公开(公告)号：US20070083914A1

公开(公告)日：2007-04-12

申请号：US11494291

申请日：2006-07-26

Applicant: Jonathan Griffin ,  Andrew Norman ,  Richard Smith

Inventor： Jonathan Griffin ,  Andrew Norman ,  Richard Smith

IPC: H04L9/32

CPC classification number: H04L63/1441 ,  G06F21/56

Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working set and to which packets may be transmitted; deleting packets whose transmission has been restricted.

Abstract translation: 一种限制来自网络中的主机实体的数据分组的传输的方法，包括：向存储在主机身份记录的工作集中的记录中包含其身份的目的地主机发送输出分组; 在重复的预定时间间隔的过程中，限制到预定数量的目的地主机，其不在工作组中识别，并且可以发送哪些分组; 删除传输限制的数据包。

公开(公告)号：US20070083913A1

公开(公告)日：2007-04-12

申请号：US11494289

申请日：2006-07-26

Applicant: Jonathan Griffin ,  Andrew Norman ,  Richard Smith

Inventor： Jonathan Griffin ,  Andrew Norman ,  Richard Smith

IPC: H04L9/32

CPC classification number: H04L63/1441 ,  G06F21/56

Abstract: A method of restricting transmission of data packets from a host entity in a network, comprising: transmitting outgoing packets to destination hosts whose identities are contained in a record stored in a working set of host identity records; over the course of repeated predetermined time intervals, restricting, to a predetermined number, destination hosts not identified in the working to which packets may be transmitted; upon transmission of a packet to a host whose identity is not contained in a record in the working set, adding a record containing the host's identity to the working set and attributing a time to live to the record; deleting each record from the working set whose time to live has expired.

Abstract translation: 一种限制来自网络中的主机实体的数据分组的传输的方法，包括：向存储在主机身份记录的工作集中的记录中包含其身份的目的地主机发送输出分组; 在重复的预定时间间隔的过程中，将预定数目的目的地主机限制在可以发送分组的工作中未识别的目的地主机; 在将数据包发送到其身份不包含在工作集中的记录中的主机时，将包含主持人的身份的记录添加到工作集并且将时间归因于记录; 从工作集中删除每个记录已经过期的记录。

公开(公告)号：US07159210B2

公开(公告)日：2007-01-02

申请号：US10175553

申请日：2002-06-18

Applicant: Jonathan Griffin ,  Christopher I. Dalton

Inventor： Jonathan Griffin ,  Christopher I. Dalton

IPC: G04F9/45 ,  G04F9/48 ,  G04F12/00 ,  G04F9/455

CPC classification number: G06F9/45537

Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.

Abstract translation: 进程23直接在主机操作系统22上运行，直到进程23尝试可能影响主机操作系统22的安全性的操作（诸如加载内核模块或使用系统特权）。 然后，客机操作系统25作为虚拟机会话被提供在主机操作系统22的隔间24内，并且进程23的运行继续使用客户机操作系统。 替代地，在客户操作系统25上执行可能影响主机操作系统22的安全性的过程23的操作，从而提供更大的安全性。 客户操作系统25仅被选择性地调用，导致更高的整体效率。