Method and apparatus for security-aware elasticity of application and services

US 8,793,766 B2
Filed: 03/13/2012
Issued: 07/29/2014
Est. Priority Date: 03/13/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

determining, for each non-security component of an application, (a) types of interactions the non-security component has with security components of the application for a plurality of requests and a total number for each interaction type;

determining, based on (a) and an expected number of incoming requests to the application;

(b) types of requests to the security components from the non-security components and types of interactions with the security components involving the non-security components; and

(c) for each type of request to the security components from the non-security components, a total number of requests to the security components involving the non-security components and a total number of interactions with the security components involving the non-security components;

determining, for each security component, a capacity required to process each type of request involving the non-security components and a capacity required to perform each type of interaction involving the non-security components; and

changing the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for scaling up/down security (non-functional) components of an application, determine (a) types of interactions and a number of each type of interaction each non-security (functional) component has with security components for a plurality of requests. Determine, based on (a) and an expected number of incoming requests to the application, (b) types of requests to and interactions with the security components involving the non-security components and (c) a number of requests to and interactions with the security components involving non-security components for each type of request to the security components involving non-security components. Determine, for each security component, a capacity required for each type of request involving the non-security components and a capacity required for each type of interaction involving the non-security components. Change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.

44 Citations

20 Claims

1. A method, comprising:
- determining, for each non-security component of an application, (a) types of interactions the non-security component has with security components of the application for a plurality of requests and a total number for each interaction type;
  
  determining, based on (a) and an expected number of incoming requests to the application;
  
  (b) types of requests to the security components from the non-security components and types of interactions with the security components involving the non-security components; and
  
  (c) for each type of request to the security components from the non-security components, a total number of requests to the security components involving the non-security components and a total number of interactions with the security components involving the non-security components;
  
  determining, for each security component, a capacity required to process each type of request involving the non-security components and a capacity required to perform each type of interaction involving the non-security components; and
  
  changing the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein (a) is determined by analyzing code of the security and non-security components, non-functional or functional subsystems associated with the application that interact with a security component or influence the load on at least one of the security components, configuration information of the security and non-security components, a workflow of the application and deployment parameters of the application.
  - 3. The method of claim 1, wherein the capacity required to perform each type of interaction involving the non-security components and a security component is determined by analyzing the capacities required to process each type of request involving the non-security components and a security component, the current load on the application, the expected load on the application due to the incoming requests, and service level agreement (SLA) and quality of service (QoS) parameters of the application.
  - 4. The method of claim 1, wherein the load on a specific security component is computed using SLA and QoS parameters of the application.
  - 5. The method of claim 1, wherein changing the capacities of the security components to the new capacities includes increasing or decreasing the total number of security components.
  - 6. The method of claim 1, wherein changing the capacities of the security components to the new capacities includes increasing or decreasing internal capacities of the security components or capacities of the infrastructure and components on which the security components depend.

7. A computer program product, comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to determine, for each non-security component of an application, (a) types of interactions the non-security component has with security components of the application for a plurality of requests and a total number for each interaction type;
  
  computer readable program code configured to determine, based on (a) and an expected number of incoming requests to the application;
  
  (b) types of requests to the security components from the non-security components and types of interactions with the security components involving the non-security components; and
  
  (c) for each type of request to the security components from the non-security components, a total number of requests to the security components involving the non-security components and a total number of interactions with the security components involving the non-security components;
  
  computer readable program code configured to determine, for each security component, a capacity required to process each type of request involving the non-security components and a capacity required to perform each type of interaction involving the non-security components; and
  
  computer readable program code configured to change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein (a) is determined by analyzing code of the security and non-security components, non-functional or functional subsystems associated with the application that interact with a security component or influence the load on at least one of the security components, configuration information of the security and non-security components, a workflow of the application and deployment parameters of the application.
  - 9. The computer program product of claim 7, wherein the capacity required to perform each type of interaction involving the non-security components and a security component is determined by analyzing the capacities required to process each type of request involving the non-security components and a security component, the current load on the application, the expected load on the application due to the incoming requests, and service level agreement (SLA) and quality of service (QoS) parameters of the application.
  - 10. The computer program product of claim 7, wherein the load on a specific security component is computed using SLA and QoS parameters of the application.
  - 11. The computer program product of claim 7, wherein the capacities of the security components are changed to the new capacities by increasing or decreasing the total number of security components.
  - 12. The computer program product of claim 7, wherein changing the capacities of the security components to the new capacities includes increasing or decreasing internal capacities of the security components or capacities of the infrastructure and components on which the security components depend.

13. A system, comprising:
- a memory device for storing a program; and
  
  a processor in communication with the memory device, the processor operative with the program to;
  
  determine, for each non-security component of an application, (a) types of interactions the non-security component has with security components of the application for a plurality of requests and a total number for each interaction type;
  
  determine, based on (a) and an expected number of incoming requests to the application;
  
  (b) types of requests to the security components from the non-security components and types of interactions with the security components involving the non-security components; and
  
  (c) for each type of request to the security components from the non-security components, a total number of requests to the security components involving the non-security components and a total number of interactions with the security components involving the non-security components;
  
  determine, for each security component, a capacity required to process each type of request involving the non-security components and a capacity required to perform each type of interaction involving the non-security components; and
  
  change the capacities of the security components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein (a) is determined by analyzing code of the security and non-security components, non-functional or functional subsystems associated with the application that interact with a security component or influence the load on at least one of the security components, configuration information of the security and non-security components, a workflow of the application and deployment parameters of the application.
  - 15. The system of claim 13, wherein the capacity required to perform each type of interaction involving the non-security components and a security component is determined by analyzing the capacities required to process each type of request involving the non-security components and a security component, the current load on the application, the expected load on the application due to the incoming requests, and service level agreement (SLA) and quality of service (QoS) parameters of the application.
  - 16. The system of claim 13, wherein the load on a specific security component is computed using SLA and QoS parameters of the application.
  - 17. The system of claim 13, wherein the capacities of the security components are changed to the new capacities by increasing or decreasing the total number of security components.
  - 18. The system of claim 13, wherein changing the capacities of the security components to the new capacities includes increasing or decreasing internal capacities of the security components or capacities of the infrastructure and components on which the security components depend.

19. A method, comprising:
- determining, for each functional component of an application, (a) types of interactions the functional component has with non-functional components of the application for a plurality of requests and a total number for each interaction type;
  
  determining, based on (a) and an expected number of incoming requests to the application;
  
  (b) types of requests to the non-functional components from the functional components and types of interactions with the non-functional components involving the functional components; and
  
  (c) for each type of request to the non-functional components from the functional components, a total number of requests to the non-functional components involving the functional components and a total number of interactions with the non-functional components involving the functional components;
  
  determining, for each non-functional component, a capacity required to process each type of request involving the functional components and a capacity required to perform each type of interaction involving the functional components; and
  
  changing the capacities of the non-functional components to new capacities, wherein the new capacities are based on (a), (c) and the determined capacities.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein a functional component includes a non-security component and a non-functional component includes a security component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kundu, Ashish, Mohindra, Ajay, Sahu, Sambit
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US13/419,037
Publication Number

US 20130247135A1
Time in Patent Office

868 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

G06F 21/604 Tools and structures for ma...

G06F 2209/5019 Workload prediction

Method and apparatus for security-aware elasticity of application and services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for security-aware elasticity of application and services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links