Abstract: A system securing inter-process communication (IPC) based on trust includes a user quota mechanism to provide resource management of IPC's. A single user is allowed to allocate a fixed amount of objects less than a system maximum. A trusted IPC mechanism mediates access to IPC objects by employing signed executables signed by a key and containing a list of trusted keys. A trust relationship is used among a set of subjects connected to an IPC to determine whether communication can be carried out between processes. In order for the processes to communicate via an IPC, either they have to trust each other, or a kernel must trust one process and that process must also trust the other process.

Abstract: A security architecture is provided for accessing security components associated with an operating system. The security architecture is generally comprised of: a policy tree storing a plurality of security policies, where each security policy is define as at least one system call which correlates to a security operation and a corresponding security component for executing the security operation; and a policy manager adapted to intercept system calls from the operating system and operable to determine an applicable response based on the policy tree. The policy tree and the policy manager reside in a protected memory space of the execution environment.

Abstract: Access control is mediated by a set of 2-tuple labels or attributes which are associated with subject and object entities, respectively. Subject entitles, such as processes, have separate read and write attributes, while object entities, such as files, have separate integrity and write control attributes. The system implements a set of rules to provide both integrity control and confidentiality protection. Specifically, write operations to an object are inhibited where the subject's write attribute is lower than the write control attribute of the object. Read operations from an object are inhibited where the subject's read attribute is lower than the object's integrity attribute. When a subject reads from an object having a lower integrity level than the subject's read attribute, the subject's read attribute is demoted.

Abstract: A system securing inter-process communication (IPC) based on trust includes a user quota mechanism to provide resource management of IPC's. A single user is allowed to allocate a fixed amount of objects less than a system maximum. A trusted IPC mechanism mediates access to IPC objects by employing signed executables signed by a key and containing a list of trusted keys. A trust relationship is used among a set of subjects connected to an IPC to determine whether communication can be carried out between processes. In order for the processes to communicate via an IPC, either they have to trust each other, or a kernel must trust one process and that process must also trust the other process.

Abstract: A method is provided for detecting intrusions to a computing environment. The method includes: monitoring system calls made to an operating system during a defined period of time; evaluating the system calls made during the defined time period in relation to system calls made during known intrusions; and evaluating the temporal sequence in which system calls were made during the defined time period when the system calls made match the system calls made during a known intrusion. If a potential intrusion is detected at this stage, then a more complicated detection scheme may be performed by a second detection scheme. For instance, the second detection scheme may assess the temporal sequence in which the system calls were made and/or the system files accessed by the system calls.

Abstract: An intrusion detection system includes a computer readable datastore containing a double Markov model for modeling events in system log files of a computer system by looking at multiple log files and correlations among different log files. An intrusion detection module performs intrusion detection by using the double Markov model to assess probability that a new event is an intrusion, including routinely scanning the system logging data and processing the data periodically. A countermeasures module takes countermeasures when an intrusion is detected.

Abstract: An access control method includes dividing a data processing system into multiple zones. Memberships of processes and objects in the zones are identified, and internal relationships between the zones are defined. The relationships between the zones are used to grant or deny processes access to objects based on their memberships in the zones and positions of the processes in the zones.

Abstract: A mandatory access control method for securing an operating system is presented. A first integrity subject reads a first object. The first integrity subject attempts to read a second object. It is determined that a conflict exists between the first and second objects. At least one security rule is applied to the conflict between the first and the second objects.

Abstract: An intelligent agent has a local component associated with a user device and a network component capable of mobility that will traverse different locations on a network to discover available media content that meets the user's stored preferences. Using published presence information or user schedule information, the intelligent agent will locate a user device accessible to the user and provide notification when media content of interest is discovered. The intelligent agent mediates the media acquisition and delivery process. Content can be delivered to any one or more diverse user devices, based on user instructions or preferences. The intelligent agent interacts with authentication and purchasing mechanisms to effect secure transactions on the user's behalf.

Abstract: A security architecture is provided for accessing security components associated with an operating system. The security architecture is generally comprised of: a policy tree storing a plurality of security policies, where each security policy is define as at least one system call which correlates to a security operation and a corresponding security component for executing the security operation; and a policy manager adapted to intercept system calls from the operating system and operable to determine an applicable response based on the policy tree. The policy tree and the policy manager reside in a protected memory space of the execution environment.

Abstract: A computer-implemented method is presented that allows a user to receive a work such as a movie at any time and at any location. A first client connects to a server through a network. A work is selected through the first client. Transaction data related to a user's right to receive a work is created and stored. A request is sent to the server to transmit the work. The work is transmitted to either the first or the second clients at any time based upon the user's right to receive the work.

Abstract: Access control is mediated by a set of 2-tuple labels or attributes which are associated with subject and object entities, respectively. Subject entitles, such as processes, have separate read and write attributes, while object entities, such as files, have separate integrity and write control attributes. The system implements a set of rules to provide both integrity control and confidentiality protection. Specifically, write operations to an object are inhibited where the subject's write attribute is lower than the write control attribute of the object. Read operations from an object are inhibited where the subject's read attribute is lower than the object's integrity attribute. When a subject reads from an object having a lower integrity level than the subject's read attribute, the subject's read attribute is demoted.

Abstract: A mandatory access control method for securing an operating system is presented. A first integrity subject reads a first object. The first integrity subject attempts to read a second object. It is determined that a conflict exists between the first and second objects. At least one security rule is applied to the conflict between the first and the second objects.

Abstract: A method is provided for replacing a loadable software module in an operating system. The method include: maintaining a reference count for a loadable software module associated with a kernel of the operating system; linking a replacement software module for the loadable software module into the kernel of the operating system; receiving a resource request for the loadable software module after the replacement software module is linked into the kernel; and directing the resource request for the loadable software module to the replacement software module. The method may further include unlinking the loadable software module from the kernel of the operating system when there are no longer any active references to the loadable module.

Abstract: A computerized point-of-sale terminal for use in laundry and dry cleaning establishments includes a keyboard for entering items to be laundered or dry cleaned, characteristics of the entered items, and services to be performed on the entered items, and a printer for printing a ticket. The terminal also includes a stationary bar code reader positioned to read a bar code on a ticket being moved by the ticket transport mechanism of the printer. The printer, ticket transport mechanism and bar code reader are all controlled by programmed routines being executed by the computer of the terminal. By using a single ticket transport mechanism for both the printer and the bar code reader, the number of parts as well as the weight and bulk of the terminal is reduced.