Secure information flow

US 10,242,174 B2
Filed: 02/09/2015
Issued: 03/26/2019
Est. Priority Date: 03/12/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a service component implemented by one or more processors and memory and configured to;

receive, from a caller component, a service call request that includes one or more caller permissions; and

respond to the service call request, based at least in part on the one or more caller permissions, to provide information requested by the service call request to the caller component via a secure flow container, wherein the one or more caller permissions pertain to the requested information; and

a creator component implemented by one or more processors and memory to;

create a master secure flow container based at least in part on an environment specification from a data store; and

access configuration or permission data to create the secure flow container as an instance of the master secure flow container;

a monitoring environment implemented by one or more processors and memory and configured to;

determine if the secure flow container is permitted to receive the information provided by the service component;

permit the secure flow container to receive the information; and

determine, based at least in part on the one or more caller permissions, if the secure flow container is permitted to send the information to the caller;

wherein the secure flow container is;

implemented by one or more processors and memory distinct from one or more processors and memory that implement the caller component, and is configured to;

receive the information from the service component as permitted by the monitoring environment; and

send the information to the caller component as permitted by the monitoring environment.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure information flow may include a service receiving a request for data from a caller. The service may respond to the request with the requested data via a secure flow container. The secure flow container may then send the information to the caller component. Before the secure flow container receives or sends the information, a monitoring environment may permit the secure flow container to receive or send the information, respectively.

23 Citations

19 Claims

1. A system comprising:
- a service component implemented by one or more processors and memory and configured to;
  
  receive, from a caller component, a service call request that includes one or more caller permissions; and
  
  respond to the service call request, based at least in part on the one or more caller permissions, to provide information requested by the service call request to the caller component via a secure flow container, wherein the one or more caller permissions pertain to the requested information; and
  
  a creator component implemented by one or more processors and memory to;
  
  create a master secure flow container based at least in part on an environment specification from a data store; and
  
  access configuration or permission data to create the secure flow container as an instance of the master secure flow container;
  
  a monitoring environment implemented by one or more processors and memory and configured to;
  
  determine if the secure flow container is permitted to receive the information provided by the service component;
  
  permit the secure flow container to receive the information; and
  
  determine, based at least in part on the one or more caller permissions, if the secure flow container is permitted to send the information to the caller;
  
  wherein the secure flow container is;
  
  implemented by one or more processors and memory distinct from one or more processors and memory that implement the caller component, and is configured to;
  
  receive the information from the service component as permitted by the monitoring environment; and
  
  send the information to the caller component as permitted by the monitoring environment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the caller component lacks permission to receive the information sent from the service component to the secure flow container, wherein the secure flow container is an instantiation of a master service flow container specified by a creator component, and wherein the secure flow container is further configured to:
    - based at least on a permission set from the creator component, forward the information received from the service component to the caller component.
  - 3. The system of claim 1, wherein the service component is further configured to receive, from the caller component, permission for an integrity label, wherein the permission for the integrity label is usable by the service component to gain permission to provide the information to the secure flow container, and wherein the secure flow container is configured to receive, from the caller component, the integrity label, wherein the integrity label is usable by the secure flow container to bind the secure flow container to the service component.
  - 4. The system of claim 1, wherein the secure flow container is further configured to receive, from the caller component, permission for an integrity label, wherein the permission for the integrity label is usable by the secure flow container to gain permission to provide the information to the caller component, and wherein the integrity label is usable by the caller to bind the secure flow container to the caller component.
  - 5. The system of claim 1, further comprising:
    - a permission data store configured to store creator permissions that define associations between individual pieces of information and entities of the system, wherein the monitoring environment is configured to access the stored permissions for use in determining permission for the secure flow container to receive or send data.
  - 6. The system of claim 5,wherein the secure flow container is provided creator permissions from the creator component via the master secure flow container.

