Associating Security Information with Information Objects
First Claim
1. A method, in a data processing system, for authorizing information flows between devices of the data processing system, the method comprising:
- generating a hash key based on an information object;
performing a lookup operation in a hash table based on the hash key;
determining if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object;
storing a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table; and
authorizing information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table.
0 Assignments
0 Petitions
Accused Products
Abstract
A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.
-
Citations
38 Claims
-
1. A method, in a data processing system, for authorizing information flows between devices of the data processing system, the method comprising:
-
generating a hash key based on an information object; performing a lookup operation in a hash table based on the hash key; determining if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object; storing a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table; and authorizing information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table. - View Dependent Claims (2, 5, 6, 7, 8, 10, 11, 12, 13)
-
-
3. (canceled)
-
4. (canceled)
-
9. (canceled)
-
14. A computer program product comprising a computer usable medium including a computer readable program, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
generate a hash key based on an information object; perform a lookup operation in a hash table based on the hash key; determine if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object; store a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table; and authorize information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
15. (canceled)
-
16. (canceled)
-
17. (canceled)
-
24. (canceled)
-
25. (canceled)
-
26. (canceled)
-
27. An apparatus for authorizing information flows between devices of the data processing system, the method comprising:
-
an information flow mediator; and a labelset storage device coupled to the information flow mediator, wherein the information flow mediator; generates a hash key based on an information object, performs a lookup operation in a hash table stored in the labelset storage device based on the hash key, determines if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object, stores a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table, and authorizes information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table. - View Dependent Claims (28, 31, 32, 33, 34)
-
-
29. (canceled)
-
30. (canceled)
-
35. (canceled)
-
36. A data processing system for authorizing information flows between devices, comprising:
-
first computing device in a first partition of the data processing system, wherein the first computing device has a source element for communicating information to a target element; a second computing device in a second partition of the data processing system, wherein the second computing device has the target element; and a reference monitor, coupled to the first computing device and the second computing device, that monitors information flows between the first partition and the second partition, wherein the reference monitor; generates a hash key based on an information object, performs a lookup operation in a hash table based on the hash key, determines if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object, stores a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table, and authorizes information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table.
-
-
37. (canceled)
-
38. A computing device, comprising:
-
a processor; and a memory, wherein the memory contains instructions which, when executed by the processor, cause the processor to; generate a hash key based on an information object; perform a lookup operation in a hash table based on the hash key; determine if an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object; store a labelset, identifying a sensitivity of the information object, in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table; and authorize information flows involving the information object based on a lookup of the labelset associated with the information object in the hash table.
-
Specification