SYSTEM AND METHOD FOR PROVIDING SECURE NETWORK SERVICES
First Claim
Patent Images
1. A computer comprising:
- a processor;
a memory; and
a secure operating system having an operational kernel and an administrative kernel, wherein the operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor, further wherein execution restrictions placed on files in the memory can only be modified from within the administrative kernel.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing secure network services. A secure computer including a processor, a memory, and a secure operating system is discussed. The secure operating system includes an operational kernel and an administrative kernel. The operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor. The execution restrictions placed on files in the memory of the secure computer can only be modified from within the administrative kernel.
-
Citations
24 Claims
-
1. A computer comprising:
-
a processor; a memory; and a secure operating system having an operational kernel and an administrative kernel, wherein the operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor, further wherein execution restrictions placed on files in the memory can only be modified from within the administrative kernel. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
-
assigning network resources to domains, wherein assigning includes limiting execution of each network resource as a function of domain; assigning a type to server resources within memory of a secure server, wherein resources include processes and objects; and restricting, using one or more processors and as a function of the type assigned to each server resource, access by the network resources to server resources using a Type Enforcement security mechanism. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium containing instructions, which when executed by one or more processors cause the one or more processors to:
-
restrict access by a process in a first domain to a server resource in a second domain using a Type Enforcement security mechanism; and limit interactions between processes in the first and second domains according to a security policy. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer comprising:
-
a processor; a memory containing instructions, which when executed by the processor cause the processor to; maintain a first domain and a second domain, wherein processes running in the first domain cannot interact with processes running in the second domain; create an assured pipeline between the first domain and the second domain; and enable a first process in the first domain to interact with a second process in the second domain using the assured pipeline. - View Dependent Claims (21, 22, 23, 24)
-
Specification