INTEGRITY MONITORING

US 20120203997A1
Filed: 02/06/2012
Published: 08/09/2012
Est. Priority Date: 10/16/2006
Status: Active Grant

First Claim

Patent Images

1. A method of operating an avionics component, comprising:

a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping;

b. running an operating system for the avionics component, within its allocated memory region;

c. running the application, the application associated with the avionics component within its allocated memory region; and

d. monitoring the memory management unit to ensure the operating system cannot alter memory allocated to the application.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described here to provide a degree or level of certification to a resident application such as an operating system, e.g., Linux®. In a Linux® implementation, the operating system provides a robust environment including many seasoned communication stacks, e.g., TCP/IP, USB, and the like. However, Linux® is not certified to the level necessary to be a part of many avionics applications. To eliminate the need to certify all of such an operating system, such certification being highly costly, the avionics application itself may be protected so that the operating system cannot alter the application'"'"'s operating environment, e.g., application code and data, once the application is loaded and running. In this case, only the application requires certification at the highest level, and not the operating system such as Linux®.

20 Citations

View as Search Results

22 Claims

1. A method of operating an avionics component, comprising:
- a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping;
  
  b. running an operating system for the avionics component, within its allocated memory region;
  
  c. running the application, the application associated with the avionics component within its allocated memory region; and
  
  d. monitoring the memory management unit to ensure the operating system cannot alter memory allocated to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the operating system is Linux®
    - .
  - 3. The method of claim 1, wherein the memory management unit is monitored to ensure the operating system cannot address memory allocated to the application.
  - 4. The method of claim 1, wherein the memory management unit is monitored to ensure the operating system cannot write to memory allocated to the application.
  - 5. The method of claim 1, wherein if the monitoring indicates that the settings are such that the operating system can affect the memory allocation associated with the application, then further comprising causing an alert.
  - 6. The method of claim 5, wherein the alert is visible or audible.
  - 7. The method of claim 6, wherein the alert is a substantially blank screen.
  - 8. The method of claim 1, wherein the application is selected from the group consisting of:
    - an altimeter, an airspeed indicator, a navigational indicator, and an attitude indicator.
  - 9. The method of claim 1, wherein the monitoring includes monitoring a plurality of memory management units.
  - 10. The method of claim 1, wherein the memory management unit, operating system, and application, are associated with the same avionics component.
  - 11. The method of claim 1, wherein the memory management unit configures memory allocation such that application memory is unaddressable by the operating system.
  - 12. A non-transitory computer-readable medium containing instructions for causing a computer to execute the method of claim 1.

13. An avionics component, comprising:
- a. memory containing instructions for causing instantiation of an operating system;
  
  b. memory containing instructions for causing instantiation of an application;
  
  c. memory, configured by settings, containing instructions for separating the memories containing instructions for causing instantiation of an operating system and instantiation of an application; and
  
  d. memory containing instructions for checking the operation of the memory configured by settings.

14. A method of operating an avionics component, comprising:
- a. receiving data from a sensor or other data source;
  
  b. causing an indication of the received data to appear on a display device, the display operating at a first level of certification; and
  
  c. monitoring the display device with an integrity monitor, the integrity monitor operating at a second level of certification, the second level higher than the first level.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14, wherein the display device is a tablet computer.
  - 16. The method of claim 14, wherein the monitoring includes:
    - a. causing the display device to perform a calculation on a known value;
      
      b. sending the results of the calculation to the integrity monitor; and
      
      c. if the display device does not achieve a known result corresponding to the calculation and the known value, then causing an error alert.
  - 17. The method of claim 16, wherein the error alert is visible or audible.
  - 18. The method of claim 17, wherein the error alert is a substantially blank screen.
  - 19. The method of claim 14, wherein the integrity monitor is implemented as a separate instrument.
  - 20. The method of claim 14, wherein the integrity monitor is implemented in a non-transitory computer-readable medium.
  - 21. The method of claim 14, wherein the monitoring the display device with an integrity monitor includes monitoring a display of the indication of the received data.
  - 22. A non-transitory computer-readable medium containing instructions for causing a computer to execute the method of claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nighthawk Flight Systems Incorporated
Original Assignee
Sandel Avionics Inc.
Inventors
Block, Gerald J.

Granted Patent

US 9,189,195 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/170
CPC Class Codes

G01C 23/00   Combined instruments indica...

G01C 23/005   Flight directors indicating...

G01C 25/00   Manufacturing, calibrating,...

G06F 12/0284   Multiple user address space...

G06F 12/14   Protection against unauthor...

G06F 12/1441   for a range

G06F 3/147   using display panels

G06F 9/5077   Logical partitioning of res...

G09G 2380/12   Avionics applications

INTEGRITY MONITORING

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

INTEGRITY MONITORING

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links