Virtual machine

US 9,081,941 B2
Filed: 08/29/2012
Issued: 07/14/2015
Est. Priority Date: 12/12/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of using a software platform, wherein the software platform is a virtual machine (VM) including a heap memory, the method comprising the steps of:

receiving a request from a requestor;

determining authentication information in the received request;

adding the requestor to a blacklist if certain predetermined conditions exist, wherein said predetermined conditions exist when the requester has made at least one resource intensive request, wherein said at least one resource intensive request comprises at least one resource intensive XML document;

setting a reliability level from among a plurality of reliability levels based on the authentication information determined in the determining step, wherein the plurality of reliability levels includes a blacklisted level, and wherein said reliability level is set at said blacklisted level if the requester is added to the blacklist at the adding step;

allocating, by a servlet container, a pooled servlet thread in response to the request; and

setting, after the setting step, a resource allocation allowed in a response to the request as controlled by the software platform if the reliability level set at the setting step is not the blacklisted level, wherein the resource allocation includes an upper limit on heap usage for said thread based on the reliability level set at the setting step, and further wherein the controlling step is performed before the request becomes a resource intensive request;

providing the ability to change the previously set upper limit on heap usage and request processing priority using credit information based on the authentication information before processing the request made by the requestor; and

rejecting a resource allocation allowed in a response to the request as controlled by the software platform if the reliability level set at the setting step is the blacklisted level.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to various systems and/or methods relating to a software platform that provides for authentication of a requestor. Preferably, this authentication happens before there is an opportunity for any resource intensive request to harm operation of the system. Preferably, a reliability level is based on authentication so that the amount and/or type of resource access is controlled based, at least in part, on the authentication information. Preferably, heap usage is controlled by this reliability level. Preferably, the software platform is a virtual machine, preferably the Java Virtual Machine.

10 Citations

12 Claims

1. A method of using a software platform, wherein the software platform is a virtual machine (VM) including a heap memory, the method comprising the steps of:
- receiving a request from a requestor;
  
  determining authentication information in the received request;
  
  adding the requestor to a blacklist if certain predetermined conditions exist, wherein said predetermined conditions exist when the requester has made at least one resource intensive request, wherein said at least one resource intensive request comprises at least one resource intensive XML document;
  
  setting a reliability level from among a plurality of reliability levels based on the authentication information determined in the determining step, wherein the plurality of reliability levels includes a blacklisted level, and wherein said reliability level is set at said blacklisted level if the requester is added to the blacklist at the adding step;
  
  allocating, by a servlet container, a pooled servlet thread in response to the request; and
  
  setting, after the setting step, a resource allocation allowed in a response to the request as controlled by the software platform if the reliability level set at the setting step is not the blacklisted level, wherein the resource allocation includes an upper limit on heap usage for said thread based on the reliability level set at the setting step, and further wherein the controlling step is performed before the request becomes a resource intensive request;
  
  providing the ability to change the previously set upper limit on heap usage and request processing priority using credit information based on the authentication information before processing the request made by the requestor; and
  
  rejecting a resource allocation allowed in a response to the request as controlled by the software platform if the reliability level set at the setting step is the blacklisted level.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the software platform is a java virtual machine (JVM).
  - 3. The method of claim 1 wherein, at the determining step, it is determined whether the authentication information includes at least one of the following types of authentication information:
    - personal identification of the requestor, identification of a requestor'"'"'s computer, identification of a service provider associated with requestor, and/or SSL client certification.
  - 4. The method of claim 1 wherein, at the controlling step, the control of a resource allocation allowed in a response to the request is based in part upon at least one factor in addition to the reliability level, including at least one of the following possible factors:
    - time since last request by the requestor, past history of requests by requestor to the software platform, and/or past history of requests by the requestor to other software platforms.
  - 5. The method of claim 1 wherein:
    - at the receiving step, the request is received over a computer network;
      
      at the receiving step, the request includes at least one XML document; and
      
      the setting step is performed and the controlling step is begun to be performed before the at least one XML document is parsed.

