Patent
1996-02-09
1999-06-29
Rinehart, Mark H.
39520059, 395186, G06F 1338, G06F 1517
Patent
active
059180188
ABSTRACT:
A system and method of achieving network separation within a computing system having a plurality of network interfaces. A plurality of burbs or regions is defined, wherein the plurality of burbs includes a first and a second burb and wherein each burb includes a protocol stack. Each of the plurality of network interfaces is assigned to one of the plurality of burbs and more than one network interface can be assigned to a particular burb. Processes are bound to specific burbs when they try to access that burb's protocol stack and communication between processes assigned to different burbs is restricted so that a communication between a process bound to one burb must pass through a proxy before being sent to a different burb.
REFERENCES:
patent: 3956615 (1976-05-01), Anderson et al.
patent: 4104721 (1978-08-01), Markstein et al.
patent: 4177510 (1979-12-01), Appell et al.
patent: 4442484 (1984-04-01), Childs, Jr. et al.
patent: 4584639 (1986-04-01), Hardy
patent: 4621321 (1986-11-01), Boebert et al.
patent: 4648031 (1987-03-01), Jenner et al.
patent: 4701840 (1987-10-01), Boebert et al.
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4870571 (1989-09-01), Frink
patent: 4885789 (1989-12-01), Burger et al.
patent: 4914568 (1990-04-01), Kodosky et al.
patent: 5093914 (1992-03-01), Coplien et al.
patent: 5124984 (1992-06-01), Engel
patent: 5153918 (1992-10-01), Tuai
patent: 5204961 (1993-04-01), Barlow
patent: 5228083 (1993-07-01), Lozowick et al.
patent: 5263147 (1993-11-01), Francisco et al.
patent: 5272754 (1993-12-01), Boebert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5303303 (1994-04-01), White
patent: 5305385 (1994-04-01), Schanning et al.
patent: 5311593 (1994-05-01), Carmi
patent: 5329623 (1994-07-01), Smith et al.
patent: 5333266 (1994-07-01), Boaz
patent: 5355474 (1994-10-01), Thuraisngham et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5455828 (1995-10-01), Zisapel
patent: 5485460 (1996-01-01), Scrier et al.
patent: 5511122 (1996-04-01), Atkinson
patent: 5530758 (1996-06-01), Marino, Jr. et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5566170 (1996-10-01), Bakke et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5586260 (1996-12-01), Hu
patent: 5604490 (1997-02-01), Blakley, III et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5615340 (1997-03-01), Dai et al.
patent: 5619648 (1997-04-01), Canale et al.
patent: 5623601 (1997-04-01), Vu
patent: 5636371 (1997-06-01), Yu
patent: 5644571 (1997-07-01), Seaman
patent: 5671279 (1997-09-01), Elgamal
patent: 5673322 (1997-09-01), Pepe et al.
patent: 5684951 (1997-11-01), Goldman et al.
patent: 5689566 (1997-11-01), Nguyen
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5706507 (1998-01-01), Schloss
patent: 5720035 (1998-02-01), Allegre et al.
patent: 5781550 (1998-07-01), Templin et al.
"100% of Hackers Failed to Break Into One Internet Site Protected by Sidewinder", News Release, Secure Computing Corporation (Feb. 16, 1995).
"Internet Security System Given `Product of the Year` Award", News Release, Secure Computing Corporation (Mar. 28, 1995).
"SATAN No Threat to Sidewinder.TM.", News Release, Secure Computing Corporation (Apr. 26, 1995).
Ancilotti, P., et al., "Language Features for Access Control", IEEE Transactions on Software Engineering, SE-9, 16-25 (Jan. 1983).
Lampson, B.W., "Dynamic Protection Structures", AFIPS Conference Proceedings, vol. 35, 1969 Fall Joint Computer Conference, Las Vegas, NV, 27-38 (Nov. 18-20, 1969).
Schroeder, M.D., et al., "A Hardware Architecture for Implementing Protection Rings", Communications of the ACM, 15, 157-170 (Mar. 1972).
Wolfe, A, "Honeywell Builds Hardware for Computer Security", Electronics, 14-15 (Sep. 2, 1985).
Warrier, "A Platform for Heterogeneous Interconnection Network Management", Jan. 1990.
Thomsen, "Type Enforcement: the new security model", Aug. 1996.
Computer Select, "Special Report", Dec. 1994.
Computer Select, "Hey Hackers|", Jan. 1995.
Secure Computing, "Answers to Frequently Asked Questions About Network Security", Sep. 1994.
Commun. of the ACM, vol. 35, p. 28, (Dec. 1992).
"Answers to Frequently Asked Questions About Network Security", Secure Computing Corporation, pp. 1-41 & pp. 1-16, (Date unavailable).
