RESTRICTING COMMUNICATION OF SELECTED PROCESSES TO A SET OF SPECIFIC NETWORK ADDRESSES
3 Assignments
0 Petitions
Accused Products
Abstract
Selected processes are associated with sets of specific network addresses, and the associations are stored. When a selected process creates a child process, an association between the child process and the set of network addresses with which the parent process is associated is stored. When a selected process is deleted, the association between the selected process and its set of network addresses is deleted. Each selected process is restricted to network address-based communication via its associated set of network addresses. Certain communication protocol subroutines associated with network address-based communication are intercepted by an interception module. The interception module detects attempts by selected processes to communicate via network addresses. If a selected process attempts to communicate via an unassociated network addresses, the attempted communication is prohibited.
-
Citations
98 Claims
-
1-95. -95. (canceled)
-
96. A computer-readable storage medium storing instructions that, when executed, perform a method comprising:
-
associating at least one selected process with at least one network address; determining whether an attempted network address-based communication of a selected process is via an associated address; and in response to a determination that the communication is via an associated address, allowing the communication to proceed.
-
-
97. An apparatus, comprising:
-
means for associating at least one selected process with at least one network address; means for determining whether an attempted network address-based communication of a selected process is via an associated address; and means for allowing the communication to proceed in response to a determination that the communication is via an associated address.
-
-
98. An apparatus, comprising:
-
a component configured to associate at least one selected process with at least one network address; and a component configured to determine whether an attempted network address-based communication of a selected process is via an associated address and to allow the communication to proceed if the communication is via the associated address.
-
Specification