System and method for providing secure internetwork services via an assured pipeline
First Claim
1. A firewall device comprising:
- a processor;
a memory; and
a secure operating system having an operational kernel and an administrative kernel, wherein the operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor, further wherein execution restrictions placed on files in the memory can only be modified from within the administrative kernel.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer and a server function for transferring data between the private network interface and the unsecured network interface.
105 Citations
21 Claims
-
1. A firewall device comprising:
-
a processor; a memory; and a secure operating system having an operational kernel and an administrative kernel, wherein the operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor, further wherein execution restrictions placed on files in the memory can only be modified from within the administrative kernel. - View Dependent Claims (2, 3, 4)
-
-
5. A server comprising:
-
a processor; a secure operating system having a security mechanism for restricting access by processes to server resources, wherein the security mechanism includes a means for establishing an assured pipeline between processes operating in different domains; and a firewall operating on the processor, wherein the firewall interacts with the secure operating system to limit interactions between processes in different. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of securing server resources, the method comprising:
-
restricting access by a process in an external domain to a server resource in the internal domain using a secure operating system, wherein the secure operating system includes a security mechanism for establishing an assured pipeline between one or more processes in the external domain and one or more processes in the internal domain; operating a firewall on the server'"'"'s processor, wherein the firewall interacts with the secure operating system to limit interactions between processes in different domains according to a security policy. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A secure system for transferring data between computers across a public network, the system comprising:
-
a workstation connected to an internal network; a gateway computer connected to the internal network though a first network interface and connected to the public network though a second network interface, wherein the gateway computer includes a means for establishing an assured pipeline between the first and second network interfaces, receives data from the workstation on the first network interface, encrypts the received data, and transmits the encrypted data using the second network interface; and a remote computer connected to the external network configured to receive the encrypted data from the gateway computer.
-
Specification