High assurance segregated gateway interconnecting different domains
First Claim
1. A gateway adapted to interconnect a first domain to a second domain, comprising:
- memory,first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol, anda hosting platform that is a virtualization platform, the hosting platform being physically segregated from said first domain and connected to said first domain by a first data link and physically segregated from said second domain and connected to said second domain by a second data link, said hosting platform comprising;
a first network interface coupled to the first domain for communicating with the first data link;
a second network interface coupled to the second domain for communicating with the second data link;
a first set of one or more partitions hosted on the virtualization platform comprising a first set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the first data link along a first secure unidirectional path;
a second set of one or more partitions hosted on the virtualization platform comprising a second set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the first set of one or more partitions along the first secure unidirectional path, and to analyze the received gateway data according to a series of security rules at the gateway internal protocol level;
a third set of one or more partitions hosted on the virtualization platform comprising a third set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the second set of one or more partitions along the first secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the second data link along the first secure unidirectional path;
a fourth set of one or more partitions hosted on the virtualization platform comprising a fourth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the second data link along a second secure unidirectional path;
a fifth set of one or more partitions hosted on the virtualization platform comprising a fifth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fourth set of one or more partitions along the second secure unidirectional path, and to filter the received gateway data according to a series of application-level security rules;
a sixth set of one or more partitions hosted on the virtualization platform comprising a sixth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fifth set of one or more partitions along the second secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the first data link along the second secure unidirectional path;
wherein said second set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path;
wherein said fifth set of one or more partitions causes the virtualization platform to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second unidirectional path, said first series of application-level security rules comprising first consulting rules intended to consult the information gathered by said second set of one or more partitions; and
wherein first and second protocol adapters hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol,wherein said first and second protocol adapter code comprise seventh and eighth sets of one or more components of code decomposed into a plurality of subsets of elementary components of code and being executable by the first and second domains, respectively.
1 Assignment
0 Petitions
Accused Products
Abstract
A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between application data formatted according to an applicative protocol relative to the two domains and gateway data formatted according to the gateway internal protocol, and a security module hosted on a separate platform to communicate with the first and second protocol adapters via first and second data links according to the gateway internal protocol. The first and second protocol adapters and security module are each physically segregated and the security module comprises functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate unidirectional paths between the two protocol adapters.
32 Citations
9 Claims
-
1. A gateway adapted to interconnect a first domain to a second domain, comprising:
-
memory, first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol, and a hosting platform that is a virtualization platform, the hosting platform being physically segregated from said first domain and connected to said first domain by a first data link and physically segregated from said second domain and connected to said second domain by a second data link, said hosting platform comprising; a first network interface coupled to the first domain for communicating with the first data link; a second network interface coupled to the second domain for communicating with the second data link; a first set of one or more partitions hosted on the virtualization platform comprising a first set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the first data link along a first secure unidirectional path; a second set of one or more partitions hosted on the virtualization platform comprising a second set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the first set of one or more partitions along the first secure unidirectional path, and to analyze the received gateway data according to a series of security rules at the gateway internal protocol level; a third set of one or more partitions hosted on the virtualization platform comprising a third set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the second set of one or more partitions along the first secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the second data link along the first secure unidirectional path; a fourth set of one or more partitions hosted on the virtualization platform comprising a fourth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the second data link along a second secure unidirectional path; a fifth set of one or more partitions hosted on the virtualization platform comprising a fifth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fourth set of one or more partitions along the second secure unidirectional path, and to filter the received gateway data according to a series of application-level security rules; a sixth set of one or more partitions hosted on the virtualization platform comprising a sixth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fifth set of one or more partitions along the second secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the first data link along the second secure unidirectional path; wherein said second set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path; wherein said fifth set of one or more partitions causes the virtualization platform to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second unidirectional path, said first series of application-level security rules comprising first consulting rules intended to consult the information gathered by said second set of one or more partitions; and wherein first and second protocol adapters hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol, wherein said first and second protocol adapter code comprise seventh and eighth sets of one or more components of code decomposed into a plurality of subsets of elementary components of code and being executable by the first and second domains, respectively. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An embedded infrastructure comprising a gateway adapted to interconnect a first domain to a second domain, the gateway comprising:
-
memory, first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, and a hosting platform that is a virtualization platform, the hosting platform being physically segregated from said first domain and connected to said first domain by a first data link physically segregated from said second domain and connected to said second domain by a second data link, said hosting platform comprising; a first network interface coupled to the first domain for communicating with the first data link; a second network interface coupled to the second domain for communicating with the second data link; a first set of one or more partitions hosted on the virtualization platform comprising a first set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the first data link along a first secure unidirectional path; a second set of one or more partitions hosted on the virtualization platform comprising a second set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the first set of one or more partitions along the first secure unidirectional path, and to analyze the received gateway data according to a series of security rules at the gateway internal protocol level; a third set of one or more partitions hosted on the virtualization platform comprising a third set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the second set of one or more partitions along the first secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the second data link along the first secure unidirectional path; a fourth set of one or more partitions hosted on the virtualization platform comprising a fourth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the second data link along a second secure unidirectional path; a fifth set of one or more partitions hosted on the virtualization platform comprising a fifth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fourth set of one or more partitions along the second secure unidirectional path, and to filter the received gateway data according to a series of application-level security rules; a sixth set of one or more partitions hosted on the virtualization platform comprising a sixth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fifth set of one or more partitions along the second secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the first data link along the second secure unidirectional path; wherein said second set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path; wherein said fifth set of one or more partitions causes the virtualization platform to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second unidirectional path, said first series of application-level security rules comprising first consulting rules intended to consult the information gathered by said second set of one or more partitions; and wherein said first and second protocol adapter code comprise computing modules respectively including seventh and eighth sets of one or more components of code decomposed into a plurality of subsets of elementary components of code and being executable by the first and second domains, respectively.
-
-
9. An aircraft communication system comprising a gateway adapted to interconnect a first domain to a second domain, the gateway comprising:
-
memory, first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, and a hosting platform that is a virtualization platform, the hosting platform being physically segregated from said first domain and connected to said first domain by a first data link and physically segregated from said second domain and connected to said second domain by a second data link, said hosting platform comprising; a first network interface coupled to the first domain for communicating with the first data link; a second network interface coupled to the second domain for communicating with the second data link; a first set of one or more partitions hosted on the virtualization platform comprising a first set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the first data link along a first secure unidirectional path; a second set of one or more partitions hosted on the virtualization platform comprising a second set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the first set of one or more partitions along the first secure unidirectional path, and to analyze the received gateway data according to a series of security rules at the gateway internal protocol level; a third set of one or more partitions hosted on the virtualization platform comprising a third set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the second set of one or more partitions along the first secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the second data link along the first secure unidirectional path; a fourth set of one or more partitions hosted on the virtualization platform comprising a fourth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the second data link along a second secure unidirectional path; a fifth set of one or more partitions hosted on the virtualization platform comprising a fifth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fourth set of one or more partitions along the second secure unidirectional path, and to filter the received gateway data according to a series of application-level security rules; a sixth set of one or more partitions hosted on the virtualization platform comprising a sixth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fifth set of one or more partitions along the second secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the first data link along the second secure unidirectional path; wherein said second set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path; wherein said fifth set of one or more partitions causes the virtualization platform to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second unidirectional path, said first series of application-level security rules comprising first consulting rules intended to consult the information gathered by said second set of one or more partitions; and wherein said first and second protocol adapter code comprise computing modules respectively including seventh and eighth sets of one or more components of code decomposed into a plurality of subsets of elementary components of code and being executable by the first and second domains, respectively.
-
Specification