US2010106767A1PendingUtilityA1
Automatically securing distributed applications
Est. expiryOct 24, 2028(~2.3 yrs left)· nominal 20-yr term from priority
Inventors:Benjamin LivshitsHenricus Johannes Maria MeijerCedric FournetJeffrey Van GoghDanny Van VelzenKrishnaprasad VikramAbhishek Prateek
G06F 21/52G06F 2221/2101H04L 63/08
49
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.
Claims
exact text as granted — not AI-modified1 . A system for securing distributed applications, comprising:
a server component that executes an abstract replica of a client-side application; and a client component that executes the client-side application, the client component captures events from the client-side application and transmits the events to the replica to validate the integrity of application execution.
2 . The system of claim 1 , the events are generated by a user or an application component.
3 . The system of claim 2 , the integrity is facilitated by comparing messages or observable states computed by the replica and received from the client-side application.
4 . The system of claim 3 , further comprising a checker to compare the messages computed by the replica and received from the client-side application.
5 . The system of claim 3 , further comprising a component to generate an error event if a discrepancy is detected between messages.
6 . The system of claim 1 , further comprising tier-splitting components to automatically generate the client-side application and the replica.
7 . The system of claim 1 , the replica provides minimal functionality of the client-side application in order to compute a desired integrity checking result from an event stream.
8 . The system of claim 1 , the client-side application is an asynchronous interpreted programming language based web application.
9 . The system of claim 8 , the client-side application is communicated with via one or more remote procedure calls.
10 . The system of claim 9 , the client-side application is translated into an interpreted programming language for execution within a web browser.
11 . The system of claim 1 , further comprising an event handler inserted into the client-side application through code rewriting.
12 . The system of claim 1 , further comprising an event handler inserted into the client-side application through runtime modifications.
13 . The system of claim 1 , further comprising a component to batch events to reduce performance overhead.
14 . The system of claim 1 , further comprising an audit log that is generated to compare messages or observable states between the client-side application and the replica.
15 . The system of claim 14 , the audit log is examined online in real time, examined at a later time, or provides a sample for further analysis.
16 . The system of claim 15 , further comprising a method authentication component that is transmitted in lieu of a complete message inside of a remote procedure call.
17 . A method to validate security of a remote application, comprising:
generating a replica of a remote client application; executing the replica in conjunction with the remote client application; monitoring events associated with the remote client application; and comparing results between the replica and the remote client application to validate security of the application.
18 . The method of claim 17 , further comprising automatically instumenting the remote client application to monitor user events and communications with third-party components.
19 . The method of claim 17 , further comprising generating a message to indicate an execution pattern for the remote client application.
20 . A system for virtualizing script/bytecode execution across tiers, comprising:
means for instrumenting user events; means for controlling third party interactions; and means for discovering sources of non-determinism.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.