Patents by Inventor Jonathan Tester

Jonathan Tester has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 9489534
    Abstract: A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves. Each enclave is assigned a security classification level. Each enclave resides in a different storage partition of the storage medium. Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis. Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted. The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves. The reference monitor allows an enclave having a first classification level to securely read-down to an enclave having a second classification level lower than the first classification level and to write to another enclave having the first classification level.
    Type: Grant
    Filed: October 23, 2014
    Date of Patent: November 8, 2016
    Assignee: Northrop Grumman Systems Corporation
    Inventors: Brant D. Hashii, Mark O. Scott, Daniel R. Silverman, Lee Wixtrom, Jonathan Tester, Steve A. Brown
  • Publication number: 20160117519
    Abstract: A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves. Each enclave is assigned a security classification level. Each enclave resides in a different storage partition of the storage medium. Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis. Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted. The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves. The reference monitor allows an enclave having a first classification level to securely read-down to an enclave having a second classification level lower than the first classification level and to write to another enclave having the first classification level.
    Type: Application
    Filed: October 23, 2014
    Publication date: April 28, 2016
    Inventors: Brant D. Hashii, Mark O. Scott, Daniel R. Silverman, Lee Wixtrom, Jonathan Tester, Steve A. Brown
  • Patent number: 7484239
    Abstract: A call to a critical operating system function is stalled. The pregion and pregion type associated with the location of a call module originating the call is determined. In one embodiment, when the pregion type is either a stack or a heap pregion type, protective action is taken, such as terminating the call, otherwise the call is released. In another embodiment, when the pregion type is either a text or shared memory pregion type, the call is released, otherwise protective action is taken.
    Type: Grant
    Filed: November 30, 2004
    Date of Patent: January 27, 2009
    Assignee: Symantec Corporation
    Inventors: Jonathan Tester, Sunita Verma
  • Patent number: H2196
    Abstract: One or more specified system calls of a running process are trapped in kernel space from user space. While the process is stopped, information associated with the process is read and a security analysis is performed on the information to determine whether malicious code activity is detected, such as a buffer overflow. If malicious code activity is detected, protective action is taken, such as killing the specified system call. Otherwise, if malicious code activity is not detected, the specified system call is restarted.
    Type: Grant
    Filed: September 30, 2004
    Date of Patent: July 3, 2007
    Assignee: Symantec Corporation
    Inventor: Jonathan Tester