Multi-level security system for enabling secure file sharing across multiple security levels and method thereof

Assignee

• NORTHROP GRUMMAN SYSTEMS CORPORATION · US

Inventors

• Brant D. Hashii · Long Beach, US
• Mark O. Scott · Escondido, US
• Daniel R. Silverman · Hermosa Beach, US
• Lee Wixtrom · La Palma, US
• Jonathan Tester · Encinitas, US
• Steve Brown · Los Angeles, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2113
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A multi-level security system includes a storage medium partitionable into a plurality of partitions, a file system coupleable to the plurality of partitions, and a plurality of enclaves. Each enclave is assigned a security classification level. Each enclave resides in a different storage partition of the storage medium. Data stored on the storage medium is cryptographically separated at rest on a per-enclave basis. Cryptographic separation occurs at the disk block level, allowing individual blocks to be read and decrypted. The system also includes a reference monitor that enforces a system security policy that governs access to information between the enclaves. The reference monitor allows an enclave having a first classification level to securely read-down to an enclave having a second classification level lower than the first classification level and to write to another enclave having the first classification level.