Integrity mechanism for data transfer in a windowing system

US 5,590,266 A
Filed: 10/11/1994
Issued: 12/31/1996
Est. Priority Date: 10/11/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A regrading selection mechanism for a secure windowing system comprising:

a plurality of client programs running in separate window on said windowing system, each of said programs displaying data within its window;

a client called a Selection Manager for cutting and pasting operations to transfer data from one client program window to another client program window, the Selection Manager meeting Compartmented Mode Workstations (CMW) requirements and sending events to applications to notify the application of any changes in state, said Selection Manager manipulating ownership and other security properties of data being transferred to allow a controlled verifiable data transfer to take place;

wherein the windowing system uses dummy window identifications (IDs) in communicating to a lower level process during a Mandatory Access Control (MAC) upgrade operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure process for untrusted windowing system client programs to transfer data between security domains is mediated by a special trusted client program, the Selection Manager. The mechanism used can be configured to meet the Compartmented Mode Workstation (CMW) requirements capability for regrading cut and paste operations. To meet the CMW cut and paste requirements and to prevent the regrading selection mechanism from acting as a covert channel, the regrading selection mechanism uses dummy window IDs in communicating to the lower level process during a Mandatory Access Control (MAC) upgrade operation, and for all regrading operations, an event is sent to the Selection Manager that causes the Selection Manager to put up a pop-up requesting user confirmation before the transfer is allowed to proceed. This selection mechanism supports configurable regrading selection operations for cutting and pasting (MAC upgrading for all users, MAC downgrading for privileged users, and information label upgrading and downgrading for all users).

Citations

8 Claims

1. A regrading selection mechanism for a secure windowing system comprising:
- a plurality of client programs running in separate window on said windowing system, each of said programs displaying data within its window;
  
  a client called a Selection Manager for cutting and pasting operations to transfer data from one client program window to another client program window, the Selection Manager meeting Compartmented Mode Workstations (CMW) requirements and sending events to applications to notify the application of any changes in state, said Selection Manager manipulating ownership and other security properties of data being transferred to allow a controlled verifiable data transfer to take place;
  
  wherein the windowing system uses dummy window identifications (IDs) in communicating to a lower level process during a Mandatory Access Control (MAC) upgrade operation.
- View Dependent Claims (2)
- - 2. The regrading selection mechanism recited in claim 1 wherein, for all regrading operations, the windowing system will, before a selection has been transferred, send an event to the Selection Manager that causes the Selection Manager to put up a pop-up requesting user confirmation before the transfer is allowed to proceed.

3. A method for secure transfer of data having security attributes in a secure windowing system comprising the steps of:
- receiving by the windowing system a request for a data transfer from a requester having a predefined security level for access to data; and
  
  creating by a client program called a Selection Manager running on said windowing system a special window and property which inherit a selection owner'"'"'s security attributes, said special window being made available to the selection owner so that window and property identifications (IDs) that were specified by the requester are concealed from the selection owner preventing the owner of the selection from obtaining any security relevant information about the requester when the requester is communicating with a lower level process on a Mandatory Access Control (MAC) upgrade.
- View Dependent Claims (4, 5, 6)
- - 4. The secure data transfer method recited in claim 3, further comprising the steps of:
    - transferring by the selection owner the selection data to the Selection Manager, the Selection Manager becoming the owner of the data and having exclusive rights to it until the transfer is completed; and
      
      providing a user interface that allows a logged in user to examine the data being transferred from the selection owner to the selection requester and, for regrading operations, requests user confirmation before the data transfer is allowed to proceed.
  - 5. The secure data transfer method recited in claim 4, further comprising the step of generating audit events when operations involving the use of MAC downgrading is attempted and also when security violations involving data transfers and reclassifications are committed.
  - 6. The secure data transfer method recited in claim 5, further comprising the step of providing a selection mechanism having sufficient privilege to override discretionary access control (DAC) write access restrictions on the requester'"'"'s window and property.

7. A method of secure transfer of data having security attributes in a secure windowing system between a Selection Requester and a Selection Owner comprising the steps of:
- issuing by the Selection Requester request which is forwarded to a client called a Selection Manager running the windowing system;
  
  displaying by the Selection Manager Mandatory Access Control (MAC) and Discretionary Access Control (DAC) dialogs;
  
  creating by the Selection Manager a property on its own window that the owner of the selection can later post the selection on and then generating a selection request and sending the selection request to the selection owner as the originally intended recipient;
  
  in response to the selection request, posting by the selection owner the selection data on the Selection Manager'"'"'s property and issuing a selection notify event to the Selection Manager;
  
  allowing the user to examine the data being passed from the Selection Owner to the Selection Requester so that the user can permit the request to pass unmodified, cancel the request or down grade the data being transferred;
  
  generating an audit event in the event of a cancellation of the request by the user;
  
  transferring by the Selection Manager the selection data from its own window/property to the selection requester'"'"'s window/property and issuing a notification to the requester of the selection'"'"'s availability on the property;
  
  reading by the Selection Requester the data and then issuing a notification to the Selection Manager; and
  
  notifying the owner by the Selection Manager of the completion of the data transfer.
- View Dependent Claims (8)
- - 8. The secure data transfer method recited in claim 7 wherein said step of transferring by the Selection Manager is performed incrementally, further comprising the step of prompting the user to specify whether each transfer is to be separately labeled.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Carson, Mark E., Ranganathan, Mudumbai, Cugini, Janet A., Asad, Khalid A.
Primary Examiner(s)
Tung, Kee M.
Assistant Examiner(s)
Breene, John E.

Application Number

US08/321,644
Time in Patent Office

812 Days
Field of Search

395/155-161, 395/700
US Class Current

715/741
CPC Class Codes

G06F 21/556 involving covert channels, ...

G06F 2221/2105 Dual mode as a secondary as...

Integrity mechanism for data transfer in a windowing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Integrity mechanism for data transfer in a windowing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links