Host-to-host communication in a multilevel secure network

US 9,712,541 B1
Filed: 08/19/2013
Issued: 07/18/2017
Est. Priority Date: 08/19/2013
Status: Active Grant

First Claim

Patent Images

1. A network-communication system comprising:

a plurality of computer systems each of which is configured to operate in accordance with at least one protocol stack assigned to a security level of a multilevel security model, wherein each computer system includes a processor and non-transitory computer-readable storage medium having computer-readable program code stored therein that, in response to execution by the processor, causes the computer system to at least;

perform address discovery or registration for one or more network-layer addresses with a network for an exchange of data between hosts provided by protocol stacks at respective security levels of the multilevel security model; and

exchange data between the hosts, the data being accessible or inaccessible by the hosts according to the respective security levels and one or more mandatory access control information flow policies consistent with the multilevel security model,wherein the address discovery or registration is performed using a network management protocol that is trusted and accessible by the hosts without regard to the respective security levels and one or more mandatory access control information flow policies;

wherein protocol stacks of the computer systems are configured to provide respective ones of a first host at a first security level, a second host at a second security level that is lower than the first security level, and one of the computer systems is configured to function as a cross-domain solution (CDS),wherein the first host is configured to publish to the network, data on a given topic that is subscribed to by the second host, the data at the first security level being inaccessible by the second host according to the multilevel security model, andwherein the CDS is subscribed to the data as a proxy for the second host, and the CDS is configured to filter the data to produce filtered data at the second security level, and republish the filtered data to the network for receipt by the second host, the data being published to the network or filtered data being republished to the network using the one or more network-layer addresses.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network communication system includes a plurality of computer systems each of which may operate in accordance with at least one protocol stack assigned to a security level of a multilevel security model. The computer system may perform address discovery or registration for network-layer address(es) with a network for an exchange of data between hosts provided by protocol stacks at respective security levels of the multilevel security model. And the computer system may exchange data between the hosts, with the data being accessible or inaccessible by the hosts according to the respective security levels and mandatory access control information flow policy/policies consistent with the multilevel security model. The address discovery or registration, on the other hand, may be performed using a network management protocol that is trusted and accessible by the hosts without regard to the respective security levels and mandatory access control information flow policy/policies.

24 Citations

View as Search Results

15 Claims

1. A network-communication system comprising:
- a plurality of computer systems each of which is configured to operate in accordance with at least one protocol stack assigned to a security level of a multilevel security model, wherein each computer system includes a processor and non-transitory computer-readable storage medium having computer-readable program code stored therein that, in response to execution by the processor, causes the computer system to at least;
  
  perform address discovery or registration for one or more network-layer addresses with a network for an exchange of data between hosts provided by protocol stacks at respective security levels of the multilevel security model; and
  
  exchange data between the hosts, the data being accessible or inaccessible by the hosts according to the respective security levels and one or more mandatory access control information flow policies consistent with the multilevel security model,wherein the address discovery or registration is performed using a network management protocol that is trusted and accessible by the hosts without regard to the respective security levels and one or more mandatory access control information flow policies;
  
  wherein protocol stacks of the computer systems are configured to provide respective ones of a first host at a first security level, a second host at a second security level that is lower than the first security level, and one of the computer systems is configured to function as a cross-domain solution (CDS),wherein the first host is configured to publish to the network, data on a given topic that is subscribed to by the second host, the data at the first security level being inaccessible by the second host according to the multilevel security model, andwherein the CDS is subscribed to the data as a proxy for the second host, and the CDS is configured to filter the data to produce filtered data at the second security level, and republish the filtered data to the network for receipt by the second host, the data being published to the network or filtered data being republished to the network using the one or more network-layer addresses.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network-communication system of claim 1, wherein each computer system is further configured to at least:
    - receive a domain identifier, logical-partition identifiers and topic identifiers for respective ones of a domain, logical partitions of the domain and topics of data for communication in the network, each of the logical partitions being assigned to a respective security level of the multilevel security model; and
      
