The present invention is directed to administering and managing a multi-level security program and system, and especially to administering and managing a multi-level security program and system using a quality of service architecture and system.
The concept of Multi-Level Security (MLS) has been known since around the 1980s time frame. However, in the past MLS has been implemented by using multiple isolated network infrastructures. The various network infrastructures substantially were aligned with operating spheres of various agencies or systems operated by various agencies, such as different government agencies.
After the terrorist attacks of Sep. 11, 2001, information from various government agencies has been required to be shared on a “need to know” basis in order to coordinate anti-terrorist and other operations. In order to achieve such sharing of information the existing MLS network structures need to be transformed into a single MLS infrastructure. By way of example and not by way of limitation, the Department of Defense (DoD) has identified a goal to integrate the JWICS (Joint Worldwide Intelligence Communications System) and SIPRNet (Secret Internet Protocol Router Network) secure networks in the year 2012, and to provide a MLS-enabled integrated infrastructure by the year 2016. Such a transformation of multiple MLS systems into a single integrated MLS infrastructure may take a significant amount of time to develop. Because of the technical difficulties, the transformation to a single MLS infrastructure may take too long to evolve.
MLS may be integrated into a QoS Management architecture at the middleware layer which achieves MLS-QoS integration. Such MLS-QoS integration provides QoS control mechanisms to ensure the separation of object operations at required security levels. This MLS-QoS mechanism enables multi-level secured objects to be hosted on the same computer and to be routed through the same physical network infrastructure while keeping MLS security integrity.
In an enterprise environment, a service may be regarded as a well-defined business function that can be consumed by users inside or outside of the enterprise network boundary. In a distributed computing environment, services may be enabled by one or more distributed computing and network infrastructures. Because enterprises have similar business functions such as Sales/Marketing, Payroll, Finance/Banking and other business functions, there are commonalities among enterprises for services requirements such as data communications, web presentation, security, transaction management, data base access and other requirements in the computing and network infrastructures of various businesses. To meet needs for efficient business processes including, by way of example and not by way of limitation, communications with business partners/suppliers/customers, reduction of operating and supporting costs and fast and flexible applications development, a service oriented architecture (SOA) evolved. The SOA architectural style may enable software application developers to build applications using or re-using services that are implemented in-house, available from an enterprise's computing and network infrastructure or available from the Internet.
The SOA concept is known. However, only since web services became popular and standards (e.g., WSDL (Web Service Definition Language), SOAP (Simple Object Access Protocol) and UDDI (Universal Description, Discovery and Integration)) became established have SOA implementations become feasible. SOA applications use standard defined service interfaces to provide collaborated services on an as-needed basis. As more applications evolve to become SOA based, SOA may also encompass frameworks and business policies to ensure that services are provided and consumed based on an enterprise's business interests.
The more the number of deployed SOA based applications increases, the more the SOA-based services compete for the shared computing and network resources in the infrastructure.
A Quality of Service (QoS) function is an important aspect in SOA. QoS provides optimized resource management and permits a higher priority application/user more computing and networking resources than a lower priority application/user. QoS can also be programmed to provide guaranteed service to a user. Without some policy for establishing priorities, a QoS program or system essentially provides no QoS functionality because in such a no-priority environment all applications/users may think they deserve the best quality of services without regard to other applications/users. QoS is therefore preferably policy-based during the execution of resource allocation, management and adaptation. It is preferable that QoS be effected from end-to-end vertically within each computing device that hosts an application or provides a service. It is also preferred that QoS be effected horizontally within substantially every node across a network infrastructure.
There is a need for an integrated MLS-enabled system and method that can be implemented without significant time required for its development.