Authorizing information flows

US 8,024,565 B2
Filed: 05/30/2008
Issued: 09/20/2011
Est. Priority Date: 12/15/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method, in a data processing system, for authorizing information flows between devices of the data processing system, the method comprising:

receiving an information flow request from a first device to authorize an information flow from the first device to a second device, wherein the information flow request includes an identifier of the second device;

retrieving, based on an identification of the first device and the identifier of the second device, security information identifying an authorization level of the first device and second device;

determining a sensitivity of an information object that is to be transferred in the information flow; and

authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow, wherein;

the security information comprises a first labelset associated with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second labelsets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second and third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authorizing information flows between devices of a data processing system is provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

45 Citations

View as Search Results

22 Claims

1. A method, in a data processing system, for authorizing information flows between devices of the data processing system, the method comprising:
- receiving an information flow request from a first device to authorize an information flow from the first device to a second device, wherein the information flow request includes an identifier of the second device;
  
  retrieving, based on an identification of the first device and the identifier of the second device, security information identifying an authorization level of the first device and second device;
  
  determining a sensitivity of an information object that is to be transferred in the information flow; and
  
  authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow, wherein;
  
  the security information comprises a first labelset associated with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second labelsets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second and third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the authorization level of the first device and second device identify the sensitivity types of information objects that may be maintained by the first and second devices, respectively.
  - 3. The method of claim 1, wherein the security information of the first and second device only indicate a sensitivity of information objects that may be maintained in the first and second devices, respectively, and do not define the authorization level of the first and second device in terms of the operations which may be used to transform or transmit the information objects.
  - 4. The method of claim 1, further comprising:
    - receiving a request from the first device to authenticate the first device;
      
      authenticating the first device; and
      
      issuing a token to the first device if the first device is authenticated, wherein the token is used to generate security information for the first device in the information flow request.
  - 5. The method of claim 4, further comprising:
    - associating a security association with security information identifying an authorization level for the first device, wherein the security association is a unique identifier generated based on communication connection information; and
      
      storing the security information in association with the security association in a lookup data structure.
  - 6. The method of claim 1, wherein determining a sensitivity of an information object that is to be transferred in the information flow comprises:
    - determining if the information object has associated security information; and
      
      associating the security information of a source device of the information object with the information object if the information object does not have associated security information.
  - 7. The method of claim 1, wherein the data processing system comprises a reference monitor and wherein the security information and associations of security information with identifiers of the first and second devices are maintained only in the reference monitor and are not accessible by unauthorized entities outside of the reference monitor.
  - 8. The method of claim 1, wherein the first labelset and second labelset identify a plurality of security policies to be applied to the first labelset and second labelset to determine if an information flow between the first device and second device is to be authorized or denied.
  - 9. The method of claim 8, wherein authorizing or denying the information flow comprises combining results from evaluations performed using the plurality of security policies to generate a single result identifying whether the information flow is to be authorized or denied.
  - 10. The method of claim 1, wherein the first, second and third labelsets are stored within a device separate from the first and second devices and are not accessible to the first and second devices.
  - 11. The method of claim 1, further comprising combining the first labelset and the third labelset together according to combinatorial rules of a security module of the data processing system to generate an effective labelset;
    - andusing the effective labelset and the second labelset to determine whether to authorize or deny the information flow.

12. A computer program product comprising a computer readable storage device including a computer readable program stored thereon, wherein the computer readable program, when executed on a computing device, causes the computing device to:
- receive an information flow request from a first device to authorize an information flow from the first device to a second device, wherein the information flow request includes an identifier of the second device;
  
  retrieve, based on an identification of the first device and the identifier of the second device, security information identifying an authorization level of the first device and second device;
  
  determine a sensitivity of an information object that is to be transferred in the information flow; and
  
  authorize or deny the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow, wherein;
  
  the security information comprises a first labelset associates with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second labelsets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second and third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.
- View Dependent Claims (13, 14, 15)
- - 13. The computer program product of claim 12, wherein the computer readable program further causes the computing device to:
    - receive a request from the first device to authenticate the first device;
      
      authenticate the first device; and
      
      issue a token to the first device if the first device is authenticated, wherein the token is used to generate security information of the first device in the information flow request.
  - 14. The computer program product of claim 13, wherein the computer readable program further causes the computing device to:
    - associate a security association with security information identifying an authorization level for the first device, wherein the security association is a unique identifier generated based on communication connection information; and
      
      store the security information in association with the security association in a lookup data structure.
  - 15. The computer program product of claim 12, wherein the computer readable program causes the computing device to determine a sensitivity of an information object that is to be transferred in the information flow by:
    - determining if the information object has associated security information; and
      
      associating the security information of a source device of the information object with the information object if the information object does not have associated security information.

