Trusted gateway agent for web server programs

US 5,903,732 A
Filed: 07/03/1996
Issued: 05/11/1999
Est. Priority Date: 07/03/1996
Status: Expired due to Term

First Claim

Patent Images

1. A computer based secure Web platform (SWP) implementing a mandatory access control policy to enable a plurality of remote users operating Web browsers communicating HyperText Transfer Protocol (HTTP) data streams over the Internet access to CGI applications without compromising the security of the SWP, comprising:

a computer having a compartmentalized process and file structure separated in accordance with a mandatory access control policy into an outside compartment containing a Web server implementing HTTP to interface the SWP with the Internet and an inside compartment containing a plurality of CGI applications; and

a trusted gateway agent program for communicating between the outside compartment and the inside compartment;

the trusted gateway program further comprising a gateway client program located in the outside compartment having a plurality of outside CGI links to CGI applications that are visible to the outside Web server and a gateway server program located in the inside compartment, wherein the outside CGI links are visible to the Web server and upon execution of an outside CGI link, a network link is opened to the gateway server program which invokes the corresponding CGI application, wherein the gateway server program creates a new process and invokes the corresponding CGI application and connects the HTTP data stream between the CGI application and the gateway client, and wherein the CGI application employs the HTTP data stream to communicate through the gateway server program and gateway client program to the Web browser.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a secure Web platform (SWP) implementing a mandatory access control policy to enable a plurality of remote users operating Web browsers Internet access to CGI applications in response to HyperText Transfer Protocol (HTTP) requests. The SWP employs a computer having a compartmentalized process and file structure separated in accordance with a mandatory access control policy into an outside compartment comprising a Web server having a root directory chrooted to a directory tree containing only the minimal set of files required to interface the SWP with the Internet, and an inside compartment comprising a plurality of CGI applications having root directories chrooted to a directory separate from the Web server such that the Web server cannot communicate directly with the CGI applications, and a trusted gateway agent for communicating between the Web server and the CGI applications.

380 Citations

21 Claims

1. A computer based secure Web platform (SWP) implementing a mandatory access control policy to enable a plurality of remote users operating Web browsers communicating HyperText Transfer Protocol (HTTP) data streams over the Internet access to CGI applications without compromising the security of the SWP, comprising:
- a computer having a compartmentalized process and file structure separated in accordance with a mandatory access control policy into an outside compartment containing a Web server implementing HTTP to interface the SWP with the Internet and an inside compartment containing a plurality of CGI applications; and
  
  a trusted gateway agent program for communicating between the outside compartment and the inside compartment;
  
  the trusted gateway program further comprising a gateway client program located in the outside compartment having a plurality of outside CGI links to CGI applications that are visible to the outside Web server and a gateway server program located in the inside compartment, wherein the outside CGI links are visible to the Web server and upon execution of an outside CGI link, a network link is opened to the gateway server program which invokes the corresponding CGI application, wherein the gateway server program creates a new process and invokes the corresponding CGI application and connects the HTTP data stream between the CGI application and the gateway client, and wherein the CGI application employs the HTTP data stream to communicate through the gateway server program and gateway client program to the Web browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer based secure Web platform as claimed in claim 1, the Web server further comprising the method step of implementing the chroot command to change the root directory of the Web server to a directory tree containing only the minimum set of files required for the Web server to operate.
  - 3. The computer based secure Web platform (SWP) as claimed in claim 2, the mandatory access control policy further comprising a plurality of sensitivity labels, wherein a sensitivity label of System Outside is assigned to any SWP files to which the Web server requires write access, a sensitivity label of System is assigned to any SWP files to which the Web server program requires read-only access, and a sensitivity label of System Inside is assigned for those SWP files to which the Web server does not have any access.
  - 4. The computer based secure Web platform (SWP) as claimed in claim 1, the compartmentalized process and file structure further comprising the step of:
    - chrooting the CGI applications to run in an inside directory completely separate from the Web server.
  - 5. The computer based secure Web platform (SWP) as claimed in claim 4, the mandatory access control policy further comprising a plurality of sensitivity labels, wherein the CGI applications will run with an SL of System Inside for files requiring write access and an SL of System for those files requiring read-only access.
  - 6. The computer based secure Web platform (SWP) as claimed in claim 4, further comprising a CGI link identifier for each CGI application, and wherein, all of the outside CGI link directories point to the gateway client program and the CGI link identifier identifies the corresponding CGI application to execute.
  - 7. The computer based secure Web platform (SWP) as claimed in claim 1, wherein the Web server executes an outside CGI link identified by the URL of the HTTP request forwarded from the Web browser to establish communication between the gateway client program and the gateway server program, wherein, the gateway server program verifies the validity of the CGI application request, and if verified, the gateway server program invokes the actual CGI application and connects the HTTP data stream such that the inside CGI application may execute.
  - 8. The computer based secure Web platform as claimed in claim 7, the gateway server program being initialized directly at system boot time and enabled whenever the Web server is enabled, wherein the gateway server program listens for Internet protocol connection requests on the trusted gateway agent port specified by /etc/services file on the secure Web platform, and only accepts connections emanating from the same computer host, and only if the communication port of the connection request is in the privileged range.
  - 9. The computer based secure Web platform as claimed in claim 8, the gateway server program further comprising a configuration file (tcb/files/tgad.conf) read upon startup that specifies the attributes of the gateway server program (user ID, group ID, sensitivity label) as well as the set of CGI applications that may be run through the trusted gateway agent.
  - 10. The computer based secure Web platform as claimed in claim 9, further comprising a child process that is created by the gateway server program (via the fork(2) command) for executing the CGI application corresponding to each accepted connection.
  - 11. The computer based secure Web platform as claimed in claim 10, wherein, upon initialization, the gateway server program reads the gateway server configuration file(/tcb/files/tgad.conf) as well as the set of CGI applications that may be invoked by the gateway server program.
  - 12. The computer based secure Web platform as claimed in claim 9, wherein, the Web server invokes the netprivaddr privilege in order to bind to the reserved communication port (80 or 443) for HTTP requests, and wherein the gateway server program also requires netprivaddr privilege to bind to a reserved port, and wherein the gateway client program must have the netprivaddr privilege to initiate a connection on a reserved port which is required by the gateway server program.
  - 13. The computer based secure Web platform as claimed in claim 12, wherein the CGI applications inherit, through the gateway client and the gateway server, the environment variables, command line, and stand I/O file descriptors passed to it by Web server.
  - 14. The computer based secure Web platform as claimed in claim 9, the gateway server checking the cryptographic checksum of the CGI application executable file against a cryptographically strong checksum stored in the configuration file, and if the checksum do not match, the request is rejected.

