Software Defect and Incident Response Tool

Background:  Web server administrators need a mechanism to prevent software defects in their systems from leading to full-system compromises. They need to ensure a malicious web client cannot affect other users of the site.  Currently, every person visiting a web server shares the same instance of the server (“multiplexing”) so when a breach occurs, it can affect any / all other users on the web server.

Technology Overview: This invention consists of creating a separate copy of a web server for each person / client visiting a particular web server.  A copy of the server is created and kept in a separate ‘container’ (like a lightweight virtual machine or VM).  Each client will interact with a separate copy of that server instead of every person sharing the same instance of the server (called “multiplexing”).  The containers have enforceable boundaries, allowing each to have its own permissions, processes, and storage. In turn, this limits any breach to only one container instead of the entire web server.

Key Features/Benefits

Benefits:

  • Web server copies kept in separate ‘containers’ (lightweight virtual machine or VM)
  • Containers have enforceable boundaries
  • Tailored permissions, processes, and storage for each container is matched to rights associated with specific person using it
  • Analysts can detect when web site exceeds associated permissions
  • When permissions exceeded, the container can be frozen for analysis
  • Freezing one copy does not affect other users
  • Freezing a copy can preserve forensics associated with the violation, simplifying debugging
  • ‘Containerization’ prevents the entire web server from being compromised
  • Reduces incident response time by 93-97%, saving corporations billions in aggregate (analyst time spent on web server breaches)

Applications:

  • Any computer server
  • Publicly facing web servers from small (department level), medium (corporate level) to large (major e-commerce sites)
  • Invented tool is designed specifically for the WordPress content management system (CMS) used by over 41% of websites.
Faculty/PhD/Staff Inventor(s)
Craig Shue
Lane Harrison
Julian Lanson
Yunsen Lei
Matthew Puentes
Research Category
Cyber Data & Security Science and Engineering
Patent Application Number
63/242,595
Patent Status
Provisional
Case Number
W22-006