7. A method comprising:
- performing, by one or more computers;
  
  receiving, by a service, a request for data from a caller component;
  
  creating, by a creator component, a master secure flow container based at least in part on an environment specification from a data store;
  
  creating, based on configuration or permission data, a secure flow container, wherein the secure flow container is implemented by one or more hosts distinct from one or more hosts that implement the caller component, and wherein the secure flow container is an instance of the master secure flow container;
  
  transmitting, by the service, the requested data to the secure flow container;
  
  determining that the secure flow container is permitted to receive the requested data from the service;
  
  in response to said determining that the secure flow container is permitted to receive the requested data, the secure flow container receiving the requested data from the service;
  
  determining, based at least in part on one or more caller permissions, that the secure flow container is permitted to provide access to the requested data to the caller; and
  
  in response to said determining, based at least in part on the one or more caller permissions, that the secure flow container is permitted to provide access to the requested data to the caller, the secure flow container providing access to the requested data to the caller.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The method of claim 7, wherein the caller lacks permission to receive a portion of the requested data, and wherein the method further comprises:
    - the secure flow container removing the portion from the requested data and sending the remaining requested data to the caller.
  - 9. The method of claim 8, wherein said sending the remaining requested data to the caller includes receiving, from a creator, one or more creator permissions, wherein the one or more creator permissions are usable to permit the secure flow container to perform said providing the access to the requested data to the caller.
  - 10. The method of claim 7, wherein the request for the data from the caller includes receiving a permission from the caller, and wherein the permission permits the service to perform said transmitting.
  - 11. The method of claim 7, wherein the secure flow container instance is created upon said receiving the request, the caller sending the request, or the service transmitting the requested data.
  - 12. The method of claim 7, further comprising:
    - receiving, by the service, a first permission set from the caller; and
      
      receiving, by the secure flow container, a second permission set from the caller, wherein the first and second permission sets are usable to perform said transmitting and said providing, respectively.
  - 13. The method of claim 7, wherein said transmitting and said providing are based at least in part on permissions retrieved from a permission data store, and wherein the permissions include permissions for respective entities regarding various pieces of data.
  - 14. The method of claim 7, wherein said determining that the secure flow container is permitted to receive the requested data includes:
    - intercepting the transmitted requested data from the service to the secure flow container; and
      
      based at least in part on one or more permissions, determining that the secure flow container is permitted to receive the requested data from the service.
  - 15. The method of claim 7, wherein the received request includes an indication of a return path through the secure flow container.
  - 16. The method of claim 7, wherein a location for the secure flow container is determined based on a directory service request.
  - 17. The method of claim 7, wherein the secure flow container is implemented as a virtual machine, and wherein one or more monitors perform said determining and include a monitor corresponding to the virtual machine, wherein the monitor is configured to regulate ingress and egress traffic for the virtual machine.

18. A non-transitory, computer-readable storage medium storing program instructions, wherein the program instructions are computer-executable to implement:
- a master secure flow container based at least in part on an environment specification from a data store; and
  
  a secure flow container, derived based at least in part on the master secure follow container, the secure flow container configured to;
  
  receive, from a caller component, a set of permissions, wherein the caller component is implemented by one or more hosts distinct from one or more hosts that implement the secure flow container;
  
  receive, in response to a monitor intercepting and permitting a request from a service component to the secure flow container, the request from the service component to provide data to the caller component, wherein the set of permissions pertain to the requested data; and
  
  provide, in response to the monitor intercepting and permitting a transmission from the service flow container to the caller and based at least in part on the received set of permissions, the requested data to the caller component.
- View Dependent Claims (19)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the monitor permission is based at least in part on one or more permissions of the secure flow container, and wherein the set of caller permissions includes permission for the secure flow container to write to the caller component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Allen, Nicholas Alexander
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Shirazi, Sayed Aresh Beheshti

Application Number

US14/617,691
Publication Number

US 20150178492A1
Time in Patent Office

1,506 Days
Field of Search

726 29
US Class Current
CPC Class Codes

G06F 21/44 Program or device authentic...

G06F 21/6209 to a single file or object,...

Secure information flow

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure information flow

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links