Browse Prior Art Database

Method of enabling Kerberos in a Trusted Operating System (OS) Environment

IP.com Disclosure Number: IPCOM000190272D
Original Publication Date: 2009-Nov-23
Included in the Prior Art Database: 2009-Nov-23
Document File: 2 page(s) / 73K

Publishing Venue

IBM

Abstract

A method is disclosed for enabling Kerberos in a trusted Operating System (OS) environment.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 76% of the total text.

Page 1 of 2

Method of enabling Kerberos in a Trusted Operating System (OS) Environment

Disclosed is a method for associating labels with Kerberos tickets to provide a seamless integration of labels in a single sign-on environment.

In an enterprise where confidentiality of data is of prime importance Trusted operating systems (TOS) or a multilevel security operating system (MLSOS)

provides the basic security

mechanisms and services that allow a computer system to protect, distinguish, and separate classified data.

Each resource and user on a TOS is classified and access to any resource by a user is subject to Mandatory Access Control (MAC). This is usually achieved by tagging the users,

processes and

resources on the system with labels called sensitivity labels which determine the level of sensitivity of processes and resources. However, in a scenario if a network is not labeled, a session of the user is unlabeled and the user might not be given appropriate access to resources and processes as defined by the labels of the user.

Kerberos provides a mechanism of authenticating client to a server without sending confidential data over public network. A Key Distribution Centre (KDC) generates a "ticket-granting ticket" (TGT) for the client and sends it to the client in a secure manner. The client uses the TGT only if the credentials provided are proper. Once th...