Multi-level secure (MLS) information network

Multi-level secure (MLS) information network

A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for a secure information network, includes operating a transport guard within a memory partition logically between a protected application running in the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: LITZINGER JOSEPH A, SHAH SANKET J, WELLER MICHAEL K, MANGRA TARACHRAND A
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method of enforcing a network security policy including mandatory access control (MAC), discretionary access control (DAC) and integrity control for a secure information network, includes operating a transport guard within a memory partition logically between a protected application running in the partition and a networking stack, and defining ports for the transport guard including (i) an application port for forwarding data to and receiving data from the application, (ii) a data port for receiving data addressed to the application from the networking stack, and for sending data originating from the application to the stack, and (iii) a control port for supplying configuration data to the transport guard. The configuration data corresponds to MAC, DAC and integrity control policies specified by the network for the protected application. The transport guard limits data flow between its protected application and the data ports accordingly.