 Single sign-on framework with trust-level mapping to authentication requirements |
| 1. An information security system comprising: plural information resources distributed amongst and ... |
|
| Method and system for determining and maintaining trust in digital image files with certifiable time |
| It is, therefore, a general object of the present invention to provide novel systems, apparatus, ... |
|
| Inter-application validation tool for use in enterprise architecture modeling |
| OF THE INVENTION Referring first to FIG. 1, an integrated enterprise 10 will now be described in ... |
|
| Method and apparatus for analyzing the appearance features of a surface |
| The principal object of this invention is to provide a method and an apparatus for analyzing the ... |
|
| Maintaining consistency of device driver settings |
| OF PREFERRED EMBODIMENTS The present invention provides a method executed by a computer for ... |
|
| Computer program product having preloaded software module |
| In summary, this disclosure pertains to an offline class loader that is used to produce an ... |
|
| Translation method and apparatus using optical character reader |
| It is hence a primary object of the invention to present a method and apparatus for translation ... |
|
| Temporal learning neural network |
| To attain the above object, the present invention provides a temporal learning neural network ... |
|
| Neural network apparatus |
| The neural network apparatus of this invention, which overcomes the above-discussed and numerous ... |
|
| Automated closed recirculating aquaculture filtration system |
| This invention provides a solution to one or more of the problems and/or deficiencies described ... |
|
|
Multilevel security port methods, apparatuses, and computer program products
| Details |
Inventors: Winiger, Gary W.;
Assignee: Sun Microsystems, Inc. (Mountain View, CA)
Primary Examiner: Beausoliel, Jr.; Robert W.
Assistant Examiner: Elisca; Pierre Eddy
Attorney, Agent or Firm: Sabath; Robert P., Weller; Edward B.
A multilevel port system on a computer operating under a multilevel operating system to permit contemporaneously opening a plurality of sockets having the same port number while meeting the requirements of an appropriate security policy, thus allowing third party applications to run as if they were unimpeded by the security policy, and methods thereby. The computer system having an operating system adhering to an access control security mechanism. Such systems include government systems wherein a hierarchy of security classification levels are defined (e.g., top secret, secret, classified, unclassified), and commercial systems. Sensitivity labels pursuant to an access control security mechanism include at least hierarchical security classifications, and may include non-hierarchical categories or compartments which represent distinct areas of information in a system. A port is characterized by a port number and a sensitivity label thus permitting opening a plurality of ports having identical port numbers and unique sensitivity labels. |
|
DETAILED DESCRIPTION According to the present invention, multilevel trusted systems associate multiple port endpoints with a single identifier code indication or name.
Use of a single identification to associate multiple port endpoints enables provision of a security check which halts inter-endpoint communication when the endpoints are further associated with a common identifier code indication.
This is beneficial because security breaches caused by interlevel communication are diminished.
According to the present invention, use privileges for third-party communication at a selected network level are affirmatively granted at multiple specified levels.
This is beneficial as it permits direct and unmodified application operation at desired multiple levels, permitting multilevel trusted system operation without applications software modification.
According to the present invention, a computer system comprises a machine-readable program storage device embodying a program of instructions executable by the machine to perform method steps in a multilevel trusted system for establishing a multilevel port to enable multiple, substantially concurrent resource accessing.
According to the present invention, a computer system comprises an operating system kernel supporting a multilevel access control security mechanism for creating an object access packet comprising an internet protocol (IP) header including a destination socket having a machine address and a unique port identifier, a port identifier comprising a port number specifying a resource or object, and a sensitivity label for an access control security protocol.
According to the present invention, a plurality of processes are created on a destination system for a single selected port number at a selected unique sensitivity label, permitting resource and object access by multiple users in a multilevel access control system to a selected port according to a selected security policy.
According to the method of this invention, machine readable code opens multiple instances of a selected application, both instances having the same port address and a separate sensitivity label
|
| Related patents |
|
|
Differential current-switch circuit, D/A conversion circuit and method of transient response reduction
Accordingly, an object of the present invention is to provide a differential current-switch circuit, a D/A conversion circuit employing this differential current-switch ...
|
|
|
Java security mechanism
In accordance with the invention, objects of classes loaded from the hard drive of a local client computer, after being found via the CLASSPATH are not automatically ...
|
|
|
Switching system comprising distributed elements allowing attachment to line adapters, and having multicasting capabilities
OF THE PREFERRED EMBODIMENT With respect to FIGS. 2 and 3, there is illustrated the switching module that is used for embodying the switching apparatus in accordance ...
|
|
|
High speed current switch
OF THE INVENTION Referring to FIG. 4, a schematic diagram of a high-speed current switch 36 is shown. The high-speed current switch 36 can be designed using metal oxide ...
|
|
|
Embedding certifications in executable files for network transmission
The Internet is a well known, global network of cooperatively interconnected computer networks. The world wide web portion of the Internet is a collection of server ...
|
|
|
Method and system for secure running of untrusted content
Briefly, the present invention provides restricted execution contexts for untrusted content (such as executable code, dynamic HTML, Java or Active-X controls) that ...
|
|
|
Cross module representation of heterogeneous programs
The above-mentioned shortcomings, disadvantages and problems are addressed by the present invention, which will be understood by reading and studying the following ...
|
|
|
Method and device for providing hidden storage in non-volatile memory
Techniques for implementing hidden storage in a non-volatile memory storage are disclosed. As will be discussed in greater detail below, in one embodiment of the ...
|
|
|
Protected control of devices by user applications in multiprogramming environments
OF THE INVENTION The disclosure of provisional patent application No. 60/079,356 filed Mar. 25, 1998 is hereby incorporated by reference. FIG. 1 shows a block diagram ...
|
|
|
Detecting unwanted properties in received email messages
Viewed from one aspect the present invention provides a method of detecting an e-mail message having one or more unwanted properties using one or more tests, said one or ...
|
|
|
Fault Detection 
