1. Field of Invention
The present invention relates generally to computer network communication by software processes, and specifically to restricting process communication to a set of specific network addresses.
2. Background of Invention
With the popularity and success of the Internet, server technologies are of great commercial importance today. Typically, a single server program executes on a physical host computer, and services client requests made to the host. Most commonly, one network address is assigned to a physical host. However, using Transmission Control Protocol/Internet Protocol (TCP/IP) and other transport protocols, more than one network address can be assigned to a single physical host computer. Where a single network address is assigned to a physical host, the server program services client requests made to the single network address. Where multiple network addresses are assigned, the server program services client requests made to the multiple network addresses.
To service requests made to a host, a server program executing on the host typically opens a communication transport channel (socket) and allows receipt of incoming communications targeted for any of the network addresses assigned to the host. Accepting a communication request by a server executing TCP/IP is a three-step process that includes waiting for the communication request from a client, sending an acknowledgment signal to the client, and receiving a return acknowledgment signal from the client. This three-step process is called “three way handshaking,” and is a feature of TCP/IP communication.
A server program is simply a process. Multitasking operating systems can execute multiple processes simultaneously, so it is technically possible for more than one server program to execute on a single physical host computer. The ability to execute multiple server programs on a single physical host is desirable, because providing a unique physical host for each server program is expensive and inefficient. Hosting services are often provided commercially by an Internet Service Provider (ISP). Absent the execution of multiple server programs on a single physical host, an ISP would have to provide a separate physical host computer for every customer that purchases host services. Often, a customer purchasing host services from an ISP will neither require nor be amenable to paying for use of an entire host computer. Generally, only a fraction of the processing power, storage, and other resources of a host computer will be required to meet the needs of an individual customer.
Execution of multiple server programs on a single host would allow an ISP to utilize one host computer to provide commercial host services to multiple customers. Each customer would be assigned a single server program, and would be provided with resources on the single, physical host computer, effectively sharing the host with other customers. A client computer would request data from a specific one of the servers by targeting communication requests to one of the network addresses of the host computer. Thus, the functionality of numerous hosts would be provided by a single physical host computer, servicing requests made to a plurality of server programs by multiple customers.
One problem that renders the execution of multiple servers on a single physical host commercially unviable today is the inability to restrict the communication of individual servers to a set of specific network addresses. There are two options by which a server program can register itself with the operating system to receive incoming communication requests. The first option is for a server to register itself to receive communication requests targeted to any of the network addresses of the physical host computer. A server program registered according to the first option receives communication requests arriving at all of the network addresses allocated to the host. Thus, multiple server programs so registered can execute simultaneously and service requests made to the network addresses associated with the physical host, but specific ones of the server programs can not be restricted to receiving and servicing requests made to specific ones of the network addresses allocated to the physical host. Thus, any request made by any client to any network address allocated to the physical host could be received by any one of the server programs executing on the host.
Commercially desirable server programs must be associated with specific network addresses. Each customer of an ISP wants their server to receive and respond only to requests made thereto. Furthermore, each customer wants only their server to receive its targeted requests. Customers could benefit from the lowered expense of executing multiple server programs on a single physical host, but of course would insist on privacy between the multiple servers.
Customers would not accept a system in which a request targeted to their server could be received by a server of another customer of the ISP. The other customer could be a competitor, and the request could comprise classified data. And of course, servers are not generally programmed to process requests intended for other servers, and thus requests received by another server could go unprocessed, or could be improperly processed. Even in the best case scenario in which a server could process a received request intended for another server, the processing server would be allocating resources, paid for by one customer of the ISP, to service a request made to another customer. Clearly, the execution on a single host of multiple server programs which are not associated with specific network addresses is totally unacceptable for commercial purposes.
The second option by which a server program can register itself with the operating system to receive incoming communication requests is for the process to register itself to receive communication requests targeted to an individual network address associated with the physical host. Server programs registered according to the second option receive communication requests arriving only at a specific individual network address of the host. Thus, multiple server programs so registered can execute simultaneously. Each server program receives and services requests made to a specific one of the network addresses associated with the physical host. However, each server is restricted to receiving and servicing requests made to only one of the network addresses allocated to the physical host. Thus, no server program can service requests made to multiple network addresses.
While it is desirable to be able to restrict a server program to communication via a specific set of network addresses, it is at the same time desirable to be able to include in the specific set more than one network address. Many existing server programs that execute on dedicated physicals hosts are configured to service communication requests made to multiple network addresses. This functionality is a popular feature with purchasers of commercial host services. Were an ISP to commercially offer multiple server programs executing on a single physical host computer, the customers would expect the servers to be able to communicate via multiple network addresses. Thus, it is desirable for an ISP to be able to provide, on a single physical host computer, multiple servers each of which can service requests made to multiple network address.
There is an additional security related problem that results from not being able to restrict server programs to communication via specific network addresses. Without a mechanism to restrict a process to accessing a specific set of network addresses, a server program could be written that intentionally receives or monitors communication requests made to another server executing on the same host. If a customer of an ISP or an unauthorized third party learned a network address associated with another customer's server, it would be possible for the unauthorized party to create a server program to receive or monitor, at a source code level, communication via that address. The risk of such activity would obviously be unacceptable to customers of ISP's. Of course, ISP's could examine the source code of all server programs to attempt to prevent such activity, but such checking would be time consuming and expensive. It would be desirable for a process executing on the host, external to every server program, to ensure that no server program communicate via any unauthorized network address.
It is also important to understand that many server programs are being provided today by ISP's and other providers of host services. As explained above, it would be desirable for existing ISP's to be able to provide multiple server programs on a single physical host. However, many such ISP's would not want to replace their existing server programs with ones that could overcome the problems associated with providing multiple servers on a single physical host, even if such servers were available. Upgrading server software is a time consuming and complicated process, often involving costly down time and high labor expenses. It would be desirable to have a system to allow existing providers of server programs to provide multiple server programs on a single physical host without having to upgrade or replace their existing server software.
In summary, what is needed is a method whereby a process can be restricted to communication via a set of specific, multiple network addresses. That way, ISP's could provide multiple, commercially viable server programs on a single physical host computer. Furthermore, the method should be external to server programs executing on a host, so that unauthorized servers and third parties can be prevented from monitoring communication of other server programs. Finally, the method should not require the replacement of existing server programs.