Method and apparatus for providing network security using security labeling
First Claim
Patent Images
1. A method comprising:
- issuing a join request, whereinthe join request is issued using a generic security label registration protocol (GSRP),the join request is a request to join a context within a network, andthe context is a GSRP information propagation (GIP) context;
receiving a packet at a network node of the network;
comparing first security level information and second security level information, whereinthe packet comprises the first security level information by virtue of the first security level information being stored in a GSRP security label of the packet,the join request comprises the second security level information,the second security level information is stored at said network node, andthe second security level information is associated with a port of the network node; and
indicating processing to be performed on the packet based on a result of the comparing.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node.
-
Citations
21 Claims
-
1. A method comprising:
-
issuing a join request, wherein the join request is issued using a generic security label registration protocol (GSRP), the join request is a request to join a context within a network, and the context is a GSRP information propagation (GIP) context; receiving a packet at a network node of the network; comparing first security level information and second security level information, wherein the packet comprises the first security level information by virtue of the first security level information being stored in a GSRP security label of the packet, the join request comprises the second security level information, the second security level information is stored at said network node, and the second security level information is associated with a port of the network node; and indicating processing to be performed on the packet based on a result of the comparing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A network device comprising:
-
a processor; a network interface, coupled to the processor and configured to communicatively couple the network device to a network; a non-transitory computer-readable storage medium coupled to the processor; and computer instructions, encoded in the non-transitory computer-readable storage medium, and configured to cause said processor to issue a join request, wherein the join request is issued using a generic security label registration protocol (GSRP), the join request is a request to join a context within the network, and the context is a GSRP information propagation (GIP) context, receive a packet at the network device, compare first security level information and second security level information, wherein the packet comprises the first security level information by virtue of the first security level information being stored in a GSRP security label of the packet, the join request comprises the second security level information, the second security level information is stored at said network node, and the second security level information is associated with a port of the network node, and indicate processing to be performed on the packet based on a result of the comparing. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A computer program product comprising:
-
a plurality of instructions, comprising a first set of instructions, executable on a network device, configured to issue a join request, wherein the join request is issued using a generic security label registration protocol (GSRP), the join request is a request to join a context within a network, and the context is a GSRP information propagation (GIP) context, a second set of instructions, executable on the network device, configured to receive a packet at the network device, a third set of instructions, executable on the network device, configured to compare first security level information and second security level information, wherein the packet comprises the first security level information by virtue of the first security level information being stored in a GSRP security label of the packet, the join request comprises the second security level information, the second security level information is stored at said network node, and the second security level information is associated with a port of the network node, and a fourth set of instructions, executable on the network device, configured to indicate processing to be performed on the packet based on a result of the comparing; and a non-transitory computer-readable storage medium, wherein the instructions are encoded in the non-transitory computer-readable storage medium.
-
Specification