Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
MULTI-LEVEL SECURITY SYSTEM FOR ENABLING SECURE FILE SHARING ACROSS MULTIPLE SECURITY LEVELS AND METHOD THEREOF
Document Type and Number:
WIPO Patent Application WO/2016/108987
Kind Code:
A4
Abstract:
A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves. Each enclave is assigned a security classification level. Each enclave resides in a different storage partition of the storage medium. Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis. Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted. The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves. The reference monitor allows an enclave having a first classification level to securely read-down to an enclave having a second classification level lower than the first classification level and to write to another enclave having the first classification level.

Inventors:
SILVERMAN DANIEL R (US)
WIXTROM LEE (US)
HASHII BRANT D (US)
SCOTT MARK O (US)
TESTER JONATHAN (US)
BROWN STEVE A (US)
Application Number:
PCT/US2015/054872
Publication Date:
September 01, 2016
Filing Date:
October 09, 2015
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
NORTHROP GRUMMAN SYSTEMS CORP (US)
International Classes:
H01L29/06
Attorney, Agent or Firm:
BRUNDA, Bruce B . (75 Enterprise Suite 25, Aliso Viejo California, US)
Download PDF:
View/Download PDF      PDF Help
Claims:
AMENDED CLAIMS

received by the International Bureau on 14 July 2016 (14.07.16)

WHAT IS CLAIMED IS:

1. A multi-level security system, the system comprising:

a storage medium, the storage medium partitionable into a plurality of partitions;

a file system coupleable to the plurality of partitions;

a plurality of enclaves each assigned a security classification level, wherein each one of the plurality of enclaves resides in a different storage partition of the storage medium;

wherein data stored on the storage medium is cryptographically separated at rest on a per-enclave basis, and wherein cryptographic separation occurs at the disk block level thereby allowing individual blocks to be read and decrypted; and

a reference monitor that enforces a system security policy that governs access to information between the plurality of enclaves, wherein the reference monitor allows an enclave of the plurality of enclaves having a first classification level to securely read-down to another enclave of the plurality of enclaves having a second classification level lower than the first classification level and to write to another enclave of the plurality of enclaves having the first classification level.

2. (Amended) A non-transitory computer-readable medium embodying program instructions for execution by a data processing apparatus, the program instructions adapting the data processing apparatus for transmitting information classified at different security classification levels while maintaining data separation of the information, the program instructions comprising:

forming a plurality of enclaves defining disparate security domains by dividing information stored on a storage medium into a plurality of non- overlapping partitions;

assigning a security classification level to each one of the plurality of enclaves;

encrypting each of the plurality of non-overlapping partitions using a unique key for each security classification level; and

enforcing a system security policy that governs the flow of information between the plurality of enclaves, the security policy allowing a first enclave having a first classification level to securely read-down to a second enclave having a second classification level lower than the first classification level and to write to a third enclave having the first classification level.



 
Previous Patent: RUBBER ARTICLE INCLUDING ELECTRONICS DEVICE FASTENER

Next Patent: FAST SIGNAL SURVEYOR