      generate one or more multicast addresses each of which includes the domain identifier and a unique combination of logical-partition identifier and topic identifier,wherein each computer system being configured to perform address discovery or registration includes each computer system being configured to register the one or more multicast addresses with the network.
  - 3. The network-communication system of claim 1, wherein the CDS is configured to return an acknowledgement to the first host in response to the CDS receiving the data, and receive an acknowledgement from the second host at the CDS in response to the second host receiving the filtered data.
  - 4. The network-communication system of claim 1, wherein protocol stacks of the computer systems are configured to provide respective ones of a second host at a second security level, and a first host at a first security level that is equal to or higher than the second security level, andwherein the second host is configured to publish to the network, data on a given topic that is subscribed to by the first host, the data at the second security level being accessible by the first host according to the multilevel security model.
  - 5. The network-communication system of claim 1, wherein protocol stacks of the computer systems are configured to provide respective ones of a first host at a first security level, a second host at a second security level that is lower than the first security level, and one of the computer systems is configured to function as a cross-domain solution (CDS),wherein the first host is configured to publish to the network, an acknowledgement in response to the first host receiving data on a given topic published to the network by the second host, the acknowledgement at the first security level being inaccessible by the second host according to the multilevel security model, andwherein the CDS is subscribed to the acknowledgement as a proxy for the second host, and the CDS is configured to filter the acknowledgement to produce a filtered acknowledgement at the second security level, and republish the filtered acknowledgement to the network for receipt by the second host, the acknowledgement being published to the network or filtered acknowledgement being republished to the network using the one or more network-layer addresses.

6. An apparatus of a plurality of apparatuses each of which is configured to operate in accordance with at least one protocol stack assigned to a security level of a multilevel security model, the apparatus comprising:
- a processor; and
  
  a computer-readable storage medium coupled to the processor, that is non-transitorv and has computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to at least;
  
  perform address discovery or registration for one or more network-layer addresses with a network for an exchange of data between hosts provided by protocol stacks at respective security levels of the multilevel security model; and
  
  exchange data between the hosts, the data being accessible or inaccessible by the hosts according to the respective security levels and one or more mandatory access control information flow policies consistent with the multilevel security model,wherein the address discovery or registration is performed using a network management protocol that is trusted and accessible by the hosts without regard to the respective security levels and one or more mandatory access control information flow policies;
  
  wherein the computer-readable storage medium has further computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to further;
  
  receive data on a given topic published to the network by a first host at a first security level, and subscribed to by a second host at a second security level that is lower than the first security level, the data at the first security level being inaccessible by the second host according to the multilevel security model; and
  
  at the apparatus configured to function as a cross-domain solution (CDS) subscribed to the data as a proxy for the second host,filter the data to produce filtered data at the second security level; and
  
  republish the filtered data to the network for receipt by the second host, the data being published to the network or filtered data being republished to the network using the one or more network-layer addresses.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus of claim 6, wherein the computer-readable storage medium has further computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to further:
    - receive a domain identifier, logical-partition identifiers and topic identifiers for respective ones of a domain, logical partitions of the domain and topics of data for communication in the network, each of the logical partitions being assigned to a respective security level of the multilevel security model; and
      
      generate one or more multicast addresses each of which includes the domain identifier and a unique combination of logical-partition identifier and topic identifier,wherein the apparatus being caused to perform address discovery or registration includes the apparatus being caused to register the one or more multicast addresses with the network.
  - 8. The apparatus of claim 6, wherein the computer-readable storage medium has further computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to further:
    - return an acknowledgement from the CDS to the first host in response to the CDS receiving the data; and
      
