Hierarchical rule development and binding for web application server firewall

US 9,237,130 B2
Filed: 01/06/2014
Issued: 01/12/2016
Est. Priority Date: 05/24/2011
Status: Active Grant

First Claim

Patent Images

1. A method of operating a central processor configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said method comprising the steps of:

building a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections;

developing said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and

binding said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Citations

9 Claims

1. A method of operating a central processor configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said method comprising the steps of:
- building a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections;
  
  developing said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and
  
  binding said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said building and developing steps further comprise causing at least one given one of said plurality of security rules which is written for a parent portion of at least one of said first and second HTTP message models to be inherited for a respective child portion of said at least one of said first and second HTTP message models.
  - 3. The method of claim 2, wherein said building and developing steps further comprise chaining at least two given ones of said plurality of security rules together based on at least said given condition being common to both of said at least two given ones of said plurality of security rules.
  - 4. The method of claim 1, wherein said building said plurality of HTTP message models is performed in a Unified Modeling Language.
  - 5. The method of claim 2, further comprising providing a rule development tool system, wherein said rule development tool system comprises distinct software modules, each of said distinct software modules being embodied on a computer-readable storage medium, and wherein said distinct software modules comprise a message modeling module, a rule modeling module, and a message rule binding module;
    - wherein;
      
      said building of said plurality of HTTP message models is carried out by said message modeling module executing on at least one hardware processor;
      
      said developing of said plurality of security rules is carried out by said rule modeling module executing on said at least one hardware processor; and
      
      said binding is carried out by said message rule binding module executing on said at least one hardware processor.

6. An article of manufacture comprising a computer program product for configuring a web application server firewall, which enabled inside a web application server, to process HTTP request messages and HTTP response messages received from at least one client computer in accordance with a plurality of security rules, said computer program product comprising:
- a non-transitory computer readable storage medium storing computer readable program code, said computer readable program code comprising;
  
  computer readable program code configured to build a plurality of HTTP message models having parent portions and child portions, said plurality of HTTP message models including a first HTTP message model configured to process said HTTP request messages and a second HTTP message model configured to process said HTTP response messages, each of said first and second HTTP message models comprising a plurality of message model sections;
  
  computer readable program code configured to develop said plurality of security rules, each security rule specifying at least one action responsive to a given condition, said given condition being based, at least in part, on a corresponding section of a message intercepted by said web application server firewall; and
  
  computer readable program code configured to bind said plurality of security rules to said message model sections, wherein said binding comprises inheriting, by at least one child portion of at least one of the plurality of HTTP message models, at least one of said plurality of security rules from at least one of the parent portions of said at least one of the plurality of HTTP message models.
- View Dependent Claims (7, 8, 9)
- - 7. The article of manufacture of claim 6, wherein said computer readable program code configured to build and said computer readable program code configured to develop further comprise computer readable program code configured to cause at least one given one of said plurality of security rules which is written for a parent portion of at least one of said first and second HTTP message models to be inherited for a respective child portion of said at least one of said first and second HTTP message models.
  - 8. The article of manufacture of claim 7, wherein said computer readable program code configured to build and said computer readable program code configured to develop further comprise computer readable program code configured to chain at least two given ones of said plurality of security rules together based on at least said given condition being common to both of said at least two given ones of said plurality of security rules.
  - 9. The article of manufacture of claim 7, wherein said computer readable program code configured to build said plurality of HTTP message models further comprises computer readable program code configured to build said plurality of HTTP message models in a Unified Modeling Language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Ji, Peng, Luo, Lin, Sreedhar, Vugranam C., Yang, Shun Xiang, Zhang, Yu
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
CHIANG, JASON

Application Number

US14/147,857
Publication Number

US 20140196141A1
Time in Patent Office

736 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 67/02   based on web technology, e....

Hierarchical rule development and binding for web application server firewall

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical rule development and binding for web application server firewall

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links