16. An apparatus for authorizing information flows between devices of a data processing system, comprising:
- a communication manager having a listener for listening for information flow requests from devices of the data processing system;
  
  an information flow mediator coupled to the communication manager for determining whether an information flow is to be authorized or denied; and
  
  a security information storage device coupled to the information flow mediator that stores security information for devices of the data processing system, wherein;
  
  the communication manager receives an information flow request from a first device to authorize an information flow from the first device to a second device, wherein the information flow request includes an identifier of the second device,the information flow mediator retrieves, based on an identification of the first device and the identifier of the second device, security information, from the security information storage device, identifying an authorization level of the first device and second device,the information flow mediator determines a sensitivity of an information object that is to be transferred in the information flow, andthe information flow mediator authorizes or denies the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow, wherein;
  
  the security information comprises a first labelset associated with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second label sets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second and third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus of claim 16, further comprising:
    - an authenticator, wherein the authenticator receives a request from the first device to authenticate the first device, authenticates the first device, and issues a token to the first device if the first device is authenticated, aid wherein the token is used to generate security information for the first device in the information flow request.
  - 18. The apparatus of claim 17, wherein the information flow mediator associates a security association with security information identifying an authorization level for the first device and stores the security information in association with the security association in a lookup data structure.
  - 19. The apparatus of claim 16, wherein the information flow mediator determines a sensitivity of an information object that is to be transferred in the information flow by:
    - determining if the information object has associated security information in an information object security information storage device; and
      
      associating the security information of a source device of the information object with the information object if the information object does not have associated security information in the information object security information storage device.

20. A data processing system for authorizing information flows between devices, comprising:
- a first computing device in a first partition of the data processing system, wherein the first computing device has a source element for communicating information to a target element;
  
  a second computing device in a second partition of the data processing system, wherein the second computing device has the target element; and
  
  a reference monitor, coupled to the first computing device and the second computing device, that monitors information flows between the first partition and the second partition, wherein the reference monitor;
  
  receives an information flow request from the first computing device to authorize an information flow from the source element to the target element, wherein the information flow request includes an identifier of the target element,retrieves, based on an identification of the source element and the identifier of the target element, security information identifying an authorization level of the source element and target element,determines a sensitivity of an information object that is to be transferred in the information flow, andauthorizes or denies the information flow based only on the sensitivity of the information object and the authorization level of the source element and target element irregardless of the particular action being performed on the information object as part of the information flow, wherein;
  
  the security information comprises a first labelset associated with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second labelsets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second and third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.
- View Dependent Claims (21)
- - 21. The data processing system of claim 20, wherein the reference monitor comprises:
    - a communication manager having a listener for listening for information flow requests from elements of the data processing system;
      
      an information flow mediator coupled to the communication manager for determining whether an information flow is to be authorized or denied;
      
      a security data structure storage device coupled to the information flow mediator that stores security information for elements of the data processing system; and
      
      a security policy framework coupled to the information flow mediator for applying one or more security policies to security information for elements of the data processing system.

22. A computing device, comprising:
- a processor; and
  
  a memory, wherein the memory contains instructions which, when executed by the processor, cause the processor to;
  
  receive an information flow request from a first device to authorize an information flow from the first device to a second device, wherein the information flow request includes an identifier of the second device;
  
  retrieve, based on an identification of the first device and the identifier of the second device, security information identifying an authorization level of the first device and second device;
  
  determine a sensitivity of an information object that is to be transferred in the information flow; and
  
  authorize or deny the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow, wherein;
  
  the security information comprises a first labelset associated with the identifier of the first device and a second labelset associated with the identifier of the second device,the first and second labelsets identify authorization levels of the first and second devices, respectively,the sensitivity of the information object comprises a third labelset associated with the information object,authorizing or denying the information flow based only on the sensitivity of the information object and the authorization level of the first and second devices comprises performing at least one set theory operation on the first, second third labelsets, andauthorizing or denying the information flow based on results of the at least one set theory operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arroyo, Diana J., Muppidi, Sridhar R., Jamsek, Damir A., Blakley, George R. III, Williams, Ronald B., Simon, Kimberly D.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US12/130,252
Publication Number

US 20080229413A1
Time in Patent Office

1,208 Days
Field of Search

None
US Class Current

713/166
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Authorizing information flows

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

45 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing information flows

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links