1. Technical Field
The present disclosure relates to systems and methods for the transmission and reception of data and in particular to a system and method for executing web services through a high assurance guard.
2. Description of the Related Art
The dissemination and processing of data is one of the key characteristics of the information age. Data can be categorized in a number of different ways, but one of the important data classifications involves how widely the data is permitted to be disseminated. For example, it has long been the case in military-related matters that data be unclassified (for general dissemination), confidential (not generally disseminated, but no harm to national security if disseminated), secret (dissemination would harm national security), and top secret (dissemination would do grave harm to national security).
Building integrated systems composed of subsystems or components operating at different classification levels in a Multiple Level Security (MLS) or Multiple Independent Level of Security (MILS) environment may require passing information through High Assurance Guards (HAGs) in order to maintain information security. HAGs permit one-way communication channels only, in order to prevent leakage, probing, and inadvertent passing of classified information. This constraint is incompatible with common networking protocols (such as transfer control protocol/internet protocol or TCP/IP) and higher level constructs built on this construct (such as Web Services) that depend on two-way communication to verify message receipt.
It may be beneficial for service oriented architectures (SOAs) to be implemented across MLS and MILS environments. In SOAs, Web Services exist on the network that perform data processing operations and exchange data. To accomplish this, however, a method and apparatus that allows such services to be invoked synchronously (wherein the requestor is blocked from further actions until a response is received) and asynchronously (wherein the requestor sends a request and does not expect a return or wherein the requestor is not blocked from further actions until a response is received) across security domains according to the rules enforced by HAGs is needed. The present invention satisfies this need.