Multi-level secure (MLS) information network

US 7,676,673 B2
Filed: 04/28/2006
Issued: 03/09/2010
Est. Priority Date: 04/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for an information network that features multi-level security (MLS) and relies on a kernel that defines memory partitions, the method comprising:

operating a transport guard within a given partition logically between a protected application running within the partition, and a networking stack of the network;

providing a network security manager for supplying configuration data corresponding to the network security policy for the protected application running in each partition in which a transport guard is operating;

defining ports for each transport guard including (i) an application port for forwarding data to and receiving data from the protected application running in the partition in which the transport guard is operating, (ii) a data port for receiving data addressed to the protected application from the networking stack, and for sending data originating from the protected application to the networking stack, and (iii) a control port for receiving configuration data supplied by the network security manager, wherein the configuration data corresponds to the MAC, the DAC and the integrity control specified by the network security policy for the protected application;

configuring each transport guard during an initialization state according to the configuration data supplied to the guard from the network security manager;

first determining, during a control access state following the initialization state, if first data received at the data port of each transport guard originates from a subject or user that is allowed access to the protected application running in the partition in which the transport guard is operating according to the configuration data supplied to the transport guard during the initialization state, and forwarding the first data for delivery to the application port only after a positive determination; and

second determining, during the control access state, if second data received at the application port of each transport guard is destined to a subject or user that is allowed access to the protected application according to the configuration data supplied to the transport guard during the initialization state, and forwarding the second data for delivery to the data port only after a positive determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for a secure information network, includes operating a transport guard within a memory partition logically between a protected application running in the partition and a networking stack, and defining ports for the transport guard including (i) an application port for forwarding data to and receiving data from the application, (ii) a data port for receiving data addressed to the application from the networking stack, and for sending data originating from the application to the stack, and (iii) a control port for supplying configuration data to the transport guard. The configuration data corresponds to MAC, DAC and integrity control policies specified by the network for the protected application. The transport guard limits data flow between its protected application and the data ports accordingly.

157 Citations

16 Claims

1. A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for an information network that features multi-level security (MLS) and relies on a kernel that defines memory partitions, the method comprising:
- operating a transport guard within a given partition logically between a protected application running within the partition, and a networking stack of the network;
  
  providing a network security manager for supplying configuration data corresponding to the network security policy for the protected application running in each partition in which a transport guard is operating;
  
  defining ports for each transport guard including (i) an application port for forwarding data to and receiving data from the protected application running in the partition in which the transport guard is operating, (ii) a data port for receiving data addressed to the protected application from the networking stack, and for sending data originating from the protected application to the networking stack, and (iii) a control port for receiving configuration data supplied by the network security manager, wherein the configuration data corresponds to the MAC, the DAC and the integrity control specified by the network security policy for the protected application;
  
  configuring each transport guard during an initialization state according to the configuration data supplied to the guard from the network security manager;
  
  first determining, during a control access state following the initialization state, if first data received at the data port of each transport guard originates from a subject or user that is allowed access to the protected application running in the partition in which the transport guard is operating according to the configuration data supplied to the transport guard during the initialization state, and forwarding the first data for delivery to the application port only after a positive determination; and
  
  second determining, during the control access state, if second data received at the application port of each transport guard is destined to a subject or user that is allowed access to the protected application according to the configuration data supplied to the transport guard during the initialization state, and forwarding the second data for delivery to the data port only after a positive determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, including reporting an auditable event through the control port of each transport guard in the absence of a positive determination after the guard performs the first determining step.
  - 3. The method of claim 1, including reporting an auditable event through the control port of each transport guard in the absence of a positive determination after the guard performs the second determining step.
  - 4. The method of claim 1, including, at each transport guard, removing security labels from the first data before forwarding the data for delivery to the application port if the protected application running in the partition in which the guard is operating is an untrusted application.
  - 5. The method of claim 1, including, at each transport guard, adding security labels to the second data before forwarding the data for delivery to the data port if the protected application running in the partition in which the guard is operating is an untrusted application.
  - 6. The method of claim 1, including embedding each transport guard between CORBA and TCP layers of the network.
  - 7. The method of claim 1, including embedding each transport guard between Ethernet and IP layers of the network.
  - 8. The method of claim 1, including, at each transport guard, sending data originating from the protected application running in the partition in which the guard is operating into the networking stack using a kernel inter-process communication (IPC) mechanism.
  - 9. The method of claim 1, including appending a security header to data to be managed by each transport guard, and defining fields for the header including a source field for identifying a transport guard from which the data originates, a destination field for identifying a transport guard to which the data is destined, and one or more security fields for containing information corresponding to the mandatory access control (MAC) policy of the network.
  - 10. The method of claim 9, including providing information corresponding to an integrity level for the data in one of the security fields.
  - 11. The method of claim 9, including providing information corresponding to a security classification level for the data in one of the security fields.
  - 12. The method of claim 1, including defining an access control table for a given transport guard, and identifying in the table other transport guards with which the given transport guard may communicate according to the discretionary access control (DAC) policy of the network.
  - 13. The method of claim 12, including providing information in the access control table corresponding to ranges of security classifications associated with each of the other transport guards.
  - 14. The method of claim 12, including providing information in the access control corresponding to integrity levels associated with each of the other transport guards.
  - 15. The method of claim 12, including providing information in the access control table for indicating whether or not the given transport guard may transmit data to each of the other transport guards.
  - 16. The method of claim 12, including providing information in the access control table for indicating whether or not the given transport guard may receive data from each of the other transport guards.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Information and Electronic Systems Integration Incorporated (BAE Systems Plc)
Original Assignee
BAE Systems Information and Electronic Systems Integration Incorporated (BAE Systems Plc)
Inventors
Weller, Michael K., Litzinger, Joseph A., Mangra, Tarachrand A., Shah, Sanket J.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
HO, VIRGINIA T

Application Number

US11/414,105
Publication Number

US 20070255942A1
Time in Patent Office

1,411 Days
Field of Search

713/151, 713/154, 713/164, 713/166, 726/21, 726/22
US Class Current

713/164
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

Multi-level secure (MLS) information network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

157 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-level secure (MLS) information network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links