Adding Common Internet Protocol Security Option (CIPSO) labels to packet headers in a multiple security level network

Disclosed is a networking system (200) comprised of a first network (130) operable to transport data packets and a trusted computing system (120) coupled to the network (130). The trusted computing system (120) is operable to isolate data packets having different classification levels. The trusted computing system (120) contains one or more applications (135a, 135b), each of which has a classification level, and a trusted operating system (165). The system (200) also includes a Multiple Independent Levels of Security (MILS) network (110) coupled to the first network (130). The MILS network (110) is comprised of one or more computing nodes (125a, 125b), each of which has a classification level. The MILS network (110) also contains an embedded operating system (140) and a middleware process (150). The middleware process (150) is operable to receive a first data packet from the one or more computing nodes (125a, 125b) and to add a Common Internet Protocol Security Option (CIPSO) label (195) to the first data packet to form a modified packet (175). The CIPSO label (195) indicates the classification level of the computing node (125a, 125b) that transmitted the first data packet. The MILS network further includes a separation kernel (160) operable to transmit the modified packet (175) to the trusted computing system (120) through the first network (130). The trusted operating system (120) is operable to receive the modified packet (175) and to transmit information in the modified packet (175) to the one or more application (135a, 135b) according to the CIPSO label (195) of the modified packet (175).