MULTI-LEVEL SECURITY DOMAIN SEPARATION USING SOFT-CORE PROCESSOR EMBEDDED IN AN FPGA

US 20160335459A1
Filed: 01/22/2015
Published: 11/17/2016
Est. Priority Date: 01/22/2015
Status: Active Grant

First Claim

Patent Images

1. A system for performing operations on data in two different security domains, the system comprising a field-programmable gate array (FPGA), the FPGA comprising:

a first security domain having a first classification level, the first security domain comprising;

first processing circuitry anda first soft-core processor, anda second security domain having a second classification level, the second security domain comprising;

second processing circuitry anda second soft-core processor, andone or more security domain separation gates connected to the first security domain and to the second security domain, the one or more security domain separation gates configured;

to receive first data from the first security domain and transmit the first data to the second security domain when the first data complies with a first set of rules, andto receive second data from the second security domain and transmit the second data to the first security domain when the second data complies with a second set of rules,the only data paths between the first security domain and the second security domain being through the one or more security domain separation gates.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for operating multiple security domains on one circuit card assembly, using a field-programmable gate array (FPGA) with an embedded security domain separation gate providing the MAC between multiple soft-core CPUs also embedded in the FPGA. In one embodiment, the FPGA is segregated into two or more security domains with no data paths between soft-core CPUs in each security domain except through the security domain separation gate. The security domain separation gate applies rules to any information to be transmitted between the security domains to avoid transmission of malicious content and to avoid transmission of information of a certain classification level or type to a security domain at a lower classification level or type.

23 Citations

View as Search Results

15 Claims

1. A system for performing operations on data in two different security domains, the system comprising a field-programmable gate array (FPGA), the FPGA comprising:
- a first security domain having a first classification level, the first security domain comprising;
  
  first processing circuitry anda first soft-core processor, anda second security domain having a second classification level, the second security domain comprising;
  
  second processing circuitry anda second soft-core processor, andone or more security domain separation gates connected to the first security domain and to the second security domain, the one or more security domain separation gates configured;
  
  to receive first data from the first security domain and transmit the first data to the second security domain when the first data complies with a first set of rules, andto receive second data from the second security domain and transmit the second data to the first security domain when the second data complies with a second set of rules,the only data paths between the first security domain and the second security domain being through the one or more security domain separation gates.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first security domain and the second security domain are physically disconnected except for data paths through the security domain separation gates.
  - 3. The system of claim 1, wherein the second classification level is a higher classification level than the first classification level.
  - 4. The system of claim 3, wherein the first set of rules permits unrestricted flow of information.
  - 5. The system of claim 3, wherein the first set of rules requires that information transmitted from the first security domain to the second security domain be structured in messages complying with a format specified in a message dictionary.
  - 6. The system of claim 3, wherein the second set of rules prohibits the transmission of information from the second security domain to the first security domain.
  - 7. The system of claim 3, wherein the second set of rules requires that:
    - information transmitted from the first security domain to the second security domain be free of suspect words and phrases, the suspect words and phrases being stored in a rules file.
  - 8. The system of claim 1, further comprising a first external processor external to the FPGA, the first external processor having a classification level being the same as the first classification level.
  - 9. The system of claim 8, further comprising a first memory device and a second memory device,the first memory device having a classification level being the same as the first classification level,the second memory device having a classification level being the same as the second classification level,each of the first memory device and the second memory device comprising an address bus and a data bus, wherein the address bus and the data bus of the first memory device are connected only to the first security domain of the FPGA and to the first external processor, andthe address bus and the data bus of the second memory device are connected only to the second security domain of the FPGA.
  - 10. The system of claim 9, further comprising a memory arbiter in the first security domain of the FPGA, wherein the address bus and the data bus of the first memory device are connected to the memory arbiter.

11. A method for controlling data flow between two security domains in a system, the system comprising a field-programmable gate array (FPGA),the FPGA comprising:
- a first security domain having a first classification level, the first security domain comprising;
  
  first processing circuitry anda first soft-core processor, anda second security domain having a second classification level, the second security domain comprising;
  
  second processing circuitry anda second soft-core processor, andone or more security domain separation gates connected to the first security domain and to the second security domain, the one or more security domain separation gates configured;
  
  to receive first data from the first security domain and transmit the first data to the second security domain when the first data complies with a first set of rules, andto receive second data from the second security domain and transmit the second data to the first security domain when the second data complies with a second set of rules,the only communication paths between the first security domain and the second security domain being through the one or more security domain separation gates,the method comprising;
  
  receiving, by a security domain separation gate of the one or more security domain separation gates, data from the first security domain for transmission to the second security domain,applying a first set of rules to the data, andtransmitting the data to the second security domain when the data comply with the rules.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the first classification level is a higher classification level than the second classification level, and wherein the first set of rules prohibits the transmission of data.
  - 13. The method of claim 11, wherein the second classification level is a higher classification level than the first classification level, and wherein the first set of rules allows unrestricted transmission of data.
  - 14. The method of claim 11, wherein the second classification level is a higher classification level than the first classification level, and wherein the first set of rules allows transmission only of data structured in messages and complying with a format specified in a message dictionary.
  - 15. The method of claim 11, wherein the first classification level is a higher classification level than the second classification level, and wherein the first set of rules allows transmission of data only when:
    - information to be transmitted from the first security domain to the second security domain is free of suspect words and phrases stored in a rules file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Kling, Matthew T., Hockenbury, Clark B., Bonn, Jerrold L., Bataller, Susan F., Veneziano, Mark

Granted Patent

US 9,971,910 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/74   operating in dual or compar...

G06F 21/76   in application-specific int...

G06F 2221/2113   Multi-level security, e.g. ...

MULTI-LEVEL SECURITY DOMAIN SEPARATION USING SOFT-CORE PROCESSOR EMBEDDED IN AN FPGA

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-LEVEL SECURITY DOMAIN SEPARATION USING SOFT-CORE PROCESSOR EMBEDDED IN AN FPGA

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links