Multi-domain information sharing
First Claim
Patent Images
1. A system for multi-domain information sharing, comprising:
- a computing device hosting;
a first information domain virtual machine (VM);
a second information domain VM;
a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM;
a first bridge VM;
a second bridge VM;
wherein the first bridge VM isolates the cross-domain solution VM by providing a first virtual bridge between the first information domain VM and the cross-domain solution VM and the second bridge VM isolates the cross-domain solution VM by providing a second virtual bridge between the second information domain VM and the cross-domain solution VM; and
wherein the first bridge VM is accessible only to an outside network via the first information domain VM and wherein the second bridge VM is accessible only to the outside network via the second information domain VM; and
a hypervisor to enforce an isolation policy within the system.
2 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure includes methods and systems for multi-domain information sharing. One or more embodiments can include a computing device with a VMM hosting a first information domain VM, a second information domain VM, and a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM. One or more embodiments can also include a hypervisor to enforce an isolation policy within the system.
-
Citations
20 Claims
-
1. A system for multi-domain information sharing, comprising:
a computing device hosting; a first information domain virtual machine (VM); a second information domain VM; a cross-domain solution VM that controls information transfer between the first information domain VM and the second information domain VM; a first bridge VM; a second bridge VM; wherein the first bridge VM isolates the cross-domain solution VM by providing a first virtual bridge between the first information domain VM and the cross-domain solution VM and the second bridge VM isolates the cross-domain solution VM by providing a second virtual bridge between the second information domain VM and the cross-domain solution VM; and wherein the first bridge VM is accessible only to an outside network via the first information domain VM and wherein the second bridge VM is accessible only to the outside network via the second information domain VM; and a hypervisor to enforce an isolation policy within the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A system for multi-domain information sharing, comprising:
a computing device hosting; a high-security information domain VM; a low-security information domain VM; a cross-domain solution VM including a target pre-existing security certification associated therewith that controls information transfer between the high-security information domain VM and the low-security information domain VM; a first bridge VM; a second bridge VM; wherein the first bridge VM isolates the cross-domain solution VM by facilitating communication between the high-security information domain VM and the cross-domain solution VM via a first virtual bridge and the second bridge VM isolates the cross-domain solution VM by facilitating communication between the low-security information domain VM and the cross-domain solution VM via a second virtual bridge; and wherein the first bridge VM is accessible only to an outside network via the high-security information domain VM and wherein the second bridge VM is accessible only to the outside network via the low-security information domain VM; and a hypervisor to enforce a system isolation policy that isolates the high-security domain from the low-security domain. - View Dependent Claims (12, 13, 14)
-
15. A method for multi-domain information sharing, comprising:
-
hosting, on a hypervisor of a computing device, a first VM associated with a first information domain on the hypervisor; hosting a second VM associated with a second information domain on the hypervisor; hosting a guard VM, wherein the guard VM controls information transfer between the first VM and the second VM; hosting a first bridge VM; hosting a second bridge VM; wherein the first bridge VM isolates the guard VM by facilitating communication between the first VM and the guard VM via a first virtual bridge and the second bridge VM isolates the guard VM by facilitating communication between the second VM and the guard VM via a second virtual bridge; and wherein the first bridge VM is accessible only to an outside network via the first VM and wherein the second bridge VM is accessible only to the outside network via the second VM; and enforcing a system isolation policy that isolates the first VM from the second VM using the hypervisor. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification