US2010106767A1PendingUtilityA1

Automatically securing distributed applications

49
Assignee: MICROSOFT CORPPriority: Oct 24, 2008Filed: Oct 24, 2008Published: Apr 29, 2010
Est. expiryOct 24, 2028(~2.3 yrs left)· nominal 20-yr term from priority
G06F 21/52G06F 2221/2101H04L 63/08
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A processing system for distributed multi-tier applications is provided. The system includes a server component that executes a replica of a client-side application, where a client component executes the client-side application. The client component captures events from the client-side application and transmits the events to the replica to validate the computational integrity security of the application.

Claims

exact text as granted — not AI-modified
1 . A system for securing distributed applications, comprising:
 a server component that executes an abstract replica of a client-side application; and   a client component that executes the client-side application, the client component captures events from the client-side application and transmits the events to the replica to validate the integrity of application execution.   
     
     
         2 . The system of  claim 1 , the events are generated by a user or an application component. 
     
     
         3 . The system of  claim 2 , the integrity is facilitated by comparing messages or observable states computed by the replica and received from the client-side application. 
     
     
         4 . The system of  claim 3 , further comprising a checker to compare the messages computed by the replica and received from the client-side application. 
     
     
         5 . The system of  claim 3 , further comprising a component to generate an error event if a discrepancy is detected between messages. 
     
     
         6 . The system of  claim 1 , further comprising tier-splitting components to automatically generate the client-side application and the replica. 
     
     
         7 . The system of  claim 1 , the replica provides minimal functionality of the client-side application in order to compute a desired integrity checking result from an event stream. 
     
     
         8 . The system of  claim 1 , the client-side application is an asynchronous interpreted programming language based web application. 
     
     
         9 . The system of  claim 8 , the client-side application is communicated with via one or more remote procedure calls. 
     
     
         10 . The system of  claim 9 , the client-side application is translated into an interpreted programming language for execution within a web browser. 
     
     
         11 . The system of  claim 1 , further comprising an event handler inserted into the client-side application through code rewriting. 
     
     
         12 . The system of  claim 1 , further comprising an event handler inserted into the client-side application through runtime modifications. 
     
     
         13 . The system of  claim 1 , further comprising a component to batch events to reduce performance overhead. 
     
     
         14 . The system of  claim 1 , further comprising an audit log that is generated to compare messages or observable states between the client-side application and the replica. 
     
     
         15 . The system of  claim 14 , the audit log is examined online in real time, examined at a later time, or provides a sample for further analysis. 
     
     
         16 . The system of  claim 15 , further comprising a method authentication component that is transmitted in lieu of a complete message inside of a remote procedure call. 
     
     
         17 . A method to validate security of a remote application, comprising:
 generating a replica of a remote client application;   executing the replica in conjunction with the remote client application;   monitoring events associated with the remote client application; and   comparing results between the replica and the remote client application to validate security of the application.   
     
     
         18 . The method of  claim 17 , further comprising automatically instumenting the remote client application to monitor user events and communications with third-party components. 
     
     
         19 . The method of  claim 17 , further comprising generating a message to indicate an execution pattern for the remote client application. 
     
     
         20 . A system for virtualizing script/bytecode execution across tiers, comprising:
 means for instrumenting user events;   means for controlling third party interactions; and   means for discovering sources of non-determinism.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.