Self-repair and distributed-repair of applications
First Claim
Patent Images
1. A method for self-repair and distributed-repair of applications, the method comprising:
- providing a visual editor for a first set of policy configurations;
instrumenting the first set of policy configuration into a set of application instances corresponding to a set of computers;
detecting an information-flow-security violation at run time of a first application instance in the set of application instances corresponding to a first computer of the set of computers;
correcting the information-flow-security violation for the first application instance corresponding to the first computer, to establish a corrected information-flow-security violation;
establishing a second set of policy configurations for the first application instance corresponding to the first computer based at least in part on the corrected information-flow-security violation;
communicating the second set of policy configurations to a monitor agent on a second computer of the set of computers; and
establishing by the monitor agent the second set of policy configuration for a subset of application instances in the set of application instances,wherein;
at least the step of establishing a second set of policy configurations for the first application instance is performed by computer software running on computer hardware.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided to instrument applications with an instrumentation policy that is visually configurable and allows for run-time modifications of the policy. Instrumentation is achieved without modifying the source code of the applications. Modification of the instrumentation policy of an application is applied without re-compiling, re-deploying, and re-provisioning the application. The instrumentation tracks the flow of values at run time throughout the execution of an application and fixes any security violation automatically by dynamically modifying any value that violates integrity or confidentiality.
23 Citations
20 Claims
-
1. A method for self-repair and distributed-repair of applications, the method comprising:
-
providing a visual editor for a first set of policy configurations; instrumenting the first set of policy configuration into a set of application instances corresponding to a set of computers; detecting an information-flow-security violation at run time of a first application instance in the set of application instances corresponding to a first computer of the set of computers; correcting the information-flow-security violation for the first application instance corresponding to the first computer, to establish a corrected information-flow-security violation; establishing a second set of policy configurations for the first application instance corresponding to the first computer based at least in part on the corrected information-flow-security violation; communicating the second set of policy configurations to a monitor agent on a second computer of the set of computers; and establishing by the monitor agent the second set of policy configuration for a subset of application instances in the set of application instances, wherein; at least the step of establishing a second set of policy configurations for the first application instance is performed by computer software running on computer hardware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for self-repair and distributed-repair of applications, the computer program product comprising a computer readable storage medium having stored thereon:
-
first program instructions programmed to provide a visual editor for a first set of policy configurations; second program instructions programmed to instrument the first set of policy configuration into a set of application instances corresponding to a set of computers; third program instructions programmed to detect an information-flow-security violation at run time of a first application instance in the set of application instances corresponding to a first computer of the set of computers; fourth program instructions programmed to correct the information-flow-security violation for the first application instance corresponding to the first computer, to establish a corrected information-flow-security violation; fifth program instructions to establish a second set of policy configurations for the first application instance corresponding to the first computer based at least in part on the corrected information-flow-security violation; sixth program instructions to communicate the second set of policy configurations to a monitor agent on a second computer of the set of computers; and seventh program instructions to establish by the monitor agent the second set of policy configuration for a subset of application instances in the set of application instances. wherein; at least the step of establishing a second set of policy configurations for the first application instance is performed by computer software running on computer hardware. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer system for self-repair and distributed-repair of applications, the computer system comprising:
-
a processor(s) set; and a computer readable storage medium; wherein; the processor set is structured, located, connected and/or programmed to run program instructions stored on the computer readable storage medium; and the program instructions include; first program instructions programmed to provide a visual editor for a first set of policy configurations; second program instructions programmed to instrument the first set of policy configuration into a set of application instances corresponding to a set of computers; third program instructions programmed to detect an information-flow-security violation at run time of a first application instance in the set of application instances corresponding to a first computer of the set of computers; fourth program instructions programmed to correct the information-flow-security violation for the first application instance corresponding to the first computer, to establish a corrected information-flow-security violation; fifth program instructions to establish a second set of policy configurations for the first application instance corresponding to the first computer based at least in part on the corrected information-flow-security violation; sixth program instructions to communicate the second set of policy configurations to a monitor agent on a second computer of the set of computers; and seventh program instructions to establish by the monitor agent the second set of policy configuration for a subset of application instances in the set of application instances. wherein; at least the step of establishing a second set of policy configurations for the first application instance is performed by computer software running on computer hardware. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification