Safe mode for inverse query evaluations
Embodiments herein prevent or mitigate attacks on inverse query engines by providing safe mode routines that allow for the acceptance of third party messages and/or query expressions, as well as prevent trusted sources from accidental attacks. The mitigations fall into two categories: compile-time a...
Saved in:
| Main Authors | , , , |
|---|---|
| Format | Patent |
| Language | English |
| Published |
01.03.2011
|
| Online Access | Get full text |
Cover
Loading…
| Abstract | Embodiments herein prevent or mitigate attacks on inverse query engines by providing safe mode routines that allow for the acceptance of third party messages and/or query expressions, as well as prevent trusted sources from accidental attacks. The mitigations fall into two categories: compile-time and runtime. Compile-time mitigations prevent query expressions from being accepted and compiled that are susceptible to known attacks. For example, the complexity of query expressions may be limited to functions with linear runtimes; constant memory usage; or ones that do not create large strings. Further, language constructs for the criteria in the query expression may not allow for nested predicates complexities. Runtime mitigations, on the other hand, monitor the data size and processing lengths of messages against the various query expressions. If these runtime quotas are exceeded, an exception or other violation indication may be thrown (e.g., abort), deeming the evaluation as under attack. |
|---|---|
| AbstractList | Embodiments herein prevent or mitigate attacks on inverse query engines by providing safe mode routines that allow for the acceptance of third party messages and/or query expressions, as well as prevent trusted sources from accidental attacks. The mitigations fall into two categories: compile-time and runtime. Compile-time mitigations prevent query expressions from being accepted and compiled that are susceptible to known attacks. For example, the complexity of query expressions may be limited to functions with linear runtimes; constant memory usage; or ones that do not create large strings. Further, language constructs for the criteria in the query expression may not allow for nested predicates complexities. Runtime mitigations, on the other hand, monitor the data size and processing lengths of messages against the various query expressions. If these runtime quotas are exceeded, an exception or other violation indication may be thrown (e.g., abort), deeming the evaluation as under attack. |
| Author | Madan, Umesh Diplan, Pompiliu Stern, Aaron A Eppley, Geary L |
| Author_xml | – sequence: 1 givenname: Aaron A surname: Stern fullname: Stern, Aaron A – sequence: 2 givenname: Pompiliu surname: Diplan fullname: Diplan, Pompiliu – sequence: 3 givenname: Geary L surname: Eppley fullname: Eppley, Geary L – sequence: 4 givenname: Umesh surname: Madan fullname: Madan, Umesh |
| BookMark | eNrjYmDJy89L5WRQD05MS1XIzU9JVUjLL1LIzCtLLSpOVSgsTS2qVEgtS8wpTSzJzM8r5mFgTUvMKU7lhdLcDApuriHOHrqlxQWJJal5JcXx6UWJIMrA3MLS0sLQ3JgIJQBfxSrE |
| ContentType | Patent |
| CorporateAuthor | Microsoft Corporation |
| CorporateAuthor_xml | – name: Microsoft Corporation |
| DBID | EFH |
