Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.

Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.

Abstract: A method of hindering the propagation of a computer virus on a computer network is disclosed. The computer network comprises a plurality of addressable connections capable of receiving data from at least one computer system, and a detection computer arranged to detect the presence of a computer virus. The method comprises: operating the detection computer to monitor the plurality of addressable connections thereby to detect the presence of a computer virus on at least one of the addressable connections; in the event that a computer virus is detected, identifying the at least one computer system that sent the computer virus to the at least one addressable connection; and sending virus remediating means to the at least one identified computer system, the virus remediating means being arranged at least to hinder the operation of the computer virus. A computer program and computer system for hindering the propagation of a computer virus is also disclosed.

Abstract: Propagation of viruses in a network having a plurality of hosts is restricted. Network activity of a first host of the plurality is monitored, and a first record established which is at least indicative of identities of hosts within the network contacted by a first host. Contact of the first host to other hosts within the network is limited over the course of a first time interval, so that during the first time interval the first host is unable to contact more than a predetermined number of hosts not in the first record. The method further comprises an additional selection process for determining hosts of the plurality the first host is allowed to contact.

Abstract: A method of operating a first host within a network of a plurality of hosts. Over the course of a first time interval, requests received at the first host from a second host to send data to destination hosts are monitored. Identities of destination hosts monitored during the first time interval are compared with destination host identities in a record. Then, either data relating to requests which identify a destination host not in the record are stored in a storage buffer. Or the passage of data from the second host to the destination host within the network is limited over the course of the first time interval, so that during the first time interval the second host is unable to send data to more than a predetermined number of hosts not in the record.

Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.

Abstract: A method of hindering the propagation of a computer virus on a computer network is disclosed. The computer network comprises a plurality of addressable connections capable of receiving data from at least one computer system, and a detection computer arranged to detect the presence of a computer virus. The method comprises: operating the detection computer to monitor the plurality of addressable connections thereby to detect the presence of a computer virus on at least one of the addressable connections; in the event that a computer virus is detected, identifying the at least one computer system that sent the computer virus to the at least one addressable connection; and sending virus remediating means to the at least one identified computer system, the virus remediating means being arranged at least to hinder the operation of the computer virus. A computer program and computer system for hindering the propagation of a computer virus is also disclosed.

Abstract: A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.

Abstract: A method of identifying a software vulnerability on a computer system is disclosed in which the computer system has software stored thereon and is connected to a management system over a computer network. The method comprises the steps of: applying an interrogation program to the software, the interrogation program being capable of exploiting a known software vulnerability if it is present in the software to which the interrogation program is applied; in the event that the software vulnerability is exploited by the interrogation program, operating the interrogation program to generate a set of management information from which can be derived the identification of the computer system; and sending the management information to the management system.

Abstract: Requests to send data from a first host within a network of hosts are monitored against a record of destination hosts who have been sent data in accordance with a predetermined policy. Destination host identities not the record are stored in a buffer. The buffer size is monitored to establish whether requests from the first host are pursuant to viral activity therein.

Abstract: A cheat detection facility is provided in which integrity challenges are issued to a game participant seeking to ensure that the participant is not running any patches or other executable code to augment his performance in the game. The player cannot participate further in the game if an integrity check is failed.

Abstract: An operating system for processing multiple tasks, the operating system comprising means for generating the multiple tasks including data indicating a time at which or by which (and/or a frequency at which and/or one or more events in response to which) the task should be processed, means for associating time stamp data with the tasks, said time stamp data being indicative of the date and/or time at which the respective tasks were generated, and means for receiving said tasks for processing at a particular time, determining from the associated time stamp for each task the date and/or time at which said task was generated, determining whether or not the processing of said task at said particular time is consistent with one or more predetermined operating system policies, and causing said task to be processed at said particular time only if such processing is determined to be consistent with said operating system policies.

Abstract: A long-term digital document storage system, comprising means for receiving one or more digital documents for storage in a storage means, one or more storage sites for storing, in association with the one or more digital documents, metadata defining a data management strategy or “agreement” with respect to the one or more digital documents, the “agreement including one or more “clauses” defining respective constraints to be applied by the storage system to the one or more digital documents, the system further comprising means for configuring the data management strategy or agreement by defining or specifying at least some of the constraints individually according to specific requirements related to said one or more pieces of digital data. As such, the invention is concerned with the fine-grained management of documents within a storage system by the flexible definition and association with a document of a number of clauses (i.e.

Abstract: A reclosable, flexible package is mad from a sheet of film material folded to form overlying panels. A slider fastener assembly is secured to one of the panels and has a predetermined length to avoid conflict with side seals joining the panels together. A line of weakness is formed in the panels so as to be positioned below the fastener tracks. The fastener tracks are secured to the package panels using fastener track flanges of minimal height.

Abstract: An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.

Abstract: An operating system comprising a kernel 100 incorporating mandatory access controls as a means to counter the effects posed by application compromise. The operating system uses a technique known as “containment” to at least limit the scope of damage when security breaches occur.

Abstract: A system and method are disclosed which enable management of compartments implemented by an OS for defining containment in a system. In one embodiment, a method of administering a processor-based system is disclosed, which comprises implementing at least one compartment for containing at least one process, and providing at least one command-line utility executable to manipulate the compartment(s). A system is also disclosed that comprises an operating system that implements compartment(s) to which process(es) can be associated. The system further includes at least one configuration file defines the compartment(s), and means for performing management of the compartment(s) without requiring that a user edit the configuration file(s). A computer-readable medium is also disclosed that comprises a library of software functions for managing compartment(s) implemented by an operating system. Such library includes at least one command-line utility executable to manipulate the compartment(s).

Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.