Trusted computer system

US 20040025016A1
Filed: 06/17/2003
Published: 02/05/2004
Est. Priority Date: 06/17/2002
Status: Active Grant

First Claim

Patent Images

1. A trusted operating system comprising:

an application domain, in which trusted and untrusted applications can be executed;

an operating system services layer, wherein the operating system services layer provides interfaces allowing applications written for at least one other operating system to be run in the trusted operating system, whereby the operating system services layer emulates the at least one other operating systems;

a trusted system services layer; and

, a security kernel, for enforcing system security policy and integrity rules, and for providing basic operating system services, including facilitating user and administrator actions.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted computer system that offers Linux® compatibility and supports contemporary hardware speeds. It is designed to require no porting of common applications which run on Linux, to be easy to develop for, and to allow the use of a wide variety of modern development tools. The system is further designed to meet or exceed the Common Criteria EAL-5 or higher rating through incorporation of required security features, as well as a very high level of assurance for handling data at a wide range of sensitivity (e.g., classification) levels in a wide range of operational environments. This is achieved through the implementation of a well-layered operating system which has been designed from the ground up to enforce security, but which also supports Linux operating system functions and methods.

79 Citations

View as Search Results

46 Claims

1. A trusted operating system comprising:
- an application domain, in which trusted and untrusted applications can be executed;
  
  an operating system services layer, wherein the operating system services layer provides interfaces allowing applications written for at least one other operating system to be run in the trusted operating system, whereby the operating system services layer emulates the at least one other operating systems;
  
  a trusted system services layer; and
  
  , a security kernel, for enforcing system security policy and integrity rules, and for providing basic operating system services, including facilitating user and administrator actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The trusted operating system of claim 1, wherein the operating system utilizes multi-domain process isolation capabilities in the hardware on which the operating system is running to ensure process isolation.
  - 3. The trusted operating system of claim 2, wherein the hardware multi-domain process isolation capability restricts access to segments, pages, and instructions.
  - 4. The trusted operating system of claim 3, wherein the hardware multi-domain process isolation capability also provides multiple checks for protections violations within memory references.
  - 5. The trusted operating system of claim 1, wherein the application domain allows at least one development environments to be run.
  - 6. The trusted operating system of claim 5, wherein the development environment is an integrated development environment.
  - 7. The trusted operating system of claim 1, wherein the kernel layer enforces mandatory security, mandatory integrity, and subtype control within the trusted operating system.
  - 8. The trusted operating system of claim 1, wherein the security kernel separates users and data by enforcing mandatory security and mandatory integrity access controls.
  - 9. The trusted operating system of claim 8, wherein the trusted operating system further separates users and data by enforcing discretionary access controls.
  - 10. The trusted operating system of claim 9, wherein the trusted operating system separates administrator and operator roles using an integrity policy.
  - 11. The trusted operating system of claim 10, wherein the trusted operating system enforces the principle of least privilege for administrator and operator roles.
  - 12. The trusted operating system of claim 8, wherein the user and administrator actions are audited in at least one audit log.
  - 13. The trusted operating system of claim 12, wherein at least one audit log is protected from modification.
  - 14. The trusted operating system of claim 13, wherein all audit logs are protected from modification.
  - 15. The trusted operating system of claim 1, wherein user login failures are monitored to detect the accumulation of events that indicate an imminent security policy violation.
  - 16. The trusted operating system of claim 1, wherein the security kernel allows users with different clearances to simultaneously store and process information that exists at different classification levels.
  - 17. The trusted operating system of claim 16, wherein the security kernel allows the user to process data only when that data is at the user'"'"'s integrity level or a higher integrity level.
  - 18. The trusted operating system of claim 1, wherein the trusted software includes trusted databases.
  - 19. The trusted operating system of claim 1, further comprising a Reference Monitor.
  - 20. The trusted operating system of claim 1, wherein the security kernel enforces process isolation to keep untrusted software from accessing working data associated with trusted software processes.
  - 21. The trusted operating system of claim 1, wherein at least one of the at least one other operating systems emulated by the operating system services layer is Linux.
  - 22. The trusted operating system of claim 1, wherein the operating system services layer further provides at least one proprietary API to manage and use trusted aspects of the trusted system services layer.
  - 23. The trusted operating system of claim 22, wherein the operating system services layer translates API calls into trusted operating system primitives provided by the security kernel and trusted system services layers.
  - 24. The trusted operating system of claim 1, wherein applications operating in the application domain can interface with only the operating system services layer, and cannot call functions provided by the trusted system services or kernel layer directly.

