Multilevel security attribute passing methods, apparatuses, and computer program products in a stream
First Claim
1. A security attribute system comprising:
- a communication stream endpoint structure having an endpoint pointer;
a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;
a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and
a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer of said security attribute transmission structure being configured to point to said first credentials structure.
2 Assignments
0 Petitions
Accused Products
Abstract
A multilevel security attribute passing system on a computer operating under a multilevel operating system engaged in stream communications and enabling contemporaneously opening a plurality of sockets having the same port number while meeting the requirements of a predetermined security policy. The security attributes of received data are copied into a credentials structure identified by a pointer in an attribute structure. The security of a data node configured for data stream communication is specified by storing the security attributes of transferred data into a selected data structure and then pointing to the selected data structure with intervening transmission and attribute structures.
-
Citations
14 Claims
-
1. A security attribute system comprising:
-
a communication stream endpoint structure having an endpoint pointer;
a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;
a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and
a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer of said security attribute transmission structure being configured to point to said first credentials structure. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11)
copying the security information from the received data into the credentials structure;
setting up said stream attribute structure to point to said credentials structure; and
setting said first pointer to point to said stream attribute structure.
-
-
9. The method as recited in claim 8, wherein the data is a data packet.
-
10. The method as recited in claim 8, wherein said stream attribute structure includes a stream process identifier.
-
11. The method as recited in claim 8, wherein said stream attribute structure includes a network session ID.
-
7. A system for associating security attribute with selected data to be transmitted, comprising;
-
a data structure associated with data to be transmitted, said data structure having a first pointer;
a stream attribute structure having a stream attribute pointer, said first pointer configured to point at said stream attribute structure, and a credentials structure configured for storing security attribute information associated with a stream process, said stream attribute pointer being configured to point at said credentials structure.
-
-
12. A method of specifying security information associated with a communication stream, comprising:
-
storing security attributes of data being transmitted in the communication stream into a selected data structure;
establishing a transmission structure for containing at least a single pointer to said selected data structure for storing said security attributes; and
setting a pointer from a stream data block associated with the data to said transmission structure such that the data transmitted in said communication stream is associated with said security attributes.
-
-
13. A computer program product comprising a computer useable medium storing thereon computer readable instructions, comprising:
-
computer readable code for constructing a data structure associated with data to be transmitted, said data structure having a first pointer;
computer readable code for constructing a stream attribute structure having a stream attribute pointer, said first pointer configured to point at said stream attribute structure; and
computer readable code for constructing a credentials structure adapted for storing security attribute information associated with a stream process, said stream attribute pointer being configured to point at said credentials structure.
-
-
14. A computer program product comprising a computer readable medium storing thereon computer readable instructions comprising:
-
computer readable code for constructing a communication stream endpoint structure having an endpoint pointer;
computer readable code for constructing a stream attribute structure having a stream attribute pointer, said endpoint pointer configured to point at said stream attribute structure;
computer readable code for constructing a security attribute transmission structure having a first pointer, said stream attribute pointer being configured to point at said security attribute transmission structure; and
computer readable code for constructing a first credentials structure configured for storing security attribute information associated with a stream process, said first pointer being configured to point to said first credentials structure.
-
Specification