Multi-domain information sharing

US 8,590,005 B2
Filed: 06/08/2011
Issued: 11/19/2013
Est. Priority Date: 06/08/2011
Status: Active Grant

First Claim

Patent Images

1. A system for multi-domain information sharing, comprising:

a computing device hosting;

a first information domain virtual machine (VM);

a second information domain VM;

a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM;

a first bridge VM;

a second bridge VM;

wherein the first bridge VM isolates the cross-domain solution VM by providing a first virtual bridge between the first information domain VM and the cross-domain solution VM and the second bridge VM isolates the cross-domain solution VM by providing a second virtual bridge between the second information domain VM and the cross-domain solution VM; and

wherein the first bridge VM is accessible only to an outside network via the first information domain VM and wherein the second bridge VM is accessible only to the outside network via the second information domain VM; and

a hypervisor to enforce an isolation policy within the system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure includes methods and systems for multi-domain information sharing. One or more embodiments can include a computing device with a VMM hosting a first information domain VM, a second information domain VM, and a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM. One or more embodiments can also include a hypervisor to enforce an isolation policy within the system.

Citations

20 Claims

1. A system for multi-domain information sharing, comprising:
- a computing device hosting;
  
  a first information domain virtual machine (VM);
  
  a second information domain VM;
  
  a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM;
  
  a first bridge VM;
  
  a second bridge VM;
  
  wherein the first bridge VM isolates the cross-domain solution VM by providing a first virtual bridge between the first information domain VM and the cross-domain solution VM and the second bridge VM isolates the cross-domain solution VM by providing a second virtual bridge between the second information domain VM and the cross-domain solution VM; and
  
  wherein the first bridge VM is accessible only to an outside network via the first information domain VM and wherein the second bridge VM is accessible only to the outside network via the second information domain VM; and
  
  a hypervisor to enforce an isolation policy within the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first information domain VM is associated with a first network and the second information domain VM is associated with a second network, and wherein the hypervisor is configured to allow the first information domain VM access to the first network and to allow the second information domain VM access to the second network while preventing communication between the first information domain VM and the second information domain VM.
  - 3. The system of claim 2, wherein the first network has access to the first bridge VM via the first information domain VM and the second network has access to the second bridge VM via the second information domain VM while preventing communication between the first network and the first bridge VM and the second network and the second bridge VM.
  - 4. The system of claim 1, wherein the hypervisor hosts the first information domain VM, the second information domain VM, and the cross-domain solution VM.
  - 5. The system of claim 1, wherein the cross-domain solution has a target pre-existing security certification associated therewith.
  - 6. The system of claim 1, wherein the isolation policy prevents the first information domain VM and the second information domain VM from influencing each other.
  - 7. The system of claim 1, wherein the first information domain VM is a high-security information domain VM connected to a high-security network via a network interface controller, and the second information domain VM is a low-security information domain VM connected to a low security network via a network interface controller.
  - 8. The system of claim 1, wherein the cross-domain solution is accessible only to the outside network via the first information domain VM or the second information domain VM.
  - 9. The system of claim 1, wherein the cross-domain solution VM controls the information transfer based on certain constraints and has an associated network separation assumption.
  - 10. The system of claim 1, wherein the computing device further hosts a privileged VM and wherein the first virtual bridge and the second virtual bridge are implemented independently of the privileged VM.

11. A system for multi-domain information sharing, comprising:
- a computing device hosting;
  
  a high-security information domain VM;
  
  a low-security information domain VM;
  
  a cross-domain solution VM including a target pre-existing security certification associated therewith that controls information transfer between the high-security information domain VM and the low-security information domain VM;
  
  a first bridge VM;
  
  a second bridge VM;
  
  wherein the first bridge VM isolates the cross-domain solution VM by facilitating communication between the high-security information domain VM and the cross-domain solution VM via a first virtual bridge and the second bridge VM isolates the cross-domain solution VM by facilitating communication between the low-security information domain VM and the cross-domain solution VM via a second virtual bridge; and
  
  wherein the first bridge VM is accessible only to an outside network via the high-security information domain VM and wherein the second bridge VM is accessible only to the outside network via the low-security information domain VM; and
  
  a hypervisor to enforce a system isolation policy that isolates the high-security domain from the low-security domain.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein at least one of the high-security domain VM and the low-security domain VM relies on an unprivileged VM for hardware and firmware emulation support in order to remove trust from a privileged guest for that function.
  - 13. The system of claim 11, wherein the computing device includes memory and processing resources, at least a portion of which are partitioned between the high-security information domain VM, the low-security information domain VM, and the cross-domain solution VM.
  - 14. The system of claim 11, wherein the hypervisor hosts the high-security information domain VM, the low-security information domain VM, and the cross-domain solution VM.

15. A method for multi-domain information sharing, comprising:
- hosting, on a hypervisor of a computing device, a first VM associated with a first information domain on the hypervisor;
  
  hosting a second VM associated with a second information domain on the hypervisor;
  
  hosting a guard VM, wherein the guard VM controls information transfer between the first VM and the second VM;
  
  hosting a first bridge VM;
  
  hosting a second bridge VM;
  
  wherein the first bridge VM isolates the guard VM by facilitating communication between the first VM and the guard VM via a first virtual bridge and the second bridge VM isolates the guard VM by facilitating communication between the second VM and the guard VM via a second virtual bridge; and
  
  wherein the first bridge VM is accessible only to an outside network via the first VM and wherein the second bridge VM is accessible only to the outside network via the second VM; and
  
  enforcing a system isolation policy that isolates the first VM from the second VM using the hypervisor.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein the first information domain VM is a high-security information domain VM, and the second information domain VM is a low-security information domain VM.
  - 17. The method of claim 15, wherein the computing device includes memory and processing resources, and wherein the method includes sharing at least some of the memory and processing resources by the first VM, the second VM, and the guard VM.
  - 18. The method of claim 15, further comprising performing the method through a loss of network connectivity.
  - 19. The method of claim 15, wherein the system isolation policy includes at least one of memory and processing isolation provided by the hypervisor, network isolation provided by the hypervisor and the first and second bridge VMs, and device isolation provided by an Input/Output Memory Management Unit (IOMMU).
  - 20. The method of claim 15, wherein the cross-domain solution has a target pre-existing security certification associated therewith and an associated network separation assumption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adventium Enterprises LLC
Original Assignee
Adventium Enterprises LLC
Inventors
Payne, Charles N. Jr., Sonnek, Jason D., Harp, Steven A., O'Brien, Richard C., Gohde, Johnathan A.
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US13/155,446
Publication Number

US 20120317569A1
Time in Patent Office

895 Days
Field of Search

726/1, 726/3, 713/116, 713/166
US Class Current

726/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/53   by executing in a restricte...

G06F 21/606   by securing the transmissio...

G06F 9/45558   Hypervisor-specific managem...

Multi-domain information sharing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-domain information sharing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links