25. A trusted computer system comprising:
- at least one processor, wherein each of the at least one processors supports a multi-domain architecture;
  
  at least one terminal, for facilitating operation of the trusted computer system;
  
  at least one data storage unit;
  
  at least one memory unit; and
  
  a secure operating system running on the trusted computing system, wherein the secure operating system utilizes the multi-domain architecture of the at least one processor to enforce process isolation.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The trusted computer system of claim 25, wherein the at least one processor is an Intel Pentium class microprocessor.
  - 27. The trusted computer system of claim 25, wherein the at least one data storage unit is a hard drive.
  - 28. The trusted computer system of claim 25, wherein the at least one memory storage unit is Random Access Memory.
  - 29. The trusted computer system of claim 25, further comprising at least one network interface.
  - 30. The trusted computer system of claim 25, further comprising a Secure Attention Key.

31. A security policy enhancement system, comprising:
- at least one processor, wherein at least one of the at least one processors implements a multi-domain architecture;
  
  at least one Random Access Memory unit;
  
  a secure operating system, wherein the secure operating system operates at least two different security classification levels, with data existing in each of the security classification levels; and
  
  , at least one data security verification means, wherein the data security verification means performs security checks on the content of data to determine if the data can be transferred by the secure operating system from one classification level to another.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
- - 32. The security policy enhancement system of claim 31, further comprising at least one network interface.
  - 33. The security policy enhancement system of claim 31, wherein the at least one network interface connects the security policy enhancement system to at least one network using Transmission Control Protocol and Internet Protocol.
  - 34. The security policy enhancement system of claim 31, further comprising at least two network interfaces, wherein the at least two network interfaces connect the security policy enhancement system to at least two networks.
  - 35. The security policy enhancement system of claim 34, wherein each of the at least two networks operate at different classification levels.
  - 36. The security policy enhancement system of claim 35, wherein the at least two networks utilize Transmission Control Protocol and Internet Protocol.
  - 37. The security policy enhancement system of claim 31, wherein the secure operating system utilizes the multi-domain architecture of the at least one processor to ensure process isolation.
  - 38. The security policy enhancement system of claim 31, wherein the secure operating system provides interfaces allowing applications written for at least one other operating system to be run in the trusted operating system.
  - 39. The security policy enhancement system of claim 31, wherein the security checks performed by the at least one data security verification means are performed in the at least one Random Access Memory unit.

40. A trusted operating system which emulates another operating system by allowing an application program written for the other operating system to execute on the trusted operating system without requiring changes to the application program.
- View Dependent Claims (41)
- - 41. The trusted operating system of claim 40, wherein the emulated operating system is an open source operating system.

42. A trusted operating system, capable of concurrently running a plurality of processes, which provides a subtype mechanism wherein the subtype mechanism allows additional access control differentiation beyond mandatory and discretionary access.
- View Dependent Claims (43, 44)
- - 43. The trusted operating system of claim 42, wherein the subtype mechanism allows a first process to access a process object, a file system object, or a device object only if the subtype of the object is on a list of subtypes authorized to be accessed by the first process.
  - 44. The trusted operating system of claim 42, wherein the subtype mechanism allows a first process to access data only if the subtype of the data is on a list of subtypes authorized to be accessed by the first process.

45. A trusted operating system wherein four separate policies are enforced whenever any process attempts to access any file system object, the policies comprising:
- a Mandatory Security Policy;
  
  a Mandatory Integrity Policy;
  
  a Discretionary Access Control Policy; and
  
  a Subtype Policy.

46. A trusted operating system which prevents a first process from learning about the existence or status of a second higher classified process by limiting the number and speed of covert storage channels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Information and Electronic Systems Integration Incorporated (BAE Systems Plc)
Original Assignee
Digitalnet Government Solutions LLC (BAE Systems Plc)
Inventors
Focke, Michel W., Wherley, Robert D., Knoke, James E., Ata, John G., Engen, Dwight B., Barbieri, Paul A.

Granted Patent

US 7,103,914 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 9/45537   Provision of facilities of ...

Trusted computer system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted computer system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links