Multi-level secure (MLS) information network
First Claim
1. A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for an information network that features multi-level security (MLS) and relies on a kernel that defines memory partitions, the method comprising:
- operating a transport guard within a given partition logically between a protected application running within the partition, and a networking stack of the network;
providing a network security manager for supplying configuration data corresponding to the network security policy for the protected application running in each partition in which a transport guard is operating;
defining ports for each transport guard including (i) an application port for forwarding data to and receiving data from the protected application running in the partition in which the transport guard is operating, (ii) a data port for receiving data addressed to the protected application from the networking stack, and for sending data originating from the protected application to the networking stack, and (iii) a control port for receiving configuration data supplied by the network security manager, wherein the configuration data corresponds to the MAC, the DAC and the integrity control specified by the network security policy for the protected application;
configuring each transport guard during an initialization state according to the configuration data supplied to the guard from the network security manager;
first determining, during a control access state following the initialization state, if first data received at the data port of each transport guard originates from a subject or user that is allowed access to the protected application running in the partition in which the transport guard is operating according to the configuration data supplied to the transport guard during the initialization state, and forwarding the first data for delivery to the application port only after a positive determination; and
second determining, during the control access state, if second data received at the application port of each transport guard is destined to a subject or user that is allowed access to the protected application according to the configuration data supplied to the transport guard during the initialization state, and forwarding the second data for delivery to the data port only after a positive determination.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for a secure information network, includes operating a transport guard within a memory partition logically between a protected application running in the partition and a networking stack, and defining ports for the transport guard including (i) an application port for forwarding data to and receiving data from the application, (ii) a data port for receiving data addressed to the application from the networking stack, and for sending data originating from the application to the stack, and (iii) a control port for supplying configuration data to the transport guard. The configuration data corresponds to MAC, DAC and integrity control policies specified by the network for the protected application. The transport guard limits data flow between its protected application and the data ports accordingly.
157 Citations
16 Claims
-
1. A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for an information network that features multi-level security (MLS) and relies on a kernel that defines memory partitions, the method comprising:
-
operating a transport guard within a given partition logically between a protected application running within the partition, and a networking stack of the network; providing a network security manager for supplying configuration data corresponding to the network security policy for the protected application running in each partition in which a transport guard is operating; defining ports for each transport guard including (i) an application port for forwarding data to and receiving data from the protected application running in the partition in which the transport guard is operating, (ii) a data port for receiving data addressed to the protected application from the networking stack, and for sending data originating from the protected application to the networking stack, and (iii) a control port for receiving configuration data supplied by the network security manager, wherein the configuration data corresponds to the MAC, the DAC and the integrity control specified by the network security policy for the protected application; configuring each transport guard during an initialization state according to the configuration data supplied to the guard from the network security manager; first determining, during a control access state following the initialization state, if first data received at the data port of each transport guard originates from a subject or user that is allowed access to the protected application running in the partition in which the transport guard is operating according to the configuration data supplied to the transport guard during the initialization state, and forwarding the first data for delivery to the application port only after a positive determination; and second determining, during the control access state, if second data received at the application port of each transport guard is destined to a subject or user that is allowed access to the protected application according to the configuration data supplied to the transport guard during the initialization state, and forwarding the second data for delivery to the data port only after a positive determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification