MLWEB: A MULTILEVEL WEB APPLICATION FRAMEWORK
First Claim
1. A method of transferring data from a server via a web application, comprising the steps of:
- receiving a request from a user operating on a network in a disparate security domain for data on a multilevel data store;
generating a labeled view of the data requested from the multilevel data store, wherein the label-data relationship can be trusted at a level commensurate to the trust level of the OS;
determining if the data is authorized by a security policy with a policy design engine; and
transmitting the data to the user if the data is authorized.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of transferring data from a server via a web application by receiving a request from a user operating in a disparate security domain for data on a data store. Generating a labeled view of the data requested from the data store, wherein the label-data relationship can be trusted at a level commensurate to the trust level of the operating system. Next, determining if the data is authorized by a security policy with a policy design engine; and then transmitting the data to the user if the data is authorized. Data can also be transferred by receiving a data flow from the user for writing to the data store. Next, the data flow can be inspected for disallowed content, and a determination is made if the data flow is authorized. If the data flow is authorized, mediating the data flow between the user and the data store with a trusted monitor.
41 Citations
3 Claims
-
1. A method of transferring data from a server via a web application, comprising the steps of:
-
receiving a request from a user operating on a network in a disparate security domain for data on a multilevel data store; generating a labeled view of the data requested from the multilevel data store, wherein the label-data relationship can be trusted at a level commensurate to the trust level of the OS; determining if the data is authorized by a security policy with a policy design engine; and transmitting the data to the user if the data is authorized. - View Dependent Claims (2)
-
-
3. A cross domain system, comprising:
-
a plurality of connections to users on networks in disparate security domains; a content server configured to extend multilevel web services to the users; a trusted monitor component configured to mediate all information flows that occur between the users and the cross domain solutions; a multilevel data store configured to read and write data from the users depending on a determination by a policy decision engine on whether the given data is authorized by a security policy.
-
Specification
-
- Resources
-
Application NumberUS13/251,158Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/1CPC Class CodesG06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/102 Entity profiles
