SYSTEMS AND METHODS FOR UTILIZING UNI-DIRECTIONAL INTER-HOST COMMUNICATION IN AN AIR GAP ENVIRONMENT
1 Assignment
0 Petitions
Accused Products
Abstract
A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity. The response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
5 Citations
52 Claims
-
1-28. -28. (canceled)
-
29. A method comprising:
-
generating a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer; causing the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer; generating a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and causing the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
-
37. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
-
generate a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer; cause the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer; generate a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and cause the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
-
-
45. A system comprising:
-
at least one memory system having hardware memory devices; one or more hardware processors coupled with the at least one memory system, the one or more processors to execute instructions stored within the system to generate a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer, to cause the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer, to generate a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message, and to cause the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
-
Specification