Integrity mechanism for data transfer in a windowing system
First Claim
1. A regrading selection mechanism for a secure windowing system comprising:
- a plurality of client programs running in separate window on said windowing system, each of said programs displaying data within its window;
a client called a Selection Manager for cutting and pasting operations to transfer data from one client program window to another client program window, the Selection Manager meeting Compartmented Mode Workstations (CMW) requirements and sending events to applications to notify the application of any changes in state, said Selection Manager manipulating ownership and other security properties of data being transferred to allow a controlled verifiable data transfer to take place;
wherein the windowing system uses dummy window identifications (IDs) in communicating to a lower level process during a Mandatory Access Control (MAC) upgrade operation.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure process for untrusted windowing system client programs to transfer data between security domains is mediated by a special trusted client program, the Selection Manager. The mechanism used can be configured to meet the Compartmented Mode Workstation (CMW) requirements capability for regrading cut and paste operations. To meet the CMW cut and paste requirements and to prevent the regrading selection mechanism from acting as a covert channel, the regrading selection mechanism uses dummy window IDs in communicating to the lower level process during a Mandatory Access Control (MAC) upgrade operation, and for all regrading operations, an event is sent to the Selection Manager that causes the Selection Manager to put up a pop-up requesting user confirmation before the transfer is allowed to proceed. This selection mechanism supports configurable regrading selection operations for cutting and pasting (MAC upgrading for all users, MAC downgrading for privileged users, and information label upgrading and downgrading for all users).
-
Citations
8 Claims
-
1. A regrading selection mechanism for a secure windowing system comprising:
-
a plurality of client programs running in separate window on said windowing system, each of said programs displaying data within its window; a client called a Selection Manager for cutting and pasting operations to transfer data from one client program window to another client program window, the Selection Manager meeting Compartmented Mode Workstations (CMW) requirements and sending events to applications to notify the application of any changes in state, said Selection Manager manipulating ownership and other security properties of data being transferred to allow a controlled verifiable data transfer to take place; wherein the windowing system uses dummy window identifications (IDs) in communicating to a lower level process during a Mandatory Access Control (MAC) upgrade operation. - View Dependent Claims (2)
-
-
3. A method for secure transfer of data having security attributes in a secure windowing system comprising the steps of:
-
receiving by the windowing system a request for a data transfer from a requester having a predefined security level for access to data; and creating by a client program called a Selection Manager running on said windowing system a special window and property which inherit a selection owner'"'"'s security attributes, said special window being made available to the selection owner so that window and property identifications (IDs) that were specified by the requester are concealed from the selection owner preventing the owner of the selection from obtaining any security relevant information about the requester when the requester is communicating with a lower level process on a Mandatory Access Control (MAC) upgrade. - View Dependent Claims (4, 5, 6)
-
-
7. A method of secure transfer of data having security attributes in a secure windowing system between a Selection Requester and a Selection Owner comprising the steps of:
-
issuing by the Selection Requester request which is forwarded to a client called a Selection Manager running the windowing system; displaying by the Selection Manager Mandatory Access Control (MAC) and Discretionary Access Control (DAC) dialogs; creating by the Selection Manager a property on its own window that the owner of the selection can later post the selection on and then generating a selection request and sending the selection request to the selection owner as the originally intended recipient; in response to the selection request, posting by the selection owner the selection data on the Selection Manager'"'"'s property and issuing a selection notify event to the Selection Manager; allowing the user to examine the data being passed from the Selection Owner to the Selection Requester so that the user can permit the request to pass unmodified, cancel the request or down grade the data being transferred; generating an audit event in the event of a cancellation of the request by the user; transferring by the Selection Manager the selection data from its own window/property to the selection requester'"'"'s window/property and issuing a notification to the requester of the selection'"'"'s availability on the property; reading by the Selection Requester the data and then issuing a notification to the Selection Manager; and notifying the owner by the Selection Manager of the completion of the data transfer. - View Dependent Claims (8)
-
Specification