Realtime tracking of software components

US 8,813,058 B2
Filed: 05/25/2012
Issued: 08/19/2014
Est. Priority Date: 05/27/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

loading, one or more classes of a software component on a server, wherein the one or more classes are of unknown origin;

analyzing the loaded one or more classes of the software component by identifying one or more features thereof and checking said one or more features against a set of configurable rules stored in a database;

classifying the software component as one of a set of component types, based on analyzing the one or more loaded classes, wherein;

a component classified as a first type component is safe to be executed;

a component classified as a second type component is not safe to be executed but recognized by the server, wherein the second type component is comprised of open-source having license conditions making it unsuitable for commercial use;

a component classified as a third type component is neither safe to be executed nor recognized by the server, wherein the third type component is comprised of classes associated with an acceptable risk or an unacceptable risk; and

performing an action on the software component, which action is dictated by the component type,wherein the component classified as the first component type is run without amendment when the action is performed;

wherein the component classified as the second component type is replaced by a component of equivalent functionality prior to running when the action is performed; and

wherein the component classified as the third component type has an acceptance of the classes logged for further investigation when the classes are associated with acceptable risk and is blocked from running when the classes are associated with unacceptable risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure is for run-time accessing a software component is provided, together with a computer system embodying the same, and a software utility directing the method. Initially a software component is loaded and analyzed to identify one or more features thereof, which features are checked against a database. Following the check, the component is classified as one of at least first, second, and third component types. A first component type is run without amendment. A second component type is replaced by a component of equivalent functionality prior to running. A third component type is blocked from running.

3 Citations

18 Claims

1. A method comprising:
- loading, one or more classes of a software component on a server, wherein the one or more classes are of unknown origin;
  
  analyzing the loaded one or more classes of the software component by identifying one or more features thereof and checking said one or more features against a set of configurable rules stored in a database;
  
  classifying the software component as one of a set of component types, based on analyzing the one or more loaded classes, wherein;
  
  a component classified as a first type component is safe to be executed;
  
  a component classified as a second type component is not safe to be executed but recognized by the server, wherein the second type component is comprised of open-source having license conditions making it unsuitable for commercial use;
  
  a component classified as a third type component is neither safe to be executed nor recognized by the server, wherein the third type component is comprised of classes associated with an acceptable risk or an unacceptable risk; and
  
  performing an action on the software component, which action is dictated by the component type,wherein the component classified as the first component type is run without amendment when the action is performed;
  
  wherein the component classified as the second component type is replaced by a component of equivalent functionality prior to running when the action is performed; and
  
  wherein the component classified as the third component type has an acceptance of the classes logged for further investigation when the classes are associated with acceptable risk and is blocked from running when the classes are associated with unacceptable risk.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the component classified as the first component type is given a secondary classification in the analyzing step indicating that further analysis is required.
  - 3. The method of claim 1, wherein the component classified as the second component type is a component having a software routine written in open-source and having license conditions making it unsafe for execution.
  - 4. The method of claim 1, wherein the software component is classified as the third component type if at least one of the loaded one or more classes of the software component matches with a list of prohibited classes stored in the database and no alternate classes are available for substitution.
  - 5. The method of claim 1, wherein if the loaded one or more classes of the software component are not completely identified, the software component is classified as the third component type.
  - 6. The method of claim 1 further comprising:
    - logging packages and classes used by a cloud service and utilizing the logged packages and classes to analyze the software component.

