WO2007113406A3 - System for secure access from a terminal to communication networks - Google Patents
System for secure access from a terminal to communication networks Download PDFInfo
- Publication number
- WO2007113406A3 WO2007113406A3 PCT/FR2007/050871 FR2007050871W WO2007113406A3 WO 2007113406 A3 WO2007113406 A3 WO 2007113406A3 FR 2007050871 W FR2007050871 W FR 2007050871W WO 2007113406 A3 WO2007113406 A3 WO 2007113406A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- space
- dedicated
- execution space
- communication networks
- execution
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1491—Protection against unauthorised use of memory or access to memory by checking the subject access rights in a hierarchical protection system, e.g. privilege levels, memory rings
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
Abstract
Secure system for executing, in a terminal (10) intended to be connected to a plurality of communication networks (60, 61, 62), at least one application dedicated to a given communication network. According to the invention, said system comprises:- at least one central manager (31 ) for at least one execution space (11, 12), able to: * identify said given communication network through a request originating from said application, * create an execution space, and dedicate said execution space to said given communication network, - at least one manager (32, 33) of at least one memory addressing space, able to: * allocate a memory addressing space to said application in response to said request, and to associate said memory addressing space with said dedicated execution space, * prevent applications that are executing on execution spaces other than said dedicated execution space from accessing data present in said dedicated execution space, - at least one network multiplexer (34) able to prevent the exchange of data between said dedicated execution space and other communication networks.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0650928 | 2006-03-17 | ||
FR0650928 | 2006-03-17 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007113406A2 WO2007113406A2 (en) | 2007-10-11 |
WO2007113406A3 true WO2007113406A3 (en) | 2008-05-08 |
Family
ID=37496630
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2007/050871 WO2007113406A2 (en) | 2006-03-17 | 2007-03-02 | System for secure access from a terminal to communication networks |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007113406A2 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6199181B1 (en) * | 1997-09-09 | 2001-03-06 | Perfecto Technologies Ltd. | Method and system for maintaining restricted operating environments for application programs or operating systems |
EP1132796A1 (en) * | 2000-03-08 | 2001-09-12 | Universite Catholique De Louvain | Mobile code and method for resource management for mobile code |
US20040006706A1 (en) * | 2002-06-06 | 2004-01-08 | Ulfar Erlingsson | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20050250480A1 (en) * | 2002-06-17 | 2005-11-10 | Etienne Annic | System and method of managing communication network-dedicated architecture on a terminal |
-
2007
- 2007-03-02 WO PCT/FR2007/050871 patent/WO2007113406A2/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6199181B1 (en) * | 1997-09-09 | 2001-03-06 | Perfecto Technologies Ltd. | Method and system for maintaining restricted operating environments for application programs or operating systems |
EP1132796A1 (en) * | 2000-03-08 | 2001-09-12 | Universite Catholique De Louvain | Mobile code and method for resource management for mobile code |
US20040006706A1 (en) * | 2002-06-06 | 2004-01-08 | Ulfar Erlingsson | Methods and systems for implementing a secure application execution environment using derived user accounts for internet content |
US20050250480A1 (en) * | 2002-06-17 | 2005-11-10 | Etienne Annic | System and method of managing communication network-dedicated architecture on a terminal |
Non-Patent Citations (2)
Title |
---|
QUN ZHONG ET AL: "Security in the large: is Java's sandbox scalable?", RELIABLE DISTRIBUTED SYSTEMS, 1998. PROCEEDINGS. SEVENTEENTH IEEE SYMPOSIUM ON WEST LAFAYETTE, IN, USA 20-23 OCT. 1998, LOS ALAMITOS, CA, USA,IEEE COMPUT. SOC, US, 20 October 1998 (1998-10-20), pages 387 - 392, XP010319092, ISBN: 0-8186-9218-9 * |
SYGATE: "Sygate Personal Firewall PRO User Guide", SYGATE PERSONAL FIREWALL PRO USER GUIDE, 2001, pages 1 - 77, XP002248366 * |
Also Published As
Publication number | Publication date |
---|---|
WO2007113406A2 (en) | 2007-10-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102195874B (en) | The preextraction of packet | |
WO2009075033A1 (en) | Packet communication system, method for packet communication, node, and user terminal | |
CN103179049B (en) | Classification self adaptation dynamically goes out port and the system and method for queue buffer management | |
WO2007016518A3 (en) | Communication protocol testing system | |
CN103092798B (en) | The method of the access means under SOC(system on a chip) and bus | |
EP2887223A1 (en) | Memory system, memory module, memory module access method and computer system | |
WO2007106565A3 (en) | Extendable framework for distributed applications and data | |
WO2006090367A3 (en) | Method and apparatus for distributed data management in a switching network | |
CN101242371A (en) | Method, system and device router overlapping based on PCIe exchange architecture | |
WO2007146343A3 (en) | Sharing data between partitions in a partitionable system | |
WO2005106701A3 (en) | Maintaining data integrity in a distributed environment | |
RU2008116715A (en) | STATICALLY TESTED ALLOWED INTER-PROCESS EXCHANGE ISOLATED PROCESSES | |
ATE450832T1 (en) | DYNAMIC RESOURCES ALLOCATION | |
CN101562542B (en) | Response method for free ARP request and gateway device thereof | |
CN110740057A (en) | service deployment method and block chain platform | |
CN107193673A (en) | A kind of message processing method and equipment | |
CN102388357A (en) | Method and system for accessing memory device | |
CN103430161A (en) | Method, device and system based on PCIE Switch communication | |
CN103166845A (en) | Data processing method and device | |
CN107295117B (en) | A kind of distribution method and device of address pool | |
US8650346B2 (en) | Method and bus system for equalizing data information traffic and decoder | |
JP6995886B2 (en) | Layer 3 communication implementation | |
CN109446130A (en) | A kind of acquisition methods and system of I/O device status information | |
CN103942149B (en) | The method and system of User space program and kernel mutual message | |
WO2007113406A3 (en) | System for secure access from a terminal to communication networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07731688 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07731688 Country of ref document: EP Kind code of ref document: A2 |