Hierarchical rule development and binding for web application server firewall

US 8,627,442 B2
Filed: 05/24/2011
Issued: 01/07/2014
Est. Priority Date: 05/24/2011
Status: Active Grant

First Claim

Patent Images

1. A method for operating a web application server firewall, said method comprising the steps of:

building a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections;

intercepting at least one of said HTTP request message and said HTTP response message;

identifying a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections;

parsing a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model;

binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and

processing said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

65 Citations

View as Search Results

13 Claims

1. A method for operating a web application server firewall, said method comprising the steps of:
- building a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections;
  
  intercepting at least one of said HTTP request message and said HTTP response message;
  
  identifying a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections;
  
  parsing a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model;
  
  binding a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and
  
  processing said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein building said plurality of HTTP message models further comprises developing said plurality of security rules.
  - 3. The method of claim 2, wherein said building and developing further comprise causing at least one given one of said plurality of security rules which is written for a parent portion of a corresponding HTTP message model to be inherited for a child portion of said corresponding HTTP message model.
  - 4. The method of claim 2, wherein said building and developing further comprise chaining at least two given ones of said plurality of security rules together based on at least said given condition being common to both of said at least two given ones of said plurality of security rules.
  - 5. The method of claim 2, wherein said building of said plurality of HTTP message models comprises building of said plurality of HTTP message models in UML.
  - 6. The method of claim 2, wherein said processing further comprises message content normalization.
  - 7. The method of claim 2, further comprising providing a system, wherein the system comprises distinct software modules, each of the distinct software modules being embodied on a computer-readable storage medium, and wherein the distinct software modules comprise a connector module, a message handler module, a rule development tool module, and runtime engine module;
    - wherein;
      
      said intercepting is carried out by said connector module executing on at least one hardware processor;
      
      said identifying and said parsing are carried out by said message handler module executing on said at least one hardware processor;
      
      said binding, building, and developing are carried out by said rule development tool module executing on said at least one hardware processor; and
      
      said processing is carried out by said runtime engine module executing on said at least one hardware processor.

8. An article of manufacture comprising a computer program product for operating a web application server firewall, said computer program product comprising:
- a computer readable storage medium, storing in a non-transitory manner computer readable program code, the computer readable program code comprising;
  
  computer readable program code configured to build a plurality of HTTP message models for anticipated messages including HTTP request messages and HTTP response messages, said plurality of HTTP message models including at least a first HTTP message model and a second HTTP message model corresponding to an HTTP request message and an HTTP response message, respectively, and each of said plurality of HTTP message models comprising a plurality of message model sections;
  
  computer readable program code configured to intercept at least one of said HTTP request message and said HTTP response message;
  
  computer readable program code configured to identify a corresponding HTTP message model from among said plurality of HTTP message models, based on said intercepting step, said HTTP message model comprising a plurality of message model sections;
  
  computer readable program code configured to parse a representation of said at least one of said HTTP request message and said HTTP response message into message sections in accordance with said message model sections of said HTTP message model;
  
  computer readable program code configured to bind a plurality of security rules to said message model sections, said plurality of security rules each specifying at least one action to be taken in response to a given condition, said given condition being based, at least in part, on a corresponding given one of said message sections; and
  
  computer readable program code configured to process said at least one of said HTTP request message and said HTTP response message in accordance with said plurality of security rules.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The article of manufacture of claim 8, wherein said computer readable program code configured to build said plurality of HTTP message models further comprising computer readable program code configured to develop said plurality of security rules.
  - 10. The article of manufacture of claim 9, wherein said computer readable program code configured to build and develop further comprises computer readable program code configured to cause at least one given one of said plurality of security rules which is written for a parent portion of a corresponding HTTP message model to be inherited for a child portion of said corresponding HTTP message model.
  - 11. The article of manufacture of claim 9, wherein said computer readable program code configured to build and develop further comprise computer readable program code configured to chain at least two given ones of said plurality of security rules together based on at least said given condition being common to both of said at least two given ones of said plurality of security rules.
  - 12. The article of manufacture of claim 9, wherein said computer readable program code configured to build said plurality of HTTP message models comprises computer readable program code configured to build said plurality of HTTP message models in UML.
  - 13. The article of manufacture of claim 9, wherein said computer readable program code configured to process further comprises computer readable program code configured to carry out message content normalization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Ji, Peng, Luo, Lin, Sreedhar, Vugranam C., Yang, Shun Xiang, Zhang, Yu
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
CHIANG, JASON

Application Number

US13/114,315
Publication Number

US 20120304275A1
Time in Patent Office

959 Days
Field of Search

726/11
US Class Current

726/11
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/105   Multiple levels of security

H04L 63/1416   Event detection, e.g. attac...

H04L 67/02   based on web technology, e....

Hierarchical rule development and binding for web application server firewall

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical rule development and binding for web application server firewall

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links