Cross-domain object models for securely sharing information between network security domains
First Claim
1. A system comprising:
- a plurality of network domains, each of the domains comprising a respective set of client computing devices comprising a respective one or more processors executing respective instances of at least one software application;
a cross-domain object model specification that specifies object classes for cross-domain objects, each of the objects having methods comprising code executable by the applications for accessing a plurality of data fields of the object;
a protected and distributed object repository positioned within each of the network domains; and
a controller within each of the network domains,wherein, for each of the object classes, the cross-domain object model specification defines the plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains,wherein each of the object repositories stores an authorized portion of each of the cross-domain objects in accordance with the cross-domain object model specification, andwherein the controller within each of the network domains detects changes to the portions of the cross-domain objects within the respective one of the network domains and propagates versions of the changes to the controllers of the other ones of the network domains in compliance with cross-domain model specification.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described for controlling transfer of information in a secure manner across multiple network security domains. As described herein, cross-domain sharing may be facilitated by use of a common model that is shared by participants from the different network security domains. An example system is described in which a plurality of network domains comprises a respective set of client computing devices. A cross-domain object model specification specifies object classes for cross-domain objects accessible to the client computing devices. For each of the object classes, the cross-domain object model specification defines a plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains. A protected object repository positioned within each of the network domains stores an authorized portion of each of the cross-domain objects in accordance with the cross-domain object model specification.
6 Citations
30 Claims
-
1. A system comprising:
-
a plurality of network domains, each of the domains comprising a respective set of client computing devices comprising a respective one or more processors executing respective instances of at least one software application; a cross-domain object model specification that specifies object classes for cross-domain objects, each of the objects having methods comprising code executable by the applications for accessing a plurality of data fields of the object; a protected and distributed object repository positioned within each of the network domains; and a controller within each of the network domains, wherein, for each of the object classes, the cross-domain object model specification defines the plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains, wherein each of the object repositories stores an authorized portion of each of the cross-domain objects in accordance with the cross-domain object model specification, and wherein the controller within each of the network domains detects changes to the portions of the cross-domain objects within the respective one of the network domains and propagates versions of the changes to the controllers of the other ones of the network domains in compliance with cross-domain model specification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
storing, within a protected and distributed object repository positioned within each of a plurality of network domains, a plurality of cross-domain objects, wherein each of the object repositories stores an authorized portion of each of the objects in accordance with the cross-domain object model specification, each of the objects having methods comprising code executable by the applications for accessing a plurality of data fields of the object; detecting, with respective controllers within each of the network domains, changes made to any of the cross-domain objects within the respective protect object repository; and propagating, with the respective controllers, versions of the changes to the controllers of the other domains in accordance with a cross-domain object model specification, wherein, for each of the object classes, the cross-domain object model specification defines a plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A cross-domain object model controller comprising a processor configured to:
-
detect changes made to any of a plurality of cross-domain objects in a protected and distributed object repository, wherein each of the objects comprises an authorized portion of a cross-domain object for a respective one of a plurality of network domains in accordance with the cross-domain object model specification, each of the objects having methods comprising code executable by the applications for accessing a plurality of data fields of the object; propagate versions of changes to controllers of the other network domains in accordance with the cross-domain object model specification, wherein, for each of the object classes, the cross-domain object model specification defines a plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A non-transitory computer-readable storage medium storing commands that, when executed, cause one or more processors of a computing device to:
-
receive requests from client computing devices within a network domain for application of actions to portions of cross-domain objects stored within the network domain in a protected and distributed object repository, wherein each of the cross-domain objects comprises an authorized portion of a respective cross-domain object in accordance with a cross-domain object model specification, each of the objects having methods comprising code executable by the applications for accessing a plurality of data fields of the object, wherein the cross-domain object model specification defines a plurality of data fields for object classes for the cross-domain objects and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains; control application of the actions to the portion of the cross-domain objects stored within the network domain in accordance with the cross-domain model specification; detects changes to the portion of the cross-domain objects within the network domain; and propagate versions of the changes of the portion of the cross-domain objects stored within the network domain to one or more controllers of the other network domains in accordance with the cross-domain object model specification.
-
Specification