7. A computer program product comprising:
- one or more non-transitory storage mediums;
  
  program instructions stored on the one or more non-transitory storage mediums, wherein the program instructions are able to be executed by one or more processors to;
  
  load one or more classes of a software component on a server, wherein the one or more classes are of unknown origin;
  
  analyze the loaded one or more classes of the software component by identifying one or more features thereof and checking said one or more features against a set of configurable rules stored in a database;
  
  classify the software component as one of a set of component types, based on analyzing the one or more loaded classes, wherein;
  
  a component classified as a first type component is safe to be executed;
  
  a component classified as a second type component is not safe to be executed but recognized by the server, wherein the second type component is comprised of open-source having license conditions making it unsuitable for commercial use;
  
  a component classified as a third type component is neither safe to be executed nor recognized by the server, wherein the third type component is comprised of classes associated with an acceptable risk or an unacceptable risk; and
  
  perform an action on the software component, which action is dictated by the component type,wherein the component classified as the first component type is run without amendment when the action is performed;
  
  wherein the component classified as the second component type is replaced by a component of equivalent functionality prior to running when the action is performed; and
  
  wherein the component classified as the third component type has an acceptance of the classes logged for further investigation when the classes are associated with acceptable risk and is blocked from running when the classes are associated with unacceptable risk.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein the component classified as the first component type is given a secondary classification in the analyzing step indicating that further analysis is required.
  - 9. The computer program product of claim 7, wherein the component classified as the second component type is a component having a software routine written in open-source and having license conditions making it unsafe for execution.
  - 10. The computer program product of claim 7, wherein the software component is classified as the third component type if at least one of the loaded one or more classes of the software component matches with a list of prohibited classes stored in the database and no alternate classes are available for substitution.
  - 11. The computer program product of claim 7, wherein if the loaded one or more classes of the software component are not completely identified, the software component is classified as the third component type.
  - 12. The computer program product of claim 7, wherein the program instructions are further able to be executed by one or more processors to:
    - log packages and classes used by a cloud service and utilizing the logged packages and classes to analyze the software component.

13. A system comprising:
- one or more processors;
  
  one or more non-transitory storage mediums;
  
  program instructions stored on the one or more non-transitory storage mediums, wherein the one or more processors execute the program instructions to;
  
  load one or more classes of a software component on a server, wherein the one or more classes are of unknown origin;
  
  analyze the loaded one or more classes of the software component by identifying one or more features thereof and checking said one or more features against a set of configurable rules stored in a database;
  
  classify the software component as one of a set of component types, based on analyzing the one or more loaded classes, wherein;
  
  a component classified as a first type component is safe to be executed;
  
  a component classified as a second type component is not safe to be executed but recognized by the server, wherein the second type component is comprised of open-source having license conditions making it unsuitable for commercial use;
  
  a component classified as a third type component is neither safe to be executed nor recognized by the server, wherein the third type component is comprised of classes associated with an acceptable risk or an unacceptable risk; and
  
  perform an action on the software component, which action is dictated by the component type,wherein the component classified as the first component type is run without amendment when the action is performed;
  
  wherein the component classified as the second component type is replaced by a component of equivalent functionality prior to running when the action is performed; and
  
  wherein the component classified as the third component type has an acceptance of the classes logged for further investigation when the classes are associated with acceptable risk and is blocked from running when the classes are associated with unacceptable risk.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the component classified as the first component type is given a secondary classification in the analyzing step indicating that further analysis is required.
  - 15. The system of claim 13, wherein the component classified as the second component type is a component having a software routine written in open-source and having license conditions making it unsafe for execution.
  - 16. The system of claim 13, wherein the software component is classified as the third component type if at least one of the loaded one or more classes of the software component matches with a list of prohibited classes stored in the database and no alternate classes are available for substitution.
  - 17. The system of claim 13, wherein if the loaded one or more classes of the software component are not completely identified, the software component is classified as the third component type.
  - 18. The system of claim 13, wherein the one or more processors execute the program instructions to:
    - log packages and classes used by a cloud service and utilizing the logged packages and classes to analyze the software component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Baldwin, Timothy J., Johnson, Peter J., Locke, David, Xu, Fenglian
Primary Examiner(s)
KENDALL, CHUCK O

Application Number

US13/481,076
Publication Number

US 20120304152A1
Time in Patent Office

816 Days
Field of Search

None
US Class Current

717/166
CPC Class Codes

G06F 8/65 Updates security arrangemen...

G06F 8/70 Software maintenance or man...

Realtime tracking of software components

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

3 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Realtime tracking of software components

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others