Browse Prior Art Database

Session-Based Secure Communication for Secure Xenix

IP.com Disclosure Number: IPCOM000099614D
Original Publication Date: 1990-Feb-01
Included in the Prior Art Database: 2005-Mar-15
Document File: 5 page(s) / 194K

Publishing Venue

IBM

Related People

Burger, W: AUTHOR

Abstract

The security facilities of Secure XENIX* (1) are extended for multi- level secure communication with other Secure XENIX systems. The secure communication facilities are based on the socket model (2) of communication; they are added to the trusted computing base of Secure XENIX. The security facilities allow the establishment of connections that enforce the security constraints of the communicating partners for the TCP/IP (3)-based applications. In particular, for the duration of the communication, the mandatory and discretionary access rules for accessing objects are compatible between the two communicating systems.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 33% of the total text.

Session-Based Secure Communication for Secure Xenix

       The security facilities of Secure XENIX* (1) are extended
for multi- level secure communication with other Secure XENIX
systems.  The secure communication facilities are based on the socket
model (2) of communication; they are added to the trusted computing
base of Secure XENIX.  The security facilities allow the
establishment of connections that enforce the security constraints of
the communicating partners for the TCP/IP (3)-based applications.  In
particular, for the duration of the communication, the mandatory and
discretionary access rules for accessing objects are compatible
between the two communicating systems.

      A session mechanism is added to the TCP/IP protocol to
establish the security properties of the communications. The session
identifies and authorizes the communicating partners, establishes the
security attributes of the communications, and obtains encryption
information if end-to-end encryption is desired.  It defines further
the mappings that have to take place between the security
representations on one system with the security representations on
the other system as well as the mappings of user identification on
one system with the user identification on the other system.

      Session establishment is combined with authentication and
authorization at both ends of the communication; an established
session, therefore, provides the security environment with the
appropriate security attributes for all further communications.  For
this purpose, network profiles are set up that define:
           who may access the network,
           what system may be accessed on the network,
           what application at what security level may be
            used.

      The session establishment mechanism allows those network
profiles to be provided locally, or they may be made available
through a third party service.  In addition, the mandatory security
level of the user requesting the session must be authorized at the
remote system so that the session can be established.  User
identification together with the mandatory security level are then
used in the standard fashion of Secure XENIX for access control at
the remote system.

      The session mechanism is provided through a client process at
one end point of the communication, and a server process at the other
end point.  Communication between these partners is handled by a
datagram- based protocol.  The figure shows the structure of the
session mechanism.

      It is important to note that sessions (like sockets) are mapped
into file handles.  File handles have the advantage that they are
automatically inherited by forked processes.  Also, automatic closing
mechanisms exist for file handles when the last process with an open
file handle terminates.  Sessions can be opened only once.
Therefore, no processes outside the process group that ope...