Reference monitor method for enforcing information flow policies
    1.
    发明授权
    Reference monitor method for enforcing information flow policies 失效
    用于执行信息流策略的参考监视方法

    公开(公告)号:US07512792B2

    公开(公告)日:2009-03-31

    申请号:US11304853

    申请日:2005-12-15

    IPC分类号: H04L9/00 G06F7/04 G06F12/14

    CPC分类号: G06F21/6218

    摘要: A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

    摘要翻译: 提供了参考监视器系统,装置,计算机程序产品和方法。 在一个说明性实施例中,数据处理系统的元件与参考监视器中的安全数据结构相关联。 从第一元素接收信息流请求,以授权从第一元素到第二元素的信息流。 检索与第一元素相关联的第一安全数据结构和与第二元素相关联的第二安全数据结构。 然后对第一安全数据结构和第二安全数据结构执行至少一组理论操作,以确定是否授权从第一元素到第二元素的信息流。 安全数据结构可以是具有标识要应用于涉及相关元素的信息流的安全策略的一个或多个标签的标签集。

    Reference Monitor for Enforcing Information Flow Policies
    2.
    发明申请
    Reference Monitor for Enforcing Information Flow Policies 失效
    用于执行信息流策略的参考监视器

    公开(公告)号:US20090119507A1

    公开(公告)日:2009-05-07

    申请号:US12350327

    申请日:2009-01-08

    IPC分类号: H04L9/00 G06F7/04 G06F12/14

    CPC分类号: G06F21/6218

    摘要: A reference monitor that authorizes information flows between elements of a data processing system is provided. The elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

    摘要翻译: 提供了一种在数据处理系统的元素之间授权信息流的参考监视器。 数据处理系统的元件与参考监视器中的安全数据结构相关联。 从第一元素接收信息流请求,以授权从第一元素到第二元素的信息流。 检索与第一元素相关联的第一安全数据结构和与第二元素相关联的第二安全数据结构。 然后对第一安全数据结构和第二安全数据结构执行至少一组理论操作,以确定是否授权从第一元素到第二元素的信息流。 安全数据结构可以是具有标识要应用于涉及相关元素的信息流的安全策略的一个或多个标签的标签集。

    Collectively managing media bookmarks
    3.
    发明申请
    Collectively managing media bookmarks 审中-公开
    集体管理媒体书签

    公开(公告)号:US20070244903A1

    公开(公告)日:2007-10-18

    申请号:US11406182

    申请日:2006-04-18

    IPC分类号: G06F17/30

    CPC分类号: G06F16/48

    摘要: A method, system, and program are provided for collectively managing media bookmarks. A bookmark management system uploads user specified bookmarks designating play locations with media items from media systems and stores the bookmarks in a searchable database. The bookmark management system stores bookmarks in the searchable database according to at least one bookmark attribute. Media systems may search the searchable database of the bookmark management system according bookmark attributes and request downloads of the stored bookmarks. The bookmark management system downloads selected bookmarks to requesting media system, wherein the requesting media system enables play of a media item associated with the downloaded bookmarks from the searchable playback locations specified in the bookmarks.

    摘要翻译: 提供了一种用于集体管理媒体书签的方法,系统和程序。 书签管理系统上传用户指定的书签,指定来自媒体系统的媒体项目的播放位置,并将书签存储在可搜索的数据库中。 书签管理系统根据至少一个书签属性将书签存储在可搜索的数据库中。 媒体系统可以根据书签属性搜索书签管理系统的可搜索数据库,并请求存储的书签的下载。 书签管理系统将选定的书签下载到请求媒体系统,其中请求媒体系统能够从书签中指定的可搜索回放位置播放与下载书签相关联的媒体项目。

    Associating security information with information objects in a data processing system
    4.
    发明授权
    Associating security information with information objects in a data processing system 失效
    将安全信息与数据处理系统中的信息对象相关联

    公开(公告)号:US07647630B2

    公开(公告)日:2010-01-12

    申请号:US11304971

    申请日:2005-12-15

    IPC分类号: G06F7/04 G06F12/00

    CPC分类号: G06F21/6218

    摘要: A method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

    摘要翻译: 提供了一种基于与信息对象相关联的安全信息来授权信息流的方法。 基于信息对象生成散列密钥,并且基于散列密钥在哈希表中执行查找操作。 确定散列表中与散列键相对应的索引处的条目是否识别信息对象的标签集。 如果在散列表中的条目中没有标识信息对象的标签集,则标识信息对象的敏感度的标签集存储在与信息对象的散列键相对应的索引的条目中。 基于与哈希表中的信息对象相关联的标签集的查找来授权涉及信息对象的信息流。 散列表可以是多维哈希表。

    Associating Security Information with Information Objects
    5.
    发明申请
    Associating Security Information with Information Objects 失效
    将安全信息与信息对象相关联

    公开(公告)号:US20080229412A1

    公开(公告)日:2008-09-18

    申请号:US12130027

    申请日:2008-05-30

    IPC分类号: G06F12/14

    CPC分类号: G06F21/6218

    摘要: A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

    摘要翻译: 基于信息对象生成散列密钥,并且基于散列密钥在哈希表中执行查找操作。 确定散列表中与散列键相对应的索引处的条目是否识别信息对象的标签集。 如果在散列表中的条目中没有标识信息对象的标签集,则标识信息对象的敏感度的标签集存储在与信息对象的散列键相对应的索引的条目中。 基于与哈希表中的信息对象相关联的标签集的查找来授权涉及信息对象的信息流。 散列表可以是多维哈希表。

