×

Fight-through nodes with disposable virtual machines and rollback of persistent state

  • US 8,839,426 B1
  • Filed: 08/29/2013
  • Issued: 09/16/2014
  • Est. Priority Date: 08/08/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by a computing system, a plurality of messages from one or more client computing devices, each of the plurality of messages corresponding to a transaction in a plurality of transactions;

    for each respective transaction in the plurality of transactions;

    initializing, by the computing system and from a common template that has been determined to be free of malware infection, a respective one of a plurality of virtual machines that execute at one or more computing devices of the computing system, wherein initializing comprises initializing an instance of an application on the respective virtual machine in accordance with application state stored within a shared database;

    wherein the plurality of messages includes a request to initiate a respective communication session between the computing system and a particular client computing device among the one or more client computing devices;

    in response to receiving the request to initiate the respective communication session, assigning, by the computing system, the respective transaction to the respective virtual machine from the plurality of virtual machines, wherein the respective transaction is the first transaction assigned to the respective virtual machine;

    generating, by the respective virtual machine, as part of the respective virtual machine completing the respective transaction, a database modification request associated with the respective transaction;

    performing a modification to the shared database in response to the database modification request associated with the respective transaction, wherein the database modification request requests modification, within the shared database, of the application state for the application running on the respective virtual machine, and wherein the shared database is persisted independently of the plurality of virtual machines;

    generating checkpoint data associated with the respective transaction;

    in response to determining that processing of the respective transaction is complete upon detecting termination of the respective communication session, discarding, by the computing system, the respective virtual machine; and

    in response to determining that the respective transaction is associated with a cyber-attack, using the checkpoint data associated with the respective transaction to roll back the modification to the shared database performed in response to the database modification request associated with the respective transaction.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×