Securing inter-process communication
First Claim
Patent Images
1. A method, comprising:
- intercepting, by a processing device, a request from a requesting process to post a message to a destination process in an operating environment in which processes communicate via message queues, wherein each destination process in the operating environment communicates via a corresponding message queue;
determining whether the requesting process is a same as the destination process in view of the message;
in response to a determination that the requesting process is not the same as the destination process,evaluating message content and requestor information associated with the request to determine whether the message is to be posted;
posting the message to a message queue of the destination process if the message is to be posted; and
if the message is not to be posted, and the message satisfies additional criteria, causing the requesting process to be terminated, wherein the additional criteria comprise posting an undocumented message; and
in response to a determination that the requesting process is the same as the destination process, posting the message to the message queue of the destination process.
1 Assignment
0 Petitions
Accused Products
Abstract
A request to post a message to a destination is intercepted in an operating environment in which processes communicate via message queues. Message content and requester information associated with the request is evaluated to determine whether the message is to be posted. The message is posted to a message queue of the destination if the message is to be posted.
-
Citations
18 Claims
-
1. A method, comprising:
-
intercepting, by a processing device, a request from a requesting process to post a message to a destination process in an operating environment in which processes communicate via message queues, wherein each destination process in the operating environment communicates via a corresponding message queue; determining whether the requesting process is a same as the destination process in view of the message; in response to a determination that the requesting process is not the same as the destination process, evaluating message content and requestor information associated with the request to determine whether the message is to be posted; posting the message to a message queue of the destination process if the message is to be posted; and if the message is not to be posted, and the message satisfies additional criteria, causing the requesting process to be terminated, wherein the additional criteria comprise posting an undocumented message; and in response to a determination that the requesting process is the same as the destination process, posting the message to the message queue of the destination process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 17)
-
-
8. A non-transitory machine-accessible medium comprising instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
intercepting, by the processing device, a request from a requesting process to post a message to a destination process in an operating environment in which processes communicate via message queues, wherein each destination process in the operating environment communicates via a corresponding message queue; determining whether the requesting process is a same as the destination process in view of the message; in response to a determination that the requesting process is not the same as the destination process, evaluating message content and requestor information associated with the request to determine whether the message is to be posted; posting the message to a message queue of the destination process if the message is to be posted; and if the message is not to be posted, and the message satisfies additional criteria, causing the requesting process to be terminated, wherein the additional criteria comprise posting the message with impossible parameters; and in response to a determination that the requesting process is the same as the destination process, posting the message to the message queue of the destination process. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing device, comprising:
-
a memory to store message queues; a processing device coupled to the memory; a message interceptor, executable by the processing device, to intercept a request from a requesting process to post a message to a destination process in an operating environment in which processes communicate via the message queues, wherein each destination process in the operating environment communicates via a corresponding message queue; and a message evaluator, coupled with the message interceptor and executable by the processing device to; determine whether the requesting process is a same as the destination process in view of the message; in response to a determination that the requesting process is not the same as the destination process, evaluate message content and requestor information associated with the request to determine whether the message is to be posted, permit the message to be posted to a message queue of the destination process if the message is to be posted, and if the message is not to be posted, and the message satisfies additional criteria, cause the requesting process to be terminated, wherein the additional criteria comprise posting the message in an inappropriate context; and in response to a determination that the requesting process is the same as the destination process, post the message to the message queue of the destination process. - View Dependent Claims (16, 18)
-
Specification