Multilevel security attribute passing methods, apparatuses, and computer program products in a stream

US 6,292,900 B1
Filed: 11/30/1998
Issued: 09/18/2001
Est. Priority Date: 12/18/1996
Status: Expired due to Term

First Claim

Patent Images

1. A security attribute system comprising:

a communication stream endpoint structure having an endpoint pointer;

a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;

a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and

a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer of said security attribute transmission structure being configured to point to said first credentials structure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multilevel security attribute passing system on a computer operating under a multilevel operating system engaged in stream communications and enabling contemporaneously opening a plurality of sockets having the same port number while meeting the requirements of a predetermined security policy. The security attributes of received data are copied into a credentials structure identified by a pointer in an attribute structure. The security of a data node configured for data stream communication is specified by storing the security attributes of transferred data into a selected data structure and then pointing to the selected data structure with intervening transmission and attribute structures.

Citations

14 Claims

1. A security attribute system comprising:
- a communication stream endpoint structure having an endpoint pointer;
  
  a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;
  
  a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and
  
  a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer of said security attribute transmission structure being configured to point to said first credentials structure.
- View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11)
- - 2. The security attribute system according to claim 1 wherein said security attribute transmission structure further includes a second pointer being configured to point to a second credentials structure.
  - 3. The security attribute system according to claim 2 said second credentials structure having security attributes for a byte received during stream communication.
  - 4. The security attribute system according to claim 1 wherein said first credentials structure includes security attributes for a byte sent during stream communication.
  - 5. The security attribute system according to claim 1 wherein said first credentials structure includes security attributes for a byte sent during stream communication and wherein the security attribute transmission structure further includes a second pointer being configured to point to a second credentials structure that includes security attributes for a byte received during stream communication.
  - 6. The security attribute system according to claim 1 wherein said security attribute transmission structure includes a next pointer being configured to point to a second security attribute transmission structure.
  - 8. A method of receiving data having security information in the system of claim 6, comprising:
9. The method as recited in claim 8, wherein the data is a data packet.
10. The method as recited in claim 8, wherein said stream attribute structure includes a stream process identifier.
11. The method as recited in claim 8, wherein said stream attribute structure includes a network session ID.

7. A system for associating security attribute with selected data to be transmitted, comprising;
- a data structure associated with data to be transmitted, said data structure having a first pointer;
  
  a stream attribute structure having a stream attribute pointer, said first pointer configured to point at said stream attribute structure, and a credentials structure configured for storing security attribute information associated with a stream process, said stream attribute pointer being configured to point at said credentials structure.

12. A method of specifying security information associated with a communication stream, comprising:
- storing security attributes of data being transmitted in the communication stream into a selected data structure;
  
  establishing a transmission structure for containing at least a single pointer to said selected data structure for storing said security attributes; and
  
  setting a pointer from a stream data block associated with the data to said transmission structure such that the data transmitted in said communication stream is associated with said security attributes.

13. A computer program product comprising a computer useable medium storing thereon computer readable instructions, comprising:
- computer readable code for constructing a data structure associated with data to be transmitted, said data structure having a first pointer;
  
  computer readable code for constructing a stream attribute structure having a stream attribute pointer, said first pointer configured to point at said stream attribute structure; and
  
  computer readable code for constructing a credentials structure adapted for storing security attribute information associated with a stream process, said stream attribute pointer being configured to point at said credentials structure.

14. A computer program product comprising a computer readable medium storing thereon computer readable instructions comprising:
- computer readable code for constructing a communication stream endpoint structure having an endpoint pointer;
  
  computer readable code for constructing a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;
  
  computer readable code for constructing a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and
  
  computer readable code for constructing a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer being configured to point to said first credentials structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Winiger, Gary W., Ngo, Teodora
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US09/203,010
Time in Patent Office

1,023 Days
Field of Search

713/200, 713/201, 713/202, 713/166, 713/150, 713/151, 713/152, 713/164, 709/229
US Class Current

726/6
CPC Class Codes

G06F 12/1491   in a hierarchical protectio...

G06F 21/00   Security arrangements for p...

G06F 2211/009   Trust

G06F 2221/2113   Multi-level security, e.g. ...

G06F 9/544   Buffers; Shared memory; Pipes

H04L 63/105   Multiple levels of security

Multilevel security attribute passing methods, apparatuses, and computer program products in a stream

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Multilevel security attribute passing methods, apparatuses, and computer program products in a stream

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links