Abstract: Examples relate to Input/Output (I/O) data encryption and decryption. In an example, an encryption/decryption engine on an Integrated Circuit (IC) of a computing device obtains at least one plaintext data. Some examples determine, by the encryption/decryption engine, whether the at least one plaintext data is to be sent to a memory in the computing device or to an I/O device. Some examples apply, when the at least one plaintext data is to be sent to the I/O device and by the encryption/decryption engine, an encryption primitive of a block cipher encryption algorithm to the at least one plaintext data to create output encrypted data, wherein an initialization vector that comprises a random number is applied to the encryption primitive.

Abstract: A computing platform 20 runs a compartmented operating system 22 and includes a trusted device 23 for forming an integrity metric which a user can interrogate to confirm integrity of the operating system. Also, the integrity of an individual compartment 24 is verified by examining status information for that compartment including, for example, the identity of any open network connections, the identity of any running processes, and the status of a section of file space allocated to that compartment 24. Hence, the integrity of an individual compartment 24 of the compartmented operating system 22 can be demonstrated.

Abstract: A computer system includes an authentication service running in a virtual machine. The authentication service uses the hardware components of the computer system in performing a user authentication process and responds to a remote call from another virtual machine by performing the user authentication process and returning a result.

Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated and have their own management entities. An interface between infrastructures allows controlled relaxation of the isolation, using a gateway between virtual nets, or shared virtual storage devices. This can allow businesses to share data or applications, while maintaining control of security.

Abstract: Access to a data processor is controlled by determining if a requested function command conforms to a set of parameters, the set of parameters being derived from previously executed function commands. If the requested function command does not conform to the set of parameters the data processor is controlled to temporarily hold the execution of the requested function commands.

Abstract: A virtual network has network interfaces coupled by a multipoint tunnel (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. This makes the virtual network more agile since changes to the virtual network can be achieved by reconfiguring the corresponding forwarding addresses without needing to set up new tunnels new routing to these different tunnels. The forwarding network need not be aware of the virtual network and so no adaptation of the forwarding network or specialised hardware is needed.

Abstract: A computer system includes an authentication service running in a virtual machine. The authentication service uses the hardware components of the computer system in performing a user authentication process and responds to a remote call from another virtual machine by performing the user authentication process and returning a result.

Abstract: A method of computer operating system data management comprising the steps of: (a) associating data management information with data input to a process (300); and (b) regulating operating system operations involving the data according to the data management information is provided (310). A computing platform (1) for operating system data management is also provided. Furthermore, a computer program including instructions configured to enable operating system data management, an operating system, and an operating system data management method and apparatus arranged to identify data having data management information associated therewith when that data is read into a memory space are provided.

Abstract: A system has a virtual overlay infrastructure mapped onto physical resources for processing, storage and network communications, the virtual infrastructure having virtual entities for processing, storage and network communications. Virtual infrastructures of different users share physical resources but are isolated and have their own management entities. An interface between infrastructures allows controlled relaxation of the isolation, using a gateway between virtual nets, or shared virtual storage devices. This can allow businesses to share data or applications, while maintaining control of security.

Abstract: A data handling apparatus (400) for a computer platform (1) using an operating system executing a process, the apparatus comprising a system call monitor (402) for detecting predetermined system calls, and means (402, 404, 406) for applying a data handling policy to the system call upon a predetermined system call being detected, whereby the data handling policy is applied for all system calls involving the writing of data outside the process. A corresponding method is disclosed.

Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.

Abstract: A virtual network has network interfaces coupled by a multipoint tunnel (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. This makes the virtual network more agile since changes to the virtual network can be achieved by reconfiguring the corresponding forwarding addresses without needing to set up new tunnels new routing to these different tunnels. The forwarding network need not be aware of the virtual network and so no adaptation of the forwarding network or specialised hardware is needed.

Abstract: A trusted computing environment 100, wherein each computing device 112 to 118 holds a policy specifying the degree to which it can trust the other devices in the environment 100. The policies are updated by an assessor 110 which receives reports from trusted components 120 in the computing devices 112 to 118 which identify the trustworthiness of the computing devices 112 to 118.

Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.

Abstract: A data handling apparatus (400) for a computer platform (1) using an operating system executing a process, the apparatus comprising a system call monitor (402) for detecting predetermined system calls, and means (402, 404, 406) for applying a data handling policy to the system call upon a predetermined system call being detected, whereby the data handling policy is applied for all system calls involving the writing of data outside the process. A corresponding method is disclosed.

Abstract: A method of computer operating system data management comprising the steps of: (a) associating data management information with data input to a process (300); and (b) regulating operating system operations involving the data according to the data management information is provided (310). A computing platform (1) for operating system data management is also provided. Furthermore, a computer program including instructions configured to enable operating system data management, an operating system, and an operating system data management method and apparatus arranged to identify data having data management information associated therewith when that data is read into a memory space are provided.

Abstract: An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.

Abstract: A system and method are disclosed which enable management of compartments implemented by an OS for defining containment in a system. In one embodiment, a method of administering a processor-based system is disclosed, which comprises implementing at least one compartment for containing at least one process, and providing at least one command-line utility executable to manipulate the compartment(s). A system is also disclosed that comprises an operating system that implements compartment(s) to which process(es) can be associated. The system further includes at least one configuration file defines the compartment(s), and means for performing management of the compartment(s) without requiring that a user edit the configuration file(s). A computer-readable medium is also disclosed that comprises a library of software functions for managing compartment(s) implemented by an operating system. Such library includes at least one command-line utility executable to manipulate the compartment(s).

Abstract: A computing platform 20 runs a compartmented operating system 22 and includes a trusted device 23 for forming an integrity metric which a user can interrogate to confirm integrity of the operating system. Also, the integrity of an individual compartment 24 is verified by examining status information for that compartment including, for example, the identity of any open network connections, the identity of any running processes, and the status of a section of file space allocated to that compartment 24. Hence, the integrity of an individual compartment 24 of the compartmented operating system 22 can be demonstrated.

Abstract: A process 23 runs directly on a host operating system 22, until the process 23 attempts an operation which can affect security of the host operating system 22 (such as loading a kernel module or using system privileges). A guest operating system 25 is then provided running as a virtual machine session within a compartment 24 of the host operating system 22 and running of the process 23 continues using the guest operating system. Operations of the process 23 which can affect security of the host operating system 22 are instead performed on the guest operating system 25, giving greater security. The guest operating system 25 is only invoked selectively, leading to greater overall efficiency.