Security systems and methods to reduce data leaks in enterprise networks
First Claim
1. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:
- a computer processor;
a memory operatively coupled to the computer processor and configured for storing data and instructions;
a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state;
a plurality of labels, each label comprising at least one taint;
the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page;
a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, and from the first state to the second state, in the first label,wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and
an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are embodiments of a security system for reducing data leaks by checking information flows between resources of a network. When an information flow is attempted between a sending resource, which can be anywhere in the network, and a receiving resource residing at a specific host within the network, a host labeler can determine whether information is allowed to flow from the sending resource to the receiving resource. The sending resource and the receiving resource can each have an applicable label, and each label can comprise zero, one, or more taints. For each taint having an active secrecy characteristic in a label of the sending resource, the host labeler can require that there be a matching taint with active secrecy characteristic in the receiving resource. If this condition is not met, the security system can block the information flow between the sending and receiving resources.
22 Citations
16 Claims
-
1. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:
-
a computer processor; a memory operatively coupled to the computer processor and configured for storing data and instructions; a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state; a plurality of labels, each label comprising at least one taint; the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page; a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, and from the first state to the second state, in the first label, wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:
-
a computer processor; a memory operatively coupled to the computer processor and configured for storing data and instructions; a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state; a plurality of labels, each label comprising at least one taint; the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page; a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, but not from the first state to second state, in the first label, wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification