Resource usage optimized auditing of database shared memory

US 10,127,383 B2
Filed: 11/06/2014
Issued: 11/13/2018
Est. Priority Date: 11/06/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer usable program product comprising a computer readable storage device including computer usable code for security auditing of database transactions, the computer usable code comprising:

computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication;

computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period;

computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource;

computer usable code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback;

computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate;

computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period;

computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets;

computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and

computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, and computer program product for security auditing of database transactions are provided in the illustrative embodiments. For a specified period, an available capacity of a computing resource in a data processing system usable to analyze a database protocol packet. The database protocol packet is stored in a shared memory during a data communication. A number of database protocol packets expected in the shared memory during the specified period is determined. Determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource is computed. During the specified period, the second number of database protocol packets is caused to be selected from every number of database protocol packets stored in the shared memory for analysis using the computing resource during the specified period.

15 Citations

11 Claims

1. A non-transitory computer usable program product comprising a computer readable storage device including computer usable code for security auditing of database transactions, the computer usable code comprising:
- computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication;
  
  computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period;
  
  computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource;
  
  computer usable code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback;
  
  computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate;
  
  computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period;
  
  computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets;
  
  computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and
  
  computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer usable program product of claim 1, further comprising:
    - computer usable code for using the historical record to determine an expected amount of capacity of the computing resource consumed in analyzing a database protocol packet, the historical record comprising an entry of an actual amount of capacity of the computing resource consumed in analyzing the database protocol packet during a past period; and
      
      computer usable code for computing, as a part of the computer usable code for determining the second number of database protocol packets, using the expected amount of capacity of the computing resource, the second number of database protocol packets that can be analyzed using the available capacity of the computing resource.
  - 3. The non-transitory computer usable program product of claim 1, further comprising:
    - computer usable code for predicting a total available capacity of the computing resource during the specified period;
      
      computer usable code for computing a usable capacity by applying a threshold to the total available capacity; and
      
      computer usable code for further reducing the usable capacity by a functioning amount to result in the available capacity.
  - 4. The non-transitory computer usable program product of claim 3, wherein the threshold limits a usage of the computing resource by an intercept agent, and wherein the functioning amount correspond to a usage of the computing resource in performing a non-analytical function of the intercept agent.
  - 5. The non-transitory computer usable program product of claim 1, further comprising:
    - computer usable code for using the historical record to forecast the available capacity of the computing resource during the specified period, the historical record comprising an entry of an actual utilized capacity of the computing resource during a past period.
  - 6. The non-transitory computer usable program product of claim 1, wherein the computing resource comprises at least one hardware processor, wherein the available capacity comprises unutilized processor capacity of the at least one processor above an expected utilization of the at least one processor.
  - 7. The non-transitory computer usable program product of claim 1, wherein the computer usable code is stored in a computer readable storage device in a data processing system, and wherein the computer usable code is transferred over a network from a remote data processing system.
  - 8. The non-transitory computer usable program product of claim 1, wherein the computer usable code is stored in a computer readable storage device in a server data processing system, and wherein the computer usable code is downloaded over a network to a remote data processing system for use in a computer readable storage device associated with the remote data processing system.

9. A data processing system for security auditing of database transactions, the data processing system comprising:
- a storage device, wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises;
  
  computer usable code for forecasting, in a data processing system, for a specified period, an available capacity of a computing resource in the data processing system, the available capacity being usable to analyze a database protocol packet, wherein the database protocol packet is stored in a shared memory during a data communication;
  
  computer usable code for determining a number of database protocol packets expected in the shared memory during the specified period using a historical record, the historical record comprising an entry of an actual number of database protocol packets stored in the shared memory during a past period;
  
  computer usable code for receiving feedback from the computing resource indicative of actual processor capacity usage for performing protocol analysis by the computing resource;
  
  computer code for determining an analysis rate for the specified period based upon the determined number of database protocol packets expected in the shared memory during the specified period and the received feedback;
  
  computer usable code for determining a second number of database protocol packets that can be analyzed using the available capacity of the computing resource, wherein the second number of database protocol packets is determined based upon the determined analysis rate;
  
  computer usable code for causing, during the specified period, the second number of database protocol packets to be selected from every number of database protocol packets stored in the shared memory, the selected database protocol packets being analyzed using the computing resource during the specified period;
  
  computer usable code for performing the analysis on the selected database protocol packets to result in partially analyzed packets;
  
  computer usable code for sending the partially analyzed packets to a security application executing using a second computing resource in a second data processing system; and
  
  computer usable code for sending unselected database protocol packets from the every number of database protocol packets to the security application, wherein the security application performs a security audit on the partially analyzed packets using a first amount of the second computing resource in comparison to a second amount of the second computing resource, and wherein the first amount is less than the second amount, and wherein the security application performs a database protocol analysis and a security audit on the unselected database protocol packets using the second amount of the second computing resource.

10. A computer program product comprising:
- a computer readable storage medium; and
  
  computer code stored on the computer readable storage medium, with the computer code including instructions and data for causing a processor(s) set to perform at least the following operations;
  
  intercepting, by a monitoring agent on running a first computer, intercepted audit data that was sent at an auditing engine running on a second computer;
  
  responsive to the interception of the intercepted data, determining, by the monitoring agent, that a load on the first computer is below a predetermined threshold;
  
  responsive to the determination that the load on the first computer is below the predetermined threshold, performing, by the monitoring agent, at least a first auditing step of a predetermined plurality of ordered auditing steps to obtain intermediate audit data; and
  
  sending by the monitoring agent, through a communication network and to the auditing engine, the intermediate audit data so that performance of the plurality of auditing steps consumes resources of the first computer to save load on the second computer in a contingent manner that depends upon a current load on the first computer; and
  
  wherein the auditing engine performs a security audit on the intermediate audit data, and wherein the auditing engine further performs a database protocol analysis and a security audit on a portion of the audit data for which the first auditing step was not performed by the monitoring agent.
- View Dependent Claims (11)
- - 11. The computer program product of claim 10, wherein the first auditing step is a statement construction and character set conversion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Rodniansky, Leonid
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
Barker, Todd L

Application Number

US14/534,248
Publication Number

US 20160132680A1
Time in Patent Office

1,468 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/20   for managing network securi...

Resource usage optimized auditing of database shared memory

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Resource usage optimized auditing of database shared memory

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links