| 发明名称 |
DYNAMIC FILTERING FOR SDN API CALLS ACROSS A SECURITY BOUNDARY |
| 摘要 |
Presented herein are techniques to reduce the vulnerabilities of network elements to malicious API calls. One or more filters that validate data across an API boundary at a network element are dynamically loaded into the network element such that a reboot of the network element is not required to use the one or more filters. An API call is received for an API function, wherein the API call contains one or more parameter values associated with the API function. The parameters may be validated using the one or more filters. If it is determined that the one or more filters validate the parameters for the API function, the API function may be executed using the parameter values. If it is determined that the one or more filters do not validate the parameters for the API function, the execution of the API function may be aborted. |
| 申请公布号 |
US2015200955(A1) |
申请公布日期 |
2015.07.16 |
| 申请号 |
US201414153742 |
申请日期 |
2014.01.13 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Martin Antonio |
| 分类号 |
H04L29/06;G06F21/56 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
dynamically loading one or more filters that validate data across an application programming interface (API) boundary in a network element such that a reboot of the network element is not required to use the one or more filters; receiving an API call for an API function, wherein the API call contains one or more parameter values associated with the API function; validating the parameters using the one or more filters; if it is determined that the one or more filters validate the parameters for the API function, executing the API function using the parameter values; and if it is determined that the one or more filters do not validate the parameters for the API function, aborting execution of the API function. |
| 地址 |
San Jose CA US |
