Restricting communication of selected processes to a set of specific network addresses
First Claim
1. A computer system for restricting network address based communication, comprising:
- means for associating at least one selected process with at least two network addresses;
means for determining whether an attempted network address-based communication of a selected process is via an associated address; and
means for allowing the communication to proceed if the communication is via an associated address.
6 Assignments
0 Petitions
Accused Products
Abstract
Selected processes are associated with sets of specific network addresses, and the associations are stored. When a selected process creates a child process, an association between the child process and the set of network addresses with which the parent process is associated is stored. When a selected process is deleted, the association between the selected process and its set of network addresses is deleted. Each selected process is restricted to network address-based communication via its associated set of network addresses. Certain communication protocol subroutines associated with network address-based communication are intercepted by an interception module. The interception module detects attempts by selected processes to communicate via network addresses. If a selected process attempts to communicate via an unassociated network addresses, the attempted communication is prohibited.
156 Citations
35 Claims
-
1. A computer system for restricting network address based communication, comprising:
-
means for associating at least one selected process with at least two network addresses; means for determining whether an attempted network address-based communication of a selected process is via an associated address; and means for allowing the communication to proceed if the communication is via an associated address. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
-
means for associating at least one selected process with at least two network addresses; means for determining whether an attempted network address-based communication of a selected process is via an associated address; and means for not allowing the attempted communication to proceed if it is determined that the attempted communication is not via an associated address.
-
-
17. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
means for associating at least two selected processes with at least one network address; means for detecting an attempt by a selected process to associate a communication channel with a network address; and means for determining whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process. - View Dependent Claims (18)
-
-
19. A computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
means for associating at least one selected process with at least two network addresses; means for detecting an attempt by a selected process to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; and means for associating the communication channel with a network address that is associated with the process. - View Dependent Claims (20)
-
-
21. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
means for associating at least two selected processes with a unique local host address; means for detecting an attempt by a selected process to communicate with a local host; and means for designating the unique local host address associated with the selected process to be used by the selected process to communicate with the local host.
-
-
22. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
means for associating at least one selected process with at least two network addresses; means for detecting an attempt by a selected process to communicate with a second process via a communication channel; means for determining if the communication channel is associated with a network address; and means for associating the communication channel with a network address that is associated with the process if it is determined that the communication channel is not associated with a network address.
-
-
23. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
means for associating at least one selected process with at least two network addresses; means for detecting an attempt by a selected process to establish a connection between a communication channel and a second process; means for determining if the communication channel is associated with a network address; and means for associating the communication channel with a network address that is associated with the selected process if it is determined that the communication channel is not associated with a network address.
-
-
24. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
-
a processor and one or more memories; a component configured to associate at least two selected processes with at least one network address; a component configured to determine whether an attempted network address-based communication of a selected process is via an associated address; and a component configured to, in response to a determination that the communication is via an associated address, allow the communication to proceed. - View Dependent Claims (25)
-
-
26. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses:
-
a processor and one or more memories; a component configured to associate at least one selected process with at least two network addresses; a component configured to determine whether an attempted network address-based communication of a selected process is via an associated address; a component configured to, in response to a determination that the communication is not via an associated address, not allow the attempted communication to proceed.
-
-
27. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
a component configured to associate at least one selected process with at least two network addresses; a component configured to detect an attempt by a selected process to associate a communication channel with a network address; and a component configured to determine whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process.
-
-
28. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
a processor and one or more memories; a component configured to associate at least two selected processes with at least one network address; a component configured to detect an attempt by a selected process to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; and a component configured to associate the communication channel with a network address that is associated with the process. - View Dependent Claims (29)
-
-
30. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
a component configured to associate at least two selected processes with a unique local host address; a component configured to detect an attempt by a selected process to communicate with a local host; and a component configured to designate the unique local host address associated with the selected process to be used by the selected process to communicate with the local host.
-
-
31. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
a component configured to associate at least one selected process with at least two network addresses; a component configured to detect an attempt by a selected process to communicate with a second process via a communication channel; a component configured to determine if the communication channel is associated with a network address; and a component configured to, in response to determining that the communication channel is not associated with a network address, associate the communication channel with a network address that is associated with the process.
-
-
32. A computer system for restricting network address-based communication by selected processes to specific network addresses, comprising:
-
a component configured to associate at least one selected process with at least two network addresses; a component configured to detect an attempt by a selected process to establish a connection between a communication channel and a second process; a component configured to determine if the communication channel is associated with a network address; and a component configured to, in response to determining that the communication channel is not associated with a network address, associate the communication channel with a network address that is associated with the selected process. - View Dependent Claims (33)
-
-
34. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
-
a component configured to associate at least two selected processes with at least one network address; a component configured to detect when a selected process attempts to communicate via an unassociated address; and a component configured to not allow the attempted communication to proceed.
-
-
35. A computer system for restricting network address-based communication by selected processes to a set of specific network addresses, comprising:
-
a component configured to associate at least one selected process with at least two network addresses; a component configured to detect when an elected process attempts to communicate via an unassociated address; and a component configured to not allow attempted communication to proceed.
-
Specification