MULTIPLE INDEPENDENT LEVELS OF SECURITY CONTAINING MULTI-LEVEL SECURITY INTERFACE

US 20090319787A1
Filed: 06/12/2008
Published: 12/24/2009
Est. Priority Date: 06/12/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:

receiving a flame from an external stack at the middleware partition, the frame destined for an internal stack, said frame having an assigned security classification associated therewith;

determining the internal stack associated with the security classification assigned in the frame; and

routing the frame to the internal stack based on the security classification stored in the frame.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for enabling security in transferring data from a single level MILS partition to the multiple level LAN. When a frame is received from an external stack via a network interface card, the frame contains a security classification, which is compared to the security classifications assigned to a plurality of internal stacks. Once a match is obtained, the frame is forwarded to the internal stack corresponding to the security classification in the frame assigned by the external stack. When a frame is received from one of the plurality of internal stacks, no security classification exists within the frame. A determination of the security classification assigned to the internal stack, which is then written into a security label in the frame. Once the security label is attached to the frame, the frame is sent to the external stack via a network interface card.

Citations

17 Claims

1. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:
- receiving a flame from an external stack at the middleware partition, the frame destined for an internal stack, said frame having an assigned security classification associated therewith;
  
  determining the internal stack associated with the security classification assigned in the frame; and
  
  routing the frame to the internal stack based on the security classification stored in the frame.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method in accordance with claim 1, further comprising coupling the second stack to the middleware partition via a real time operating system kernel.
  - 3. A method in accordance with claim 1, further comprising coupling the external stack to the middleware partition via a network interface card.
  - 4. A method in accordance with claim 3, further comprising coupling the network interface card to at least one of a private network, an Ethernet, a wide area network, a local area network, and the Internet.
  - 5. A method in accordance with claim 1, wherein said middleware partition is further programmed to:
    - increment a counter associated with said external stack, wherein the counter is stored in shared memory.

6. A computer-implemented method for providing multi-level security at a middleware partition, the method comprising:
- receiving a frame from an internal stack at the middleware partition, the frame destined for an external stack, said frame not having a security associated therewith;
  
  determining the security classification based on the internal stack associated with the received frame;
  
  writing a security label based on the determined security classification into the frame; and
  
  routing the frame to the external stack based on information stored in the frame.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method in accordance with claim 6, further comprising coupling the internal stack to the middleware partition via a real time operating system kernel.
  - 8. A method in accordance with claim 6, further comprising coupling the external stack to the middleware partition via a network interface card.
  - 9. A method in accordance with claim 8, further comprising coupling the network interface card to at least one of a private network, an Ethernet, a wide area network, a local area network, and the Internet.
  - 10. A method in accordance with claim 6, wherein said middleware partition is further programmed to:
    - increment a counter associated with said internal stack, wherein the counter is stored in shared memory.

11. A multi level security system, the system comprising:
- a network interface card;
  
  a plurality of internal stacks;
  
  a memory area comprising a plurality security classifications associated with cache of a plurality of internal stacks stored therein; and
  
  a middleware partition, said network interface card, said plurality of internal stacks and said memory area coupled to said middleware partition, said middleware partition programmed to;
  
  receive a frame from an internal stack of said plurality of internal stacks, said frame destined for an external stack coupled to said network interface card, the frame having a identifier associated with the external stack therewith, the frame not having a security classification associated therewith;
  
  determine the security classification associated with the internal stack sending the frame;
  
  write a security label including the determined security classification associated with the internal stack into the frame; and
  
  route the flame to the second stack of said plurality of stacks.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. A system in accordance with claim 11, wherein the external stack is coupled to said network interface card.
  - 13. A system in accordance with claim 11, further comprising coupling the network interface card to at least one of a private network, an Ethernet, a wide area network, a local area network, and the Internet.
  - 14. A system in accordance with claim 11, wherein said middleware partition is further programmed to;
    - increment a counter associated with said internal stack. wherein the counter is stored in shared memory.
  - 15. A system in accordance with claim 11, further comprising coupling the internal stack to the middleware partition via a real time operating system kernel.
  - 16. A system in accordance with claim 11, further comprising coupling the external stack to the middleware partition via a network interface card.
  - 17. A system in accordance with claim 11, further comprising coupling the network interface card to at least one of a private network, an Ethernet, a wide area network, a local area network, and the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Price, Darrel J.

Granted Patent

US 8,132,004 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

H04L 63/105 Multiple levels of security

MULTIPLE INDEPENDENT LEVELS OF SECURITY CONTAINING MULTI-LEVEL SECURITY INTERFACE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

MULTIPLE INDEPENDENT LEVELS OF SECURITY CONTAINING MULTI-LEVEL SECURITY INTERFACE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links