SECURITY SYSTEMS AND METHODS TO REDUCE DATA LEAKS IN ENTERPRISE NETWORKS
First Claim
1. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:
- a plurality of taints, each taint being applicable to at least one of the plurality of resources, and each taint variably being in a first state or a second state;
a plurality of labels, each label comprising at least one taint;
a labeling system in communication with the plurality of hosts and configured to apply each of the plurality of labels to a corresponding resource of the plurality of resources; and
a enforcement system in communication with the plurality of hosts and configured to block outgoing network traffic from each host, if the outgoing network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are embodiments of a security system for reducing data leaks by checking information flows between resources of a network. When an information flow is attempted between a sending resource, which can be anywhere in the network, and a receiving resource residing at a specific host within the network, a host labeler can determine whether information is allowed to flow from the sending resource to the receiving resource. The sending resource and the receiving resource can each have an applicable label, and each label can comprise zero, one, or more taints. For each taint having an active secrecy characteristic in a label of the sending resource, the host labeler can require that there be a matching taint with active secrecy characteristic in the receiving resource. If this condition is not met, the security system can block the information flow between the sending and receiving resources.
60 Citations
26 Claims
-
1. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:
-
a plurality of taints, each taint being applicable to at least one of the plurality of resources, and each taint variably being in a first state or a second state; a plurality of labels, each label comprising at least one taint; a labeling system in communication with the plurality of hosts and configured to apply each of the plurality of labels to a corresponding resource of the plurality of resources; and a enforcement system in communication with the plurality of hosts and configured to block outgoing network traffic from each host, if the outgoing network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:
-
a plurality of labels, including a first label and a second label, each label comprising at least one taint, and each taint being variable secret or non-secret; a host enforcer configured to analyze a first information flow from a first resource on the first host to a second resource on a first host; and a host labeler residing on a first host of the plurality of hosts, the host labeler being configured to apply the first label to the first resource and to apply the second label to a second resource; the host enforcer being further configured to block the first information flow if the first label comprises a secret first taint and the second label lacks the secret first taint. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method comprising:
-
providing a plurality of labels, each label comprising one or more taints, and each taint being changeably active or inactive; applying a first label to a first resource inside a network, the first label comprising a active first taint; applying a second label to a second resource leading outside the network, the second label lacking the active first taint; receiving an information flow from the first resource to the second resource; comparing, with a computer processor, the first label to the second label; and blocking the information flow in response to the second label lacking the active first taint. - View Dependent Claims (23, 24, 25, 26)
-
Specification