首页>
外国专利>
APPARATUS AND METHOD FOR PROVIDING TRUSTED CHANNEL IN SECURE OPERATING SYSTEMS WHICH ARE BY USING MANDATORY ACCESS CONTROL POLICY
APPARATUS AND METHOD FOR PROVIDING TRUSTED CHANNEL IN SECURE OPERATING SYSTEMS WHICH ARE BY USING MANDATORY ACCESS CONTROL POLICY
展开▼
机译:通过使用强制访问控制策略在安全操作系统中提供可信通道的设备和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
PURPOSE: An apparatus and a method for providing a reliable channel in a security OS(Operating System) to which MAC(Mandatory Access Control) is applied is provided to offer a new header for independently encoding a packet used in communication by a security level of the MAC and minimize network performance degradation using the security level of the MAC. CONSTITUTION: If data according to a communication request provided from a transmission-side user(S1) are for a packet transmission request, a reliable channel subsystem(12) judges whether a reliable channel is applied. If the reliable channel is applied, the reliable channel subsystem(12) composes a reliable channel header, encodes a specific portion of a packet, stores authentication information in the reliable channel header, and transmits the packet through a network(A). A MAC module(20) provides MAC information for indicating whether the reliable channel is applied. A kernel memory(30) provides an encryption key and an authentication key necessary for encoding a reliable channel application host address and the packet and generating authentication data. A reliable channel subsystem(12-1) retrieves the authentication data of the reliable channel header before decoding the packet received through the network(A). If the authentication data are valid, the reliable channel subsystem(12-1) decodes the encoded packet. If process for the reliable channel is ended, the reliable channel subsystem(12-1) transmits the packet to an upper level to transmit the packet to a reception-side user(S2). A kernel memory provides an authentication key and an encryption key necessary for checking authentication with respect to the packet encoded by the reliable channel subsystem(12) and decoding the packet.
展开▼