Method and apparatus for executing web services through a high assurance guard
First Claim
1. A method of transmitting information from a source security domain associated with a first security classification to one of a plurality of destination security domains associated with a second security classification, comprising the steps of:
- transmitting a target service request having routing information from the source security domain to a source one-way high assurance guard (HAG) service;
inspecting the target service request in the source one-way HAG service to determine if the target service request violates at least one rule governing communications transmitted from the first security domain;
transmitting the target service request to a destination one-way HAG service in the destination security domain via a one-way HAG according to the routing information if the target service request does not violate the at least one rule and discarding the second target service request if the target service request violates the at least one rule; and
providing the target service request to the target service.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with an embodiment, a method of executing web services through a high assurance guard includes transmitting a target service request having routing information from the source security domain to a source one-way high assurance guard (HAG) service, inspecting the target service request in the source one-way HAG service to determine if the target service request violates at least one rule governing communications transmitted from the first security domain, transmitting the target service request to a destination one-way HAG service in the destination security domain via a one-way HAG according to the routing information if the target service request does not violate the at least one rule and discarding the second target service request if the target service request violates the at least one rule, and providing the target service request to the target service.
-
Citations
22 Claims
-
1. A method of transmitting information from a source security domain associated with a first security classification to one of a plurality of destination security domains associated with a second security classification, comprising the steps of:
-
transmitting a target service request having routing information from the source security domain to a source one-way high assurance guard (HAG) service; inspecting the target service request in the source one-way HAG service to determine if the target service request violates at least one rule governing communications transmitted from the first security domain; transmitting the target service request to a destination one-way HAG service in the destination security domain via a one-way HAG according to the routing information if the target service request does not violate the at least one rule and discarding the second target service request if the target service request violates the at least one rule; and providing the target service request to the target service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for transmitting a target service request to a target service, comprising:
-
a source security domain, associated with a first security classification, the source security domain including source one-way high assurance guard (HAG) service; a destination security domain, associated with a second security classification, the destination security domain including a destination one-way HAG service; and a one-way HAG, communicatively coupling the source security domain and the destination security domain via the source one-way HAG and the destination one-way HAG; wherein the source one-way HAG service accepts a target service request, inspects the target service request to determine if the target service request violates at least one rule governing communications transmitted from the source security domain, transmits the target service request to the destination one-way HAG service via the one-way HAG only if the target service request does not violate the at least one rule and discards the target service request if the target service request violates the at least one rule; and wherein the destination one-way HAG service provides the target service request to the target service. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method of transmitting information between a source security domain associated with a first security classification to one of a plurality of destination security domains associated with a second security classification, comprising the steps of:
-
transmitting a target service request from a client to a source two-way high assurance guard (HAG) service; generating a unique token from the target service request, the token associating the target service request with the client; transmitting the target service request and the token to a destination two-way HAG service via a first source one-way HAG service, a HAG and a first destination one-way HAG service; executing the target service request to produce response data; transmitting the response data and the token from the destination two-way HAG service to the source two-way HAG service via a second destination one-way HAG service, a second HAG, and a second source one-way HAG service; and delivering the response data to the client. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. An apparatus for transmitting a target service request to a target service and receiving a response therefrom, comprising
a source security domain associated with a first security classification, the source security domain including a source two-way high assurance guard (HAG) service communicating with a first source one-way HAG service and a second source one-way HAG service; -
a destination security domain associated with a second security classification, the destination security domain comprising a destination two-way HAG service communicating with a first destination one-way HAG service and a second destination one-way HAG service; a first HAG, communicatively coupling the first source one-way HAG service and the first destination one-way HAG service; and a second HAG, communicatively coupling the second destination one-way HAG service and the second source one-way HAG service; wherein the source two-way HAG service accepts the target service request from a client, generates a unique token from the target service request, the token associating the target service request with the client, and transmits the target service request and the token to the destination two-way HAG service via the first source one-way HAG service, the HAG and the first destination one-way HAG; wherein the target service executes the target service request to produce response data; and wherein the destination two-way HAG service receives the response data and transmits the response data and the token from the destination two-way HAG service to the source two-way HAG service via the second destination one-way HAG, the second HAG and the second source one-way HAG service to deliver the response data to the client. - View Dependent Claims (20, 21, 22)
-
Specification