"Copy of PCT Search Report", Application No. PCT/US95/12681, 8 pages, (Apr. 9, 1996).
J. A. Adam, "Meta-matrices", IEEE Spectrum, p. 26, (Oct. 1992).
J. A. Adam, "Playing on the net", IEEE Spectru, 29 (Oct. 1992).
Lee Badger, et al., "Practical Domain and Type Enforcement for UNIX", 1995 IEEE Symposium on Security and Privacy, pp. 66-77, (May, 1995).
N. J. Belkin, et al., "Information filtering and information retrieval: Two sides of the same coin?", Commun. of the ACM, vol. 35, p. 29, (1992).
S. M. Bellovin, et al., "Network Firewalls", IEEE Communications Magazine, vol. 32, 9 pages, (Sep. 1994).
William R. Bevier, et al., "Connection Policies and Controlled Interference", The Eighth IEEE Computer Security Foundations Workshop, IEEE Computer Society Technical Committee on Security and Privacy, pp. 167-176, (Jun., 1995).
T. F. Bowen, et al., "The datacycle architecture", Commun. of the ACM, 35, 71 (1992).
J. Bryan, "Firewalls For Sale", BYTE, 99-100, 102, 104-105, (Apr. 1995).
B. B. Dillaway, et al., "A Practical Design For A Multilevel Secure Database Management System", American Institute of Aeronautics and Astronautics, Inc., pp. 44-57, (Dec. 1986).
Todd Fine, et al., "Assuring Distributed Trusted Mach", IEEE Computer Society Symposium on Research in Security and Privacy, pp. 206-218, (1993).
P. W. Foltz, et al., "Personalized information delivery: an analysis of information filtering methods", Commun. of the ACM, vol. 35, p. 51, (1992).
D. Goldberg, et al., "Using collaborative filtering to weave an information tapestry", Commun. of the ACM, vol. 35, p. 61, (1992).
F. T. Grampp, "Unix Operating System Security", AT&T Bell Laboratories Technical Journal, vol. 63, No. 8, 1649-1672, (Oct. 1984).
J. Thomas Haigh, et al., "Extending the Noninterference Version of MLS", IEEE Transactions on Software Engineering, vol. SE-13, No. 2, pp. 141-150, (Feb., 1987).
S. T. Kent, "Internet privacy enhanced mail", Commun. of the ACM, vol. 36, p. 48, (1993).
K. Lee, et al., "A framework for controlling cooperative agents", Computer, p. 8, (1993).
Yuet C. Lee, et al., "Multimedia: Full-Service Impact on Business, Education, and the Home", SPIE--The International Society for Optical Engineering, vol. 2617, pp. 143-150, (Oct. 1995).
S. Loeb, "Architecting personalized delivery of multimedia information", Commun. of the ACM, 35, 39 (1992).
Paul Merenbloom, "Network `fire walls` safeguard LAN data from outside intrusion", Infoworld, LAN Talk, p. 69 & add'l page, (Jul. 25, 1994).
K. Obraczka, et al., "Internet resource discovery services", Computer, p. 8, (Sep., 1993).
L. Press, "The net: progress and opportunity", Commun. of the ACM, vol. 35, p. 21, (1992).
M. F. Schwartz, "Internet resource discovery at the University of Colorado", Computer, p. 25, (Sep. 1993).
Richard E. Smith, "Sidewinder: Defense in Depth Using Type Enforcement", International Journal of Network Management, pp. 219-229, (Jul.-Aug. 1995).
"Sidewinder Internals", Product information, Secure Computing Corporation, 16 p. (Oct. 1994).
Cobb, S., "Establishing Firewall Policy", IEEE, 198-205 (1996).
Damashek, M., "Gauging Similarity with n-Grams: Language-Independent Categorization of Text", Science, 276, 843-848 (Feb. 10, 1995).
Gassman, B., "Internet Security, and Firewalls Protection on the Internet", IEEE, 93-107 (1996).
Greenwald, M., et al., "Designing an Academic Firewall: Policy, Practice, and Experience with SURF", IEEE, 79-92 (1996).
Karn, P., et al., "The ESP DES-CBC Transform", Network Working Group, Request for Comment No. 1829, http//ds.internic.net/rfc/rfc1829.txt, 9 p. (Aug. 1995).
Metzger, P., et al., "IP Authentication using Keyed MD5", Network Working Group, Request for Comments No. 1828, http//ds.internic.net/rfc/rfc1828.txt, 5 p. (Aug. 1995).
Peterson, L.L., et al., In: Computer Networks, Morgan Kaufmann Publishers,
Andreas Glenn
Gooderum Mark P.
Vu Trinh Q.
Rinehart Mark H.
Secure Computing Corporation
LandOfFree
System and method for achieving network separation does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for achieving network separation, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for achieving network separation will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1384761