| DatabaseName | USPTO Issued Patents |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: EFH name: USPTO Issued Patents url: http://www.uspto.gov/patft/index.html sourceTypes: Open Access Repository |
| DeliveryMethod | fulltext_linktorsrc |
| ExternalDocumentID | 07899817 |
| GroupedDBID | EFH |
| ID | FETCH-uspatents_grants_078998173 |
| IEDL.DBID | EFH |
| IngestDate | Sun Mar 05 22:33:35 EST 2023 |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-uspatents_grants_078998173 |
| OpenAccessLink | https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7899817 |
| ParticipantIDs | uspatents_grants_07899817 |
| PatentNumber | 7899817 |
| PublicationCentury | 2000 |
| PublicationDate | 20110301 |
| PublicationDateYYYYMMDD | 2011-03-01 |
| PublicationDate_xml | – month: 03 year: 2011 text: 20110301 day: 01 |
| PublicationDecade | 2010 |
| PublicationYear | 2011 |
| References | Wachtel (6847974) 20050100 Dutta et al. (2005/0177570) 20050800 Berk et al. (2006/0294095) 20061200 Ponte (7047242) 20060500 Nakamura et al. (2003/0163285) 20030800 Chujo et al. (7017016) 20060300 Wang et al. (2005/0203957) 20050900 Ismail (2005/0193023) 20050900 Liu et al. (2006/0031233) 20060200 Mongkolsmai et al. (2006/0150162) 20060700 Callan (6105023) 20000800 Valliappan et al. (2005/0165754) 20050700 "Random Acess SML-RAX 4 Content Processor," Tarari, available at http://www.ccd.uab.es/˜joaquin/papers/intellcomm05.pdf (PDF enclosed entitled "Article 2," 2 pages). Baule (5249262) 19930900 Madan et al. (2005/0187906) 20050800 Chan et al. (2004/0010752) 20040100 Neeraj Bajaj, "Easy and Efficient XMLProcessing: Upgrade to JAXP 1.3," Sun Microsystems, Inc., Oct. 11, 2005, available at http://www.tarari.com/PDF/Tarari-RAX4-ProductBrief.pdf (PDF enclosed entitled "Article 1," 13 pages). Day et al. (2005/0091196) 20050400 Sashida et al. (2004/0193586) 20040900 Barton et al. (2004/0068487) 20040400 Thusoo et al. (2005/0228768) 20051000 Lemoine (2006/0005122) 20060100 Song (5432930) 19950700 Keeler et al. (5781432) 19980700 Rose et al. (2005/0257201) 20051100 Chen et al. (2003/0055814) 20030300 Imamura et al. (2004/0261019) 20041200 Bill (2006/0173841) 20060800 Balmin et al. (2005/0097084) 20050500 Cheng et al. (2006/0005148) 20060100 Santosuosso (7031958) 20060400 Calahan (2004/0172599) 20040900 Cheong Wan et al. (2006/0020631) 20060100 Shih et al. (2002/0112061) 20020800 Garcia, et al., "Decoupling Components of an Attack Prevention System Using Publish/Subscribe," University of Barcelona, available at http://java.sun.com/developer/technicalArticles/xml/jaxp1-3/ (PDF enclosed entitled "Article3," 11 pages). Gottlob et al. (2004/0060007) 20040300 |
| References_xml | – year: 20040300 ident: 2004/0060007 contributor: fullname: Gottlob et al. – year: 19980700 ident: 5781432 contributor: fullname: Keeler et al. – year: 20060100 ident: 2006/0005148 contributor: fullname: Cheng et al. – year: 20060500 ident: 7047242 contributor: fullname: Ponte – year: 20050900 ident: 2005/0193023 contributor: fullname: Ismail – year: 20060700 ident: 2006/0150162 contributor: fullname: Mongkolsmai et al. – year: 20050400 ident: 2005/0091196 contributor: fullname: Day et al. – year: 20020800 ident: 2002/0112061 contributor: fullname: Shih et al. – year: 20030800 ident: 2003/0163285 contributor: fullname: Nakamura et al. – year: 20040900 ident: 