INTEGRITY MONITORING
First Claim
1. A method of operating an avionics component, comprising:
- a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping;
b. running an operating system for the avionics component, within its allocated memory region;
c. running the application, the application associated with the avionics component within its allocated memory region; and
d. monitoring the memory management unit to ensure the operating system cannot alter memory allocated to the application.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described here to provide a degree or level of certification to a resident application such as an operating system, e.g., Linux®. In a Linux® implementation, the operating system provides a robust environment including many seasoned communication stacks, e.g., TCP/IP, USB, and the like. However, Linux® is not certified to the level necessary to be a part of many avionics applications. To eliminate the need to certify all of such an operating system, such certification being highly costly, the avionics application itself may be protected so that the operating system cannot alter the application'"'"'s operating environment, e.g., application code and data, once the application is loaded and running. In this case, only the application requires certification at the highest level, and not the operating system such as Linux®.
20 Citations
22 Claims
-
1. A method of operating an avionics component, comprising:
-
a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping; b. running an operating system for the avionics component, within its allocated memory region; c. running the application, the application associated with the avionics component within its allocated memory region; and d. monitoring the memory management unit to ensure the operating system cannot alter memory allocated to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An avionics component, comprising:
-
a. memory containing instructions for causing instantiation of an operating system; b. memory containing instructions for causing instantiation of an application; c. memory, configured by settings, containing instructions for separating the memories containing instructions for causing instantiation of an operating system and instantiation of an application; and d. memory containing instructions for checking the operation of the memory configured by settings.
-
-
14. A method of operating an avionics component, comprising:
-
a. receiving data from a sensor or other data source; b. causing an indication of the received data to appear on a display device, the display operating at a first level of certification; and c. monitoring the display device with an integrity monitor, the integrity monitor operating at a second level of certification, the second level higher than the first level. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
Specification