15. A method for implementing a mandatory access control policy on a computer based secure web platform (SWP) having a compartmentalized process and file structure separated in accordance with a mandatory access control policy enabling a plurality of remote users operating Web browsers communicating HyperText Transfer Protocol (HTTP) data streams over the Internet access to CGI applications without compromising the security of the SWP, comprising the method steps of:
- separating the file structure of a computer into an outside compartment containing a Web server implementing HTTP to interface the SWP with the Internet and an inside compartment containing a plurality of CGI applications, andcommunicating between the outside compartment and the inside compartment with a trusted gateway agent program having a gateway client program located in the outside compartment with a plurality of outside CGI links to CGI applications that are visible to the outside Web server and a gateway server program located in the inside compartment,chrooting the root directory of the Web server to a directory tree containing only the minimum set of files required for the Web server to operate,assigning an a link identifier to the CGI applications such that all of the outside CGI link directories point to the gateway client program and the link identifier identifies the corresponding CGI application to execute,invoking the trusted gateway agent to communicate between the outside compartment and the inside compartment,verifying the validity of the HTTP request from the Web server to execute a CGI application,establishing a connection between the gateway client program and the gateway server program,transferring gateway client program environment and argument vectors to gateway server program,verifying the validity of the CGI request,chrooting the CGI applications to run in an inside directory completely separate from the Web server,invoking the CGI application and connecting the HTTP data stream if the CGI request is valid.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) as claimed in claim 15, further comprising the step of assigning sensitivity labels in accordance with a mandatory access policy the mandatory access control policy, wherein a sensitivity label of System Outside is assigned to any SWP files to which the Web server requires write access, a sensitivity label of System is assigned to any SWP files to which the Web server program requires read-only access, and a sensitivity label of System Inside is assigned for those SWP files to which the Web server does not have any access.
  - 17. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) in accordance with claim 15, the step of assigning sensitivity labels further comprises the step of assigning the CGI applications a SL of System Inside for files requiring write access and an SL of System for those files requiring read-only access.
  - 18. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) in accordance with claim 15, the step of invoking the trusted gateway agent, further comprising the execution of an outside CGI link such that a network link is opened to the gateway server program.
  - 19. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) in accordance with claim 18, the step of verifying the validity of the HTTP request further comprises the step of checking for the netprivaddr privilege as the such privilege is required to bind to the local HTTP port.
  - 20. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) in accordance with claim 19, the step of verifying the validity of the CGI request further comprises the step of comparing the trusted gateway agent configuration file to determine if the gateway client program name is a valid request, and if so, what program to execute and with what attributes.
  - 21. The method for implementing a mandatory access control policy on a computer based secure web platform (SWP) in accordance with claim 20, the step of invoking the CGI application and connecting the HTTP data stream further comprising the step of striping the environment of all variables that are not specified by the CGI protocol if the CGI request is valid,which then invokes the corresponding CGI application, and the gateway server program further comprising the step of creating a new process and invoking the corresponding CGI application and connects the HTTP data stream between the CGI application and the gateway client, and wherein the CGI application employs the HTTP data stream to communicate through the gateway

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Watt, Charles, Jacobs, William Reese, Reed, Mark Joseph, Arnovitz, David A.
Primary Examiner(s)
Rinehart, Mark H.

Application Number

US08/675,132
Time in Patent Office

1,042 Days
Field of Search

395/200.55, 395/200.59, 395/200.47, 395/200.48, 395/200.49, 395/200.33, 395/200.32, 395/186, 395/187.01, 395/188.01, 340/825.34, 380/25, 380/49
US Class Current

709/229
CPC Class Codes

H04L 63/102   Entity profiles

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 9/40   Network security protocols

Trusted gateway agent for web server programs

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

380 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted gateway agent for web server programs

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

380 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links