MULTIPLE INDEPENDENT LEVELS OF SECURITY CONTAINING MULTI-LEVEL SECURITY INTERFACE
First Claim
1. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:
- receiving a flame from an external stack at the middleware partition, the frame destined for an internal stack, said frame having an assigned security classification associated therewith;
determining the internal stack associated with the security classification assigned in the frame; and
routing the frame to the internal stack based on the security classification stored in the frame.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for enabling security in transferring data from a single level MILS partition to the multiple level LAN. When a frame is received from an external stack via a network interface card, the frame contains a security classification, which is compared to the security classifications assigned to a plurality of internal stacks. Once a match is obtained, the frame is forwarded to the internal stack corresponding to the security classification in the frame assigned by the external stack. When a frame is received from one of the plurality of internal stacks, no security classification exists within the frame. A determination of the security classification assigned to the internal stack, which is then written into a security label in the frame. Once the security label is attached to the frame, the frame is sent to the external stack via a network interface card.
-
Citations
17 Claims
-
1. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:
-
receiving a flame from an external stack at the middleware partition, the frame destined for an internal stack, said frame having an assigned security classification associated therewith; determining the internal stack associated with the security classification assigned in the frame; and routing the frame to the internal stack based on the security classification stored in the frame. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:
-
receiving a frame from an internal stack at the middleware partition, the frame destined for an external stack, said frame not having a security associated therewith; determining the security classification based on the internal stack associated with the received frame; writing a security label based on the determined security classification into the frame; and routing the frame to the external stack based on information stored in the frame. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A multi level security system, the system comprising:
-
a network interface card; a plurality of internal stacks; a memory area comprising a plurality security classifications associated with cache of a plurality of internal stacks stored therein; and a middleware partition, said network interface card, said plurality of internal stacks and said memory area coupled to said middleware partition, said middleware partition programmed to; receive a frame from an internal stack of said plurality of internal stacks, said frame destined for an external stack coupled to said network interface card, the frame having a identifier associated with the external stack therewith, the frame not having a security classification associated therewith; determine the security classification associated with the internal stack sending the frame; write a security label including the determined security classification associated with the internal stack into the frame; and route the flame to the second stack of said plurality of stacks. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification