Electrical computers and digital processing systems: virtual mac – Task management or control – Process scheduling
Reexamination Certificate
2000-03-17
2004-12-28
An, Meng-Al T. (Department: 2127)
Electrical computers and digital processing systems: virtual mac
Task management or control
Process scheduling
C718S100000, C718S102000, C713S164000, C713S152000
Reexamination Certificate
active
06836888
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to a secure computing environment within a standalone host computer on a virtual private network.
A computing environment is a collection of processes that can interact with each other and access each other's resources without going through a gatekeeper. A gatekeeper is an entity or device that controls the flow of information through it according to some specific policy. A “firewall” is an example of a gatekeeper.
A virtual private network (VPN) is a logical overlay of a private network on top of another public network. Broadly speaking, there are two types of virtual private networks. The first type of virtual private network operates between two or more private networks. An example of this first type is a virtual private network that connects a branch office network to a corporate headquarters network. This type of virtual private network is known as a network-to-network virtual private network. A second type of virtual private network connects a host computer to a private network. An example of this second type is a virtual private network that connects a telecommuter's home computer to his employer's corporate network. The second type of network is known as a host-to-network virtual private network.
Currently, virtual private networks of both types employ cryptographic security measures in the communications link between the remote network or host and the other network. For virtual private networks of the first type, this is typically sufficient in order to ensure a secure virtual private network because each of the networks connected by the virtual private network forms a computing environment that is secured by means of one or more restrictive gatekeepers. That is,
A host in each of the private networks is placed behind a firewall, which provides a first level of defense against hackers in a public network.
A host inside a private network may be professionally monitored by a security staff, and such a staff may be trained to recognize and remedy security breaks.
A host within a private network may also be subject to restrictions regarding modifications and/or additions to the software on the host.
A host within a private network may also be subject to restrictions regarding the people who are able to access the host. At a minimum, physical security measures maintained by the organization will restrict the universe of possible users to persons who have access to the building in which the host is located.
In the case of a host-to-network virtual private network, extra measures are required because none of the above-mentioned restrictions are found in a typical host, such as a PC at the home of an employee. Moreover, while the host connects to a private network and becomes part of the host-to-network virtual private network, it continues to exist in an insecure environment through direct links to the Internet. Consequently, such a host—being a part of and within the virtual private network—potentially exposes the to entire private network to an attack that bypasses the firewall or other gatekeepers.
Another danger is that a host that is connected to a private network may also be connected to another private network at the same time, allowing that host computer to concurrently belong to both private networks. Clearly, this is not a desirable situation, particularly if the two networks belong to competing organizations.
The general problem of protecting a computing environment is obviously not new. Multiple protection mechanisms have been proposed in the past based on programming languages, operating system constructs, security protocols, and so on. Most of this work concerns protecting two peer environments from each other. More recently, there has been a great deal of interest in sandboxing in which a secure computing environment is protected against imported elements.
Other work includes protection of mobile code, which is code that roams a network independently. A problem with mobile code involves ensuring the security of the mobile code as it executes on untrusted network elements. A number of solutions have been proposed to ensure security. These include: cryptographic mechanisms that encrypt computation, redundant computation using fault-tolerance mechanisms, and logging. These techniques are well suited to mobile code applications where there can be no trust placed in the remote environment. However, they are unduly costly and restrictive in cases where a remote environment can be trusted to some extent, e.g., when the remote environment is an employee's home computer.
The work on electronic intellectual property protection, also utilizes some similar mechanisms. For example, The InterTrust DigiBox architecture described in A Self-Protecting Container For Electronic Commerce, In Proceedings of First USENIX Electronic Commerce Workshop, by Sibert et al., July 1995, is a system that securely exports electronic information to prevent misuse of the information. The work on electronic copy protection is focused on securely exporting passive documents.
A number of systems have proposed using wrappers to protect applications. The StrongBox system, described by B. S. Yee in “A Sanctuary for Mobile Agents,” Technical Report CS97-537, University of California at San Diego, La Jolla, Calif., April 1997, represents an early approach that focuses on the security of client-server systems in which both the client and server might be running on untrusted machines. More recently, a system that uses software wrappers to secure off-the-shelf applications running in unsafe environments is described in
Hardening COTS Software with Generic Software Wrappers
, by Fraser et al., in Proceedings of the 1999 IEEE Symposium on Security and Privacy, May 1999. This work, however, is targeted at the problem of “hardening” individual applications and not on securing whole environments.
Finally, there has been a lot of work on secure operating systems. The earliest related work is the classic report by James Anderson in 1972 in Technical Report ESD-TR-73-51, Electronics Systems Division entitled
Computer Security Technology Planning Study
that introduced reference monitors. Reference monitors ensure that all access to system resources are authorized and can be implemented in software and/or hardware. Other secure operating systems include:
SCOMP: A Solution to the Multilevel Security Problem
, by Fraim, in Computer 16(7):26-34, 1983
; LOCK Trek: Navigating Unchartered Space
, by Saydjar:, et al. in Proceedings of the 1989 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 167-175, VAX VMM described in
A Retrospective on VAX VMM Security Kernel
, by Karger et al., In IEEE Transactions on Software Engineering 17(11): 1147-1165, 1991; and Trusted Mach described in
Access Mediation in a Message Passing Kernel
, by Branstad et al., In Proceedings of the IEEE Computer Society Symposium on Security and Privacy, pp. 66-72, 1989. The SCOMP and LOCK architectures use a separate security processor for reference validation. The VAX VMM system uses virtual machines that are described in
Survey of Virtual Machine Research
, by Golderg, IEEE Computer Magazine 7(a): 34-45, June 1974, to provide multilevel security and access control. Lastly, the Trusted Mach kernel enforces Bell-LaPadula security that is described in
Secure Computer System: Unified Exposition and Multics Interpretation
, by Bell et al., Technical Report MTR-2997 Rev. 1 AD A023 588, The Mitre Corp., 1976 using a kernel and trusted servers.
SUMMARY OF THE INVENTION
It will be readily apparent from the above, that a need exists in the art for providing additional security to a standalone host. This need is satisfied, and an advance in the art is achieved, with an arrangement that creates a secure computing environment in a host computer. The created “reverse sandbox” computing environment is considered a safe area that is protected from attacks originating outside the safe area. The reverse sandbox technique extends a private computing environment suc
Basu Anindya
Mittra Suvo
Ali Syed
Lucent Technologies - Inc.
LandOfFree
System for reverse sandboxing does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System for reverse sandboxing, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System for reverse sandboxing will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3319249