Trusted operating system

US 20030172109A1
Filed: 09/26/2002
Published: 09/11/2003
Est. Priority Date: 01/31/2001
Status: Abandoned Application

First Claim

Patent Images

1. ) An operating system for supporting a plurality of applications, wherein at least some of said applications are provided with a label or tag, each label or tag being indicative of a logically protected computing compartment of the system, each application having the same label or tag belonging to the same compartment, the operating system defining one or more communications paths between said compartments, and preventing communication between compartments where a communication path therebetween is not defined.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.

In a preferred embodiment, each application supported by the operating system, is assigned a tag or label, each tag or label being indicative of a logically protected computing environment or “compartment”, and applications having the same tag or label belonging to the same compartment. By default, only applications running in the same compartment can communicate with each other. Access control rules define very narrow tightly-controlled communications paths between compartments.

182 Citations

27 Claims

1. ) An operating system for supporting a plurality of applications, wherein at least some of said applications are provided with a label or tag, each label or tag being indicative of a logically protected computing compartment of the system, each application having the same label or tag belonging to the same compartment, the operating system defining one or more communications paths between said compartments, and preventing communication between compartments where a communication path therebetween is not defined.
- View Dependent Claims (2)
- - 2. ) An operating system as claimed in claim 1, in which the operating system comprises a kernel defining said one or more communications paths between said compartments, and preventing said communication between compartments where a communication path therebetween is not defined.

3. ) An operating system for supporting a plurality of applications, the operating system further comprising a plurality of access control rules and enforced by a kernel of the operating system, the access control rules defining the only communication interfaces or paths between selected applications.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 4. ) An operating system as claimed in claim 3, in which said access control rules can be added from user space.
  - 5. ) An operating system as claimed in claim 3, in which said access control rules define the only communication interfaces or paths between selected applications local to said operating system.
  - 6. ) An operating system as claimed in claims 3 or 5, in which said access control rules define the only communication interfaces or paths between selected applications remote from said operating system.
  - 7. ) An operating system as claimed in claim 3, wherein in at least some of said applications are provided with a label or tag, each label or tag being indicative of a compartment of the system.
  - 8. ) An operating system as claimed in claim 7, in which the system performs mandatory security checks to ensure that processes from one compartment cannot interfere with processes from another compartment.
  - 9. ) An operating system as claimed in claim 7, comprising a file system, wherein said file system is at least partly divided into sections, each section being a restricted sub-set of the main file system and associated with a respective compartment.
  - 10. ) An operating system as claimed in claim 9, wherein applications running in each compartment only have access to the associated section of the file system.
  - 11. ) An operating system as claimed in claim 10, which prevents a process from transistioning to root from within its compartment, such that said restricted sub-set cannot be escaped.
  - 12. ) An operating system as claimed in claim 10 or claim 11, arranged to make selective files within a restricted sub-set immutable.
  - 13. ) An operating system as claimed in claim 3, wherein said one or more communication paths are governed by one or more rules.
  - 14. ) An operating system as claimed in claim 7, wherein said one or more communication interfaces or paths are governed by one or more rules.
  - 15. ) An operating system as claimed in claim 14, wherein said rules are defined and added from user space.
  - 16. ) An operating system as claimed in claim 14 or 15, wherein said rules are added on a per-compartment basis.
  - 17. ) An operating system as claimed in claim 14, wherein said rules specify the allowed access between a compartment and other compartments or host, and are enforced by the kernel of the operating system.
  - 18. ) An operating system as claimed in claim 14, in which rules defined for the operating system can be added.
  - 19. ) An operating system as claimed in claim 14, in which rules defined for the operating system can be deleted.
  - 20. ) An operating system as claimed in claim 14, in which rules defined for the operating system can be listed.
  - 21. ) An operating system as claimed in claim 14, wherein said rules are stored in a kernel-level database.
  - 22. ) An operating system as claimed in claim 21, wherein said kernel-level database is made up of two hash tables, one of the tables being keyed on the rule source address details and the other being keyed on the rule destination address details.

23. ) An operating system for supporting a plurality of applications, said operating system comprising a database in which is stored a plurality of rules defining permitted communications paths between said applications, said rules being stored in the form of at least two encoded tables, the first table being keyed on the rule source details and the second table being keyed on the rule destination details, the system further comprising a portion, which, in response to a system call, checks at least one of said tables for the presence of a rule defining the required communication path and for permitting said system call to proceed only in the event that said required communication path is defined.
- View Dependent Claims (24)
- - 24. ) An operating system as claimed in claim 23, wherein said encoded tables include at least one hash table.

25. ) An operating system for supporting a plurality of applications, the operating system:
- providing at least some of said applications with a tag or label, said tags or labels being indicative of whether or not an application is permitted to transition to root in response to a request, identifying such a request, determining from its tag or label whether or not an application is permitted to transition to root, and permitting or denying said transition accordingly.

26. ) An operating system comprising a kernel for storing a rule base consisting of one or more rules defining permitted communication paths between system objects, and a user-operable interface for adding, deleting and/or listing such rules.
- View Dependent Claims (27)
- - 27. ) An operating system as claimed in claim 26, comprising a kernel device driver which provides two entry points to the kernel of the operating system, the first entry point being for adding and/or deleting rules, and the second entry point being for reading a list of rules generated by the kernel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Dalton, Christoper I., Norman, Andrew Patrick, Choo, Tse Huong

Application Number

US10/240,137
Publication Number

US 20030172109A1
Time in Patent Office

Days
Field of Search
US Class Current

709/203
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/62   Protecting access to data v...

G06F 9/468   Specific access rights for ...

Trusted operating system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

182 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Trusted operating system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

182 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others