6. A virtual machine (VM) software platform system, the system comprising:
- a heap memory;
  
  a servlet container;
  
  a container controller module structured and/or programmed to receive a request from a requestor, to determine authentication information in the request, and to add the requestor to a blacklist if certain predetermined conditions exist, wherein said predetermined conditions exist when the requester has made at least one resource intensive request, wherein said at least one resource intensive request comprises at least one resource intensive XML document, and to allocate a pooled thread for said request;
  
  anda policy module structured and/or programmed to set a reliability level from among a plurality of reliability levels based on the authentication information, wherein the plurality of reliability levels includes a blacklisted level, and wherein said policy module is structured and/or programmed to set said reliability level at said blacklisted level if the requester is added to the blacklist by the container controller module;
  
  wherein the container controller module is further structured and/or programmed to at least partially determine a resource allocation of the heap memory in a response to the request as controlled by the software platform system if the set reliability level is not the blacklisted level, and further wherein the container controller module is further structured and/or programmed to set an upper limit on heap usage for said thread based on the reliability level, and to provide the ability to change the previously set upper limit on heap usage and request processing priority using credit information based on the authentication information before processing the request made by the requestor, and further wherein the container controller module is further structured and/or programmed to reject a resource allocation of the heap memory in a response to the request as controlled by the software platform if the set reliability level is the blacklisted level.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6 wherein the software platform system is a JVM.
  - 8. The system of claim 6 wherein the container controller module is further structured and/or programmed to determine whether the authentication information includes at least one of the following types of authentication information:
    - personal identification of the requestor, identification of a requestor'"'"'s computer, identification of a service provider associated with requestor, and/or SSL client certification.
  - 9. The system of claim 6 wherein the container controller module is further structured and/or programmed to control resource allocation of the heap memory based in part upon at least one factor in addition to the reliability level, including at least one of the following possible factors:
    - time since last request by the requestor, past history of requests by requestor to the software platform system, and/or past history of requests by the requestor to other software platforms.
  - 10. The system of claim 6 further comprising:
    - a policy database structured and/or programmed to store and provide policy information relating to reliability levels and/or associated resource allocation limits to the policy module; and
      
      a user registry structured and/or programmed to store and provide user information to the policy module.
  - 11. The system of claim 6 further comprising wherein:
    - the servlet container includes the servlet thread, the container controller module and the policy module; and
      
      the heap memory is a heap area of a VM webserver.

12. A non-transitory computer readable medium for use with a heap memory, the medium comprising:
- a container controller module structured and/or programmed to receive a request from a requestor, to determine authentication information in the request, to add the requestor to a blacklist if certain predetermined conditions exist, wherein said predetermined conditions exist when the requester has made at least one resource intensive request, wherein said at least one resource intensive request comprises at least one resource intensive XML document, and to allocate a pooled thread for said request; and
  
  a policy module structured and/or programmed to set a reliability level from among a plurality of reliability levels based on the authentication information, wherein the plurality of reliability levels includes a blacklisted level, and wherein said policy module is structured and/or programmed to set said reliability level at said blacklisted level if the requester is added to the blacklist by the container controller module;
  
  wherein the container controller module is further structured and/or programmed to at least partially determine a resource allocation of the heap memory in a response to the request as controlled by the software platform if the set reliability level is not the blacklisted level, wherein the container controller module is further structured and/or programmed to set an upper limit on heap usage for said thread based on the reliability level, and to provide the ability to change the previously set upper limit on heap usage and request processing priority using credit information based on the authentication information before processing the request made by the requestor, and wherein the container controller module is further structured and/or programmed to reject a resource allocation of the heap memory in a response to the request as controlled by the software platform if the set reliability level is the blacklisted level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Miyamoto, Takashi, Okamoto, Kohsuke
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US13/597,637
Publication Number

US 20130014108A1
Time in Patent Office

1,049 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/53   by executing in a restricte...

H04L 63/08   for authentication of entit...

H04L 63/1458   Denial of Service

H04L 9/3263   involving certificates, e.g...

Virtual machine

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual machine

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links