Restricting communication of selected processes to a set of specific network addresses
DC CAFCFirst Claim
1. A method in a computer system for restricting network address-based communication by selected processes to a set of specific network addresses, the method comprising:
- associating at least one selected process with at least one network address;
determining whether an attempted network address-based communication of a selected process is via an associated address; and
in response to a determination that the communication is via an associated address, allowing the communication to proceed.
6 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
Selected processes are associated with sets of specific network addresses, and the associations are stored. When a selected process creates a child process, an association between the child process and the set of network addresses with which the parent process is associated is stored. When a selected process is deleted, the association between the selected process and its set of network addresses is deleted. Each selected process is restricted to network address-based communication via its associated set of network addresses. Certain communication protocol subroutines associated with network address-based communication are intercepted by an interception module. The interception module detects attempts by selected processes to communicate via network addresses. If a selected process attempts to communicate via an unassociated network addresses, the attempted communication is prohibited.
185 Citations
91 Claims
-
1. A method in a computer system for restricting network address-based communication by selected processes to a set of specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; determining whether an attempted network address-based communication of a selected process is via an associated address; and in response to a determination that the communication is via an associated address, allowing the communication to proceed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method in a computer system for restricting network address-based communication by selected processes to a set of specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; determining whether an attempted network address-based communication of a selected process is via an associated address; and in response to a determination that the attempted communication is not via an associated address, not allowing the attempted communication to proceed.
-
-
44. A method in a computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; detecting an attempt by a selected processes to associate a communication channel with a network address; and determining whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process. - View Dependent Claims (45, 46)
-
-
47. A method in a computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; detecting an attempt by a selected processes to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; and associating the communication channel with a network address that is associated with the process. - View Dependent Claims (48, 49)
-
-
50. A method in a computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
associating at least one selected process with a unique local host address; detecting an attempt by a selected process to communicate with a local host; and designating the unique local host address associated with the selected process to be used by the selected process to communicate with the local host.
-
-
51. A method in a computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; detecting an attempt by a selected process to communicate with a second process via a communication channel; determining if the communication channel is associated with a network address; and in response to determining that the communication channel is not associated with a network address, associating the communication channel with a network address that is associated with the process. - View Dependent Claims (52, 53)
-
-
54. A method in a computer system for restricting network address-based communication by selected processes to specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; detecting an attempt by a selected process to establish a connection between a communication channel and a second process; determining if the communication channel is associated with a network address; and in response to determining that the communication channel is not associated with a network address, associating the communication channel with a network address that is associated with the selected process. - View Dependent Claims (55, 56)
-
-
57. A computer program product for restricting network address-based communication by selected processes to a set of specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for determining whether an attempted network address-based communication of a selected process is via an associated address; program code for, in response to a determination that the communication is via an associated address, allowing the communication to proceed; and a computer readable medium on which the program codes are stored. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
-
-
76. A computer program product for restricting network address-based communication by selected processes to a set of specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for determining whether an attempted network address-based communication of a selected process is via an associated address; program code for, in response to a determination that the communication is not via an associated address, not allowing the attempted communication to proceed; and a computer readable medium on which the program codes are stored.
-
-
77. A computer program product for restricting network address-based communication by selected processes to specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for detecting an attempt by a selected processes to associate a communication channel with a network address; program code for determining whether the network address with which the selected process is attempting to associate a communication channel is associated with the selected process; and a computer readable medium on which the program codes are stored. - View Dependent Claims (78, 79)
-
-
80. A computer program product for restricting network address-based communication by selected processes to specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for detecting an attempt by a selected processes to associate a communication channel with a network address, wherein a provided value for the network address comprises a wild card; program code for associating the communication channel with a network address that is associated with the process; and a computer readable medium on which the program codes are stored. - View Dependent Claims (81, 82)
-
-
83. A computer program product for restricting network address-based communication by selected processes to specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with a unique local host address; program code for detecting an attempt by a selected process to communicate with a local host; program code for designating the unique local host address associated with the selected process to be used by the selected process to communicate with the local host; and a computer readable medium on which the program codes are stored.
-
-
84. A computer program product for restricting network address-based communication by selected processes to specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for detecting an attempt by a selected processes to communicate with a second process via a communication channel; program code for determining if the communication channel is associated with a network address; program code for, in response to determining that the communication channel is not associated with a network address, associating the communication channel with a network address that is associated with the process; and a computer readable medium on which the program codes are stored. - View Dependent Claims (85, 86)
-
-
87. A computer program product for restricting network address-based communication by selected processes to specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for detecting an attempt by a selected processes to establish a connection between a communication channel and a second process; program code for determining if the communication channel is associated with a network address; program code for, in response to determining that the communication channel is not associated with a network address, associating the communication channel with a network address that is associated with the selected process; and a computer readable medium on which the program codes are stored. - View Dependent Claims (88, 89)
-
-
90. A method in a computer system for restricting network address-based communication by selected processes to a set of specific network addresses, the method comprising:
-
associating at least one selected process with at least one network address; detecting when a selected process attempts to communicate via an unassociated address; not allowing the attempted communication to proceed.
-
-
91. A computer program product for restricting network address-based communication by selected processes to a set of specific network addresses, the computer program product comprising:
-
program code for associating at least one selected process with at least one network address; program code for detecting when a elected process attempts to communicate via an unassociated address; program code for not allowing attempted communication to proceed; and a computer readable medium on which the program codes are stored.
-
Specification