Dataspace protection utilizing virtual private networks on a multi-node computer system

Assignee

• International Business Machines Corporation · US

Inventors

• Charles J. Archer · Rochester, US
• Amanda Peters · Rochester, US
• Gary R. Ricard · Chatfield, US
• Albert Sidelnik · Saint Paul, US
• Brian E. Smith · Rochester, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6281
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and apparatus provide data security on a parallel computer system using virtual private networks. An access setup mechanism sets up access control data in the nodes that describes which virtual networks are protected and what applications have access to the protected private networks. When an application accesses data on a protected virtual network, a network access mechanism determines the data is protected and intercepts the data access. The network access mechanism in the kernel may also execute a rule depending on the kind of access that was attempted to the virtual network. Authorized access to the private networks can be made via a system call to the access control mechanism in the kernel. The access control mechanism enforces policy decisions on which data can be distributed through the system via an access control list or other security policies.