摘要:
A system for preventing computer malware from exfiltrating data from a user computer in a network via the internet. A host-based network process monitor intercepts network traffic information from the user computer and transmits a network request including user and application information including the network traffic information. An authorization server cooperates with the host-based network process monitor for i) verifying whether the user and process in the network request should have network access, and ii) cryptographically signing the intercepted network traffic information with an authorization server key, to authorize network access for the intercepted network traffic information. A firewall system is operably connected to the user computer and the authorization server configured to inspect the network traffic information from the user computer and reject any traffic information not signed with the authorization server key.
摘要:
A system providing a scalable distributed operating environment is provided. The system may include a cryptographic module for encrypting communications for transmission over an external network. Further, more than one classified processor may be communicatively coupled to the cryptographic module for handling classified processes and information. In addition, more than one unclassified processor may also be communicatively coupled to the cryptographic module for handling unclassified processes and information. The number of classified and unclassified processors activated upon selection of a waveform is dependent upon the degree of complexity of the waveform.
摘要:
A radar system can include electronics configured to receive communications from a terrestrial location. The communications can include composite weather data from a plurality of sources and scheduling data. The scheduling data can include an indication of timing for sending local weather data sensed by an airborne radar system to the terrestrial location. The terrestrial system can provide composite weather radar data to an airborne source.
摘要:
The present invention is a system for providing Multiple Independent Levels of Security (MILS) partitioning. The system includes a memory, a bus controller communicatively coupled to the memory via a memory bus, and a MILS controller communicatively coupled to the bus controller via a host-side bus, the MILS controller configured for monitoring and controlling system transactions. The system further includes a plurality of input/output (I/O) devices communicatively coupled to the MILS controller via a plurality of corresponding device-side buses. The system further includes a MILS separation kernel configured for mapping regions of the memory to a plurality of user partitions. Each I/O device included in the plurality of I/O devices is allocated to a partition included in the plurality of partitions and is isolated from MILS separation kernel space. The MILS separation kernel is configured for guaranteeing isolation of the partitions of the memory. The system further includes a processor connected to the bus controller via a processor front-side bus. The MILS controller is configured for extending MILS partitioning to the plurality of I/O devices.
摘要:
An improved architectural approach for implementation of a low power, scalable topology for a software defined radio (SDR). Low power processors and switching elements forming building blocks are employed in an embedded switched fabric architecture network having a repeating building block topology that advantageously employs wormhole routing and has self-healing, fail-safe properties. Differential signaling is used and data rates in excess of 250 Mbps are possible. In one embodiment a dual civilian and military channel SDR is disclosed; in other embodiments, a plurality of independent SDR channels, with or without encryption, are disclosed. A plurality of different topologies are disclosed including torodial topologies having a planar topology with orthogonal connections, a planar topology with orthogonal and diagonal connections, and a cube topology with both orthogonal and/or diagonal connections.
摘要:
The present invention is a system and a method for extending multiple independent levels of security to a plurality of input/output buses and components connected to the buses. In an exemplary embodiment, the system may include a processing unit suitable for operation in a plurality of security level. A bus controller including security control logic may be coupled to the processing unit for restricting access and flow of information between the physical memory and the plurality of buses. The bus controller may employ base address registers to allocate and map the physical memory to control which partitions of the physical memory are accessible to each of the plurality of buses and thus, a device connected to at least one of the plurality of buses.
摘要:
A multiple security level power managed processing system and method of managing power consumption in a multi security level system is disclosed. The system includes a plurality of nodes having a processor, associated memory and a processor interface. A plurality of processors individually may include multiple independent processing security levels, such as a first processing level and a second processing level. A MILS processor-to-processor network connects the plurality of processors. The system may be configured to distribute the application among the processing levels corresponding to a specific level of security. Power management profiles are used to control operation of the processors to maximize power efficiency while meeting security criteria.
摘要:
A method for transmitting information having different classification levels within an interconnection network includes transmitting a data word having encoded information that indicates a classification level to a processing environment having a classification level. The encoded information is examined to ascertain the indicated classification level. The classification level of the processing environment is verified by comparing it with the indicated classification level, and the data word is delivered to the processing environment upon verification. An interconnection network for transmitting the data words includes a switched fabric topology with serializer/deserializer devices interconnected by router blocks. A node for connecting to the interconnection network includes a network interface module linking the interconnection network and the processing environment. The network interface module examines data words to ascertain their classification level and verifies the classification level of the processing environment. The network interface module delivers the data words to the processing environment upon verification.