    Authorizing information flows based on a sensitivity of an information object
    6.
    发明授权
    Authorizing information flows based on a sensitivity of an information object 有权
    基于信息对象的敏感度来授权信息流

    公开(公告)号:US08527754B2

    公开(公告)日:2013-09-03

    申请号:US13213799

    申请日:2011-08-19

    IPC分类号: H04L29/06

    CPC分类号: G06F21/6218

    摘要: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

    摘要翻译: 提供了一种用于在数据处理系统的设备之间授权信息流的系统,设备,计算机程序产品和方法。 在一个说明性实施例中,从第一设备接收信息流请求,以授权从第一设备到第二设备的信息流。 信息流请求包括第二设备的标识符。 基于第一设备和第二设备的标识符,检索识别第一设备和第二设备的授权级别的安全信息。 确定要在信息流中传送的信息对象的灵敏度,并且仅基于信息对象的灵敏度和第一和第二设备的授权级别而不管特定动作是否被授权或拒绝信息流 作为信息流的一部分对信息对象执行。

    Authorizing Information Flows Based on a Sensitivity of an Information Object
    7.
    发明申请
    Authorizing Information Flows Based on a Sensitivity of an Information Object 有权
    基于信息对象的灵敏度授权信息流

    公开(公告)号:US20110302413A1

    公开(公告)日:2011-12-08

    申请号:US13213799

    申请日:2011-08-19

    IPC分类号: H04L29/06

    CPC分类号: G06F21/6218

    摘要: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

    摘要翻译: 提供了一种用于在数据处理系统的设备之间授权信息流的系统,设备,计算机程序产品和方法。 在一个说明性实施例中,从第一设备接收信息流请求,以授权从第一设备到第二设备的信息流。 信息流请求包括第二设备的标识符。 基于第一设备和第二设备的标识符,检索识别第一设备和第二设备的授权级别的安全信息。 确定要在信息流中传送的信息对象的灵敏度,并且仅基于信息对象的灵敏度和第一和第二设备的授权级别而不管特定动作是否被授权或拒绝信息流 作为信息流的一部分对信息对象执行。

    Associating security information with information objects
    8.
    发明授权
    Associating security information with information objects 失效
    将安全信息与信息对象相关联

    公开(公告)号:US07975295B2

    公开(公告)日:2011-07-05

    申请号:US12130027

    申请日:2008-05-30

    IPC分类号: G06F11/00

    CPC分类号: G06F21/6218

    摘要: A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

    摘要翻译: 基于信息对象生成散列密钥,并且基于散列密钥在哈希表中执行查找操作。 确定散列表中与散列键相对应的索引处的条目是否识别信息对象的标签集。 如果在散列表中的条目中没有标识信息对象的标签集,则标识信息对象的敏感度的标签集存储在与信息对象的散列键相对应的索引的条目中。 基于与哈希表中的信息对象相关联的标签集的查找来授权涉及信息对象的信息流。 散列表可以是多维哈希表。

    Reference monitor for enforcing information flow policies
    9.
    发明授权
    Reference monitor for enforcing information flow policies 失效
    用于执行信息流策略的参考监视器

    公开(公告)号:US07793100B2

    公开(公告)日:2010-09-07

    申请号:US12350327

    申请日:2009-01-08

    IPC分类号: H04L9/00 G06F7/04 G06F12/14

    CPC分类号: G06F21/6218

    摘要: A reference monitor that authorizes information flows between elements of a data processing system is provided. The elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

    摘要翻译: 提供了一种在数据处理系统的元素之间授权信息流的参考监视器。 数据处理系统的元件与参考监视器中的安全数据结构相关联。 从第一元素接收信息流请求,以授权从第一元素到第二元素的信息流。 检索与第一元素相关联的第一安全数据结构和与第二元素相关联的第二安全数据结构。 然后对第一安全数据结构和第二安全数据结构执行至少一组理论操作,以确定是否授权从第一元素到第二元素的信息流。 安全数据结构可以是具有标识要应用于涉及相关元素的信息流的安全策略的一个或多个标签的标签集。

    Authorizing Information Flows
    10.
    发明申请
    Authorizing Information Flows 有权
    授权信息流

    公开(公告)号:US20080229413A1

    公开(公告)日:2008-09-18

    申请号:US12130252

    申请日:2008-05-30

    IPC分类号: G06F21/00

    CPC分类号: G06F21/6218

    摘要: Authorizing information flows between devices of a data processing system is provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

    摘要翻译: 提供了数据处理系统的设备之间的信息流授权。 在一个说明性实施例中,从第一设备接收信息流请求,以授权从第一设备到第二设备的信息流。 信息流请求包括第二设备的标识符。 基于第一设备和第二设备的标识符,检索识别第一设备和第二设备的授权级别的安全信息。 确定要在信息流中传送的信息对象的灵敏度,并且仅基于信息对象的灵敏度和第一和第二设备的授权级别而不管特定动作是否被授权或拒绝信息流 作为信息流的一部分对信息对象执行。