Method and apparatus providing multiple single levels of security for distributed processing in communication systems
First Claim
Patent Images
1. A security system providing multiple single levels of security (MSLS) for associated apparatus, each of said associated apparatus including a respective plurality of ports and/or channels, and wherein said security system comprises:
- label assignor means for assigning security labels to respective ones of said plurality of ports and/or channels of said associated apparatus;
programmable configuration generator means for requesting an interconnection of selected ports and/or channels of a first associated apparatus with specific designated ports and/or channels of a second associated apparatus for effecting communication therebetween;
switch policy means responsive to the port and/or channel security label assignments from said label assignor means, and port and/or channel interconnections requested by said programmable configuration generator, for both permitting only those ports and/or channels meeting both hierarchical and non-hierarchical label based mandatory access control requirements to be retained in the requested interconnection, and notifying said configuration generator means of the ports and/or channels denied interconnection; and
switching means responsive to said switch policy means for interconnecting only those ports and/or channels meeting both hierarchical and non-hierarchical label based mandatory access control requirements.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for operating a multiple single levels of security (MSLS) system comprising the step of providing switched-circuit functionality between channels operating at the same level of security whereby MSLS requirements are met and intelligence is distributed in a way to minimize security certification effort, and apparatus operative for said method.
83 Citations
29 Claims
-
1. A security system providing multiple single levels of security (MSLS) for associated apparatus, each of said associated apparatus including a respective plurality of ports and/or channels, and wherein said security system comprises:
-
label assignor means for assigning security labels to respective ones of said plurality of ports and/or channels of said associated apparatus;
programmable configuration generator means for requesting an interconnection of selected ports and/or channels of a first associated apparatus with specific designated ports and/or channels of a second associated apparatus for effecting communication therebetween;
switch policy means responsive to the port and/or channel security label assignments from said label assignor means, and port and/or channel interconnections requested by said programmable configuration generator, for both permitting only those ports and/or channels meeting both hierarchical and non-hierarchical label based mandatory access control requirements to be retained in the requested interconnection, and notifying said configuration generator means of the ports and/or channels denied interconnection; and
switching means responsive to said switch policy means for interconnecting only those ports and/or channels meeting both hierarchical and non-hierarchical label based mandatory access control requirements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for providing multiple single levels of security (MSLS) for associated apparatus, each of said associated apparatus including a respective plurality of ports and/or channels, said method comprising the steps of:
-
assigning security labels to respective ones of said plurality of ports and/or channels of said associated apparatus;
requesting the interconnection of selected ones of said plurality of ports and/or channels of said associated apparatus;
determining which of the selected ones of said plurality of ports and/or channels have compatible security labels; and
interconnecting only those ports and/or channels determined to have compatible security labels;
wherein said determining and interconnecting steps in combination provide for enforcing a hierarchical and non-hierarchical, label-based mandatory access control (MAC) policy for MSLS. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification