System and method for regulating the flow of information to or from an application
First Claim
1. A method for regulating communications to or from a first application executing on a host machine, including:
- executing a trusted agent on the same host as the first application, wherein the trusted agent is trusted to enforce a security policy, and wherein the first application is not trusted to enforce the security policy;
monitoring by the trusted agent of attempted communications to or from the first application;
determining by the trusted agent the identity of a second application to or from which the first application is attempting to communicate;
determining by the trusted agent if the second application is listed on a permitted or forbidden list of applications;
sending from the trusted agent to a firewall the results of the determination as to whether the second application is on a permitted or forbidden list of applications; and
determining at the firewall whether the attempted communication should be passed or blocked based upon the information received from the trusted agent.
0 Assignments
0 Petitions
Accused Products
Abstract
The flow of information to or from an application on a host machine is regulated by a trusted agent operating in conjunction with at least one security element, such as a firewall or a policy server. When a communication to or from the application is detected by the trusted agent, the trusted agent gathers information about the attempted communication, and formulates and sends a message based upon the gathered information to at least one security element. The security element makes a decision to permit or block at least part of the attempted communication based upon the message received from the trusted agent.
83 Citations
7 Claims
-
1. A method for regulating communications to or from a first application executing on a host machine, including:
-
executing a trusted agent on the same host as the first application, wherein the trusted agent is trusted to enforce a security policy, and wherein the first application is not trusted to enforce the security policy;
monitoring by the trusted agent of attempted communications to or from the first application;
determining by the trusted agent the identity of a second application to or from which the first application is attempting to communicate;
determining by the trusted agent if the second application is listed on a permitted or forbidden list of applications;
sending from the trusted agent to a firewall the results of the determination as to whether the second application is on a permitted or forbidden list of applications; and
determining at the firewall whether the attempted communication should be passed or blocked based upon the information received from the trusted agent. - View Dependent Claims (2)
-
-
3. A method for regulating communications to or from a first application executing on a host machine, including:
-
executing a trusted agent on the same host as the first application, wherein the trusted agent is trusted to enforce a security policy, and wherein the first application is not trusted to enforce the security policy;
monitoring by the trusted agent of attempted communications to or from the first application;
receiving by the trusted agent a credential associated with an attempted communication of a second application to or from the first application;
authenticating the credential by the trusted agent;
sending the result of the authentication from the trusted agent to a firewall; and
determining at the firewall whether the attempted communication should be passed or dropped based upon the result of the authentication received from the trusted agent. - View Dependent Claims (4)
-
-
5. An apparatus for regulating communications to or from a first application executing on a host machine, including:
-
an untrusted processor;
an untrusted memory coupled to said untrusted processor, said untrusted memory storing first application instructions adapted to be executed by said untrusted processor to attempt to send or receive communications;
a trusted processor; and
a trusted memory coupled to said trusted processor, said trusted memory storing trusted agent instructions adapted to be executed by said trusted processor to determine information about said attempted communications to or from said first application instructions executing on said untrusted processor, and to send said determined information to a firewall.
-
-
6. A medium storing trusted agent instructions adapted to be executed by a trusted processor at a host machine to perform steps including:
-
monitoring by the trusted agent of attempted communications to or from a first application executing on the same host machine as the trusted agent;
determining by the trusted agent the identity of a second application to or from which the first application is attempting to communicate;
determining by the trusted agent if the second application is listed on a permitted or forbidden list of applications; and
sending from the trusted agent to a firewall the results of the determination as to whether the second application is on a permitted or forbidden list of application, wherein the firewall uses the results of the determination from the trusted agent and additional information to determine whether the attempted communication should be passed or blocked based upon the information received from the trusted agent.
-
-
7. A medium storing trusted agent instructions adapted to be executed by a trusted processor at a host machine to perform steps including:
-
monitoring by the trusted agent of attempted communications to or from a first application executing on the same host machine as the trusted agent;
receiving by the trusted agent a credential associated with an attempted communication of a second application to or from the first application;
authenticating the credential by the trusted agent; and
sending the result of the authentication from the trusted agent to a firewall, wherein the firewall uses the results of the determination from the trusted agent and additional information to determine whether the attempted communication should be passed or blocked based upon the information received from the trusted agent.
-
Specification