      receive an acknowledgement from the second host at the CDS in response to the second host receiving the filtered data.
  - 9. The apparatus of claim 7, wherein the computer-readable storage medium has further computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to further:
    - receive data on a given topic published to the network by a second host at a second security level, and subscribed to by a first host at a first security level that is equal to or higher than the second security level, the data at the second security level being accessible by the first host according to the multilevel security model.
  - 10. The apparatus of claim 7, wherein the computer-readable storage medium has further computer-readable program code stored therein that, in response to execution by the processor, causes the apparatus to further:
    - receive an acknowledgement published to the network by a first host at a first security level, the acknowledgement being in response to the first host receiving data on a given topic published to the network by a second host at a second security level that is lower than the first security level, the acknowledgement at the first security level being inaccessible by the second host according to the multilevel security model; and
      
      at the apparatus configured to function as a cross-domain solution (CDS) subscribed to the acknowledgement as a proxy for the second host,filter the acknowledgement to produce a filtered acknowledgement at the second security level; and
      
      republish the filtered acknowledgement to the network for receipt by the second host, the acknowledgement being published to the network or filtered acknowledgement being republished to the network using the one or more network-layer addresses.

11. A method for a computer system of a plurality of computer systems each of which is configured to operate in accordance with at least one protocol stack assigned to a security level of a multilevel security model, the method comprising:
- performing address discovery or registration for one or more network-layer addresses with a network for an exchange of data between hosts provided by protocol stacks at respective security levels of the multilevel security model; and
  
  exchanging data between the hosts, the data being accessible or inaccessible by the hosts according to the respective security levels and one or more mandatory access control information flow policies consistent with the multilevel security model,wherein the address discovery or registration is performed using a network management protocol that is trusted and accessible by the hosts without regard to the respective security levels and one or more mandatory access control information flow policies;
  
  receiving data on a given topic published to the network by a first host at a first security level, and subscribed to by a second host at a second security level that is lower than the first security level, the data at the first security level being inaccessible by the second host according to the multilevel security model; and
  
  at a cross-domain solution (CDS) subscribed to the data as a proxy for the second host,filtering the data to produce filtered data at the second security level; and
  
  republishing the filtered data to the network for receipt by the second host, the data being published to the network or filtered data being republished to the network using the one or more network-layer addresses.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 further comprising:
    - receiving a domain identifier, logical-partition identifiers and topic identifiers for respective ones of a domain, logical partitions of the domain and topics of data for communication in the network, each of the logical partitions being assigned to a respective security level of the multilevel security model; and
      
      generating one or more multicast addresses each of which includes the domain identifier and a unique combination of logical-partition identifier and topic identifier,wherein performing address discovery or registration includes registering the one or more multicast addresses with the network.
  - 13. The method of claim 11 further comprising:
    - returning an acknowledgement from the CDS to the first host in response to the CDS receiving the data; and
      
      receiving an acknowledgement from the second host at the CDS in response to the second host receiving the filtered data.
  - 14. The method of claim 11 further comprising:
    - receiving data on a given topic published to the network by a second host at a second security level, and subscribed to by a first host at a first security level that is equal to or higher than the second security level, the data at the second security level being accessible by the first host according to the multilevel security model.
  - 15. The method of claim 11 further comprising:
    - receiving an acknowledgement published to the network by a first host at a first security level, the acknowledgement being in response to the first host receiving data on a given topic published to the network by a second host at a second security level that is lower than the first security level, the acknowledgement at the first security level being inaccessible by the second host according to the multilevel security model; and
      
      at a cross-domain solution (CDS) subscribed to the acknowledgement as a proxy for the second host,filtering the acknowledgement to produce a filtered acknowledgement at the second security level; and
      
      republishing the filtered acknowledgement to the network for receipt by the second host, the acknowledgement being published to the network or filtered acknowledgement being republished to the network using the one or more network-layer addresses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Harris, Brian R., Stewart, Gregory D., Bond, William E.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Steinle, Andrew

Application Number

US13/969,741
Time in Patent Office

1,429 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 2221/2113   Multi-level security, e.g. ...

H04L 2101/668   Internet protocol [IP] addr...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5069   for group communication, mu...

H04L 63/0236   Filtering by address, proto...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

Host-to-host communication in a multilevel secure network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Host-to-host communication in a multilevel secure network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links