and computer readable program code configured to analyze the transaction data associated with the transaction to detect a possible data loss event that involves the transaction data.
-
Specification