2004/0172599 contributor: fullname: Calahan – year: 20040900 ident: 2004/0193586 contributor: fullname: Sashida et al. – year: 20050500 ident: 2005/0097084 contributor: fullname: Balmin et al. – year: 19950700 ident: 5432930 contributor: fullname: Song – year: 20060300 ident: 7017016 contributor: fullname: Chujo et al. – year: 20050700 ident: 2005/0165754 contributor: fullname: Valliappan et al. – year: 20060800 ident: 2006/0173841 contributor: fullname: Bill – year: 20051100 ident: 2005/0257201 contributor: fullname: Rose et al. – year: 20050800 ident: 2005/0187906 contributor: fullname: Madan et al. – year: 20040100 ident: 2004/0010752 contributor: fullname: Chan et al. – year: 20050800 ident: 2005/0177570 contributor: fullname: Dutta et al. – year: 20051000 ident: 2005/0228768 contributor: fullname: Thusoo et al. – year: 20060400 ident: 7031958 contributor: fullname: Santosuosso – year: 20040400 ident: 2004/0068487 contributor: fullname: Barton et al. – year: 20060200 ident: 2006/0031233 contributor: fullname: Liu et al. – year: 20060100 ident: 2006/0005122 contributor: fullname: Lemoine – year: 20060100 ident: 2006/0020631 contributor: fullname: Cheong Wan et al. – year: 19930900 ident: 5249262 contributor: fullname: Baule – year: 20050100 ident: 6847974 contributor: fullname: Wachtel – year: 20041200 ident: 2004/0261019 contributor: fullname: Imamura et al. – year: 20050900 ident: 2005/0203957 contributor: fullname: Wang et al. – year: 20061200 ident: 2006/0294095 contributor: fullname: Berk et al. – year: 20000800 ident: 6105023 contributor: fullname: Callan – year: 20030300 ident: 2003/0055814 contributor: fullname: Chen et al. |
| Score | 2.797462 |
| Snippet | Embodiments herein prevent or mitigate attacks on inverse query engines by providing safe mode routines that allow for the acceptance of third party messages... |
| SourceID | uspatents |
| SourceType | Open Access Repository |
| Title | Safe mode for inverse query evaluations |
| URI | https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7899817 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwY2BQSUxJAjbkk4CJF9gW1TVJMTLRTUw2MdM1M0oyNrO0MDRJSwWv8vUz8wg18YowjWBi8IDvhckFZiPdAqBbivVKiwtK8sGLK4HFOyTidSGHP4POCMwDnT5QnpeTn5gSkJKmbw7qOBiaMzMwWxiAlva5unlwM3ACjQA22fJKipEqDTdBBrYAsKgQA1NqngiDenBiWqoC6OYZBWBDUSEzD7QgIlUBWC4XVSogDt0uFmVQcHMNcfbQhZsan14EWq0SbwC13ViMgQXYa0-VYFBINk42NEk1SzZMA1bSlkaGiSbAtpBpommyhUVqSqJhiiSDJE5jpPDISTNwQYY1QcugZBhYSopKU2WB9WJJkhzY0wC5VG2U |
| link.rule.ids | 230,309,783,805,888,64373 |
| linkProvider | USPTO |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwfV3PS8MwFH7MKc6dFJXNnzkInqKmTbPurJZOZRRU2K2kSSqCZqPtEP97X1KZXvSawEtCkve-l3z5AnAmdYFAvsDFi1iUch1wKhUXVARFKMYx46XxLN-pSJ_53SyadSBdvYV5x21EF9iX-mJZL5q5J1eie28nnrbiz04j0Dr1gQ_7Npc60-XlyCUObLQG6-4qyidCSdqHHhpB0Gab-lfYSLZhI_OlO9AxdhfOH2VpiPt7hiBUJK_WUSIMQc9cfZIf2e16D0hy-3Sd0pXV_KVyfJX86rv9cB-6mLebARAVKsaNUKzEMD0OmOSIhiIZqTg2WjI9hOGfZg7-qTuFzewmyR8m0_tD2GrPOB0n6gi6TbU0xxgkm-LEj_8LRgFwjg |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Apatent&rft.title=Safe+mode+for+inverse+query+evaluations&rft.inventor=Stern%2C+Aaron+A&rft.inventor=Diplan%2C+Pompiliu&rft.inventor=Eppley%2C+Geary+L&rft.inventor=Madan%2C+Umesh&rft.number=7899817&rft.date=2011-03-01&rft.externalDBID=n%2Fa&rft.externalDocID=07899817 |