IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0110804
(2011-05-18)
|
등록번호 |
US-8584211
(2013-11-12)
|
발명자
/ 주소 |
- Vetter, Brian J.
- Marston, Justin Philip
- Sundstrom, David
|
출원인 / 주소 |
- BlueSpace Software Corporation
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
15 인용 특허 :
42 |
초록
▼
A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The
A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device. For example, the single-level application in the first security domain can display the aggregated results obtained from multiple distinct security domains, or an application running in the second security domain can display the results.
대표청구항
▼
1. A computer-implemented method comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a se
1. A computer-implemented method comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain being implemented by a first operating system instance running in a first virtual machine, and the second domain being implemented by a second operating system instance running in a second virtual machine;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance in the first domain, thereby providing a consolidated view of metadata from multiple security domains;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; andproviding a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 2. The computer-implemented method of claim 1, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 3. The computer-implemented method of claim 1, wherein a trusted service bus provides the request to the second domain by writing the request to a shared memory area accessible to the first virtual machine and to the second virtual machine. 4. The computer-implemented method of claim 1, wherein at least one of the first operating system instance and the second operating system instance is a single-level operating system. 5. The computer-implemented method of claim 1, further comprising providing a result of executing the request in the second domain to an application executing on the client device in the second domain. 6. The computer-implemented method of claim 1, further comprising displaying to the user, by the second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item. 7. A computer server system comprising: a hardware computer processor; anda non-transitory computer-readable storage medium storing a computer program executable by the computer processor and performing actions comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain being implemented by a first operating system instance running in a first virtual machine, and the second domain being implemented by a second operating system instance running in a second virtual machine;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance within the first domain;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and providing a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 8. The computer server system of claim 7, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 9. The computer server system of claim 7, wherein a trusted service bus provides the request to the second domain by writing the request to a shared memory area accessible to the first virtual machine and to the second virtual machine. 10. The computer server system of claim 7, wherein at least one of the first operating system instance and the second operating system instance is a single-level operating system. 11. A computer-implemented method of providing a remote Multiple Independent Level Security (MILS) client device with an application that spans a plurality of different security domains, each domain implemented by a different operating system instance running in a distinct hypervisor, the method comprising: receiving, by a server, a request for email headers from a first instance of a single-level email application executing in a first domain of the plurality of security domains of the client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;executing, by the server, the request in the first domain, thereby producing a first set of email headers corresponding to a first set of emails accessible to a user;providing, by the server, the request to the second domain via a trusted service bus;executing, by the server, the request in a second instance of the single-level email application executing in the second domain, thereby producing a second set of email headers corresponding to a second set of emails accessible to the user;aggregating the first set of email headers and the second set of email headers into an aggregated set of email headers;providing the aggregated set of email headers to the first instance of the single-level email application of the remote client device for display within a user interface of the first instance within the first domain;receiving a selection of one of the email headers from the aggregated set of email headers within the user interface;determining that an email corresponding to the selected one of the email headers is stored in the second domain;providing a display request to the application in the second domain to display the email corresponding to the selected one of the email headers within a user interface executing within the second domain; anddisplaying to the user, by the application in the second domain, the email corresponding to the selected one of the email headers. 12. The computer-implemented method of claim 11, wherein the first domain is implemented by a first operating system instance running in a first virtual machine, and the second domain is implemented by a second operating system instance running in a second virtual machine. 13. A computer-implemented method comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain and the second domain being implemented by an operating system providing Multi-Level Security (MLS) that provides functionality for accessing, from the first domain, resources of the second domain;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance in the first domain, thereby providing a consolidated view of metadata from multiple security domains;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; andproviding a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 14. The computer-implemented method of claim 13, wherein a trusted service bus provides the request to the second domain by sending the request to the second domain via a multi-level port provided by the MLS operating system. 15. The computer-implemented method of claim 13, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 16. The computer-implemented method of claim 13, further comprising providing a result of executing the request in the second domain to an application executing on the client device in the second domain. 17. The computer-implemented method of claim 13, further comprising displaying to the user, by the second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.