HIGH ASSURANCE SEGREGATED GATEWAY INTERCONNECTING DIFFERENT DOMAINS

US 20170070507A1
Filed: 09/01/2016
Published: 03/09/2017
Est. Priority Date: 09/04/2015
Status: Active Grant

First Claim

Patent Images

1. A gateway adapted to interconnect a first domain to a second domain, comprising:

a gateway internal protocol,first and second protocol adapters configured to be hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, anda security module hosted on a separate hosting platform and configured to communicate with the first and second protocol adapters via respectively first and second data links according to the gateway internal protocol,wherein said first protocol adapter, second protocol adapter and security module are physically segregated from each other and wherein said security module comprises a set of functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate first and second unidirectional paths between the first protocol adapter and the second protocol adapter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between application data formatted according to an applicative protocol relative to the two domains and gateway data formatted according to the gateway internal protocol, and a security module hosted on a separate platform to communicate with the first and second protocol adapters via first and second data links according to the gateway internal protocol. The first and second protocol adapters and security module are each physically segregated and the security module comprises functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate unidirectional paths between the two protocol adapters.

Citations

15 Claims

1. A gateway adapted to interconnect a first domain to a second domain, comprising:
- a gateway internal protocol,first and second protocol adapters configured to be hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, anda security module hosted on a separate hosting platform and configured to communicate with the first and second protocol adapters via respectively first and second data links according to the gateway internal protocol,wherein said first protocol adapter, second protocol adapter and security module are physically segregated from each other and wherein said security module comprises a set of functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate first and second unidirectional paths between the first protocol adapter and the second protocol adapter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The gateway according to claim 1, wherein the set of functional blocs of the security module are decomposed into a plurality of elementarily evaluable components, hereafter called elementary components, each one of which being analyzable at a desired level of assurance, wherein each elementary component has a specified function and is adapted to communicate with other predefined elementary components, and wherein a first subset of elementary components is intended to be used along the first unidirectional path and a different second subset of elementary components is intended to be used along the second unidirectional path.
  - 3. The gateway according to claim 1, wherein said gateway internal protocol is configured to have a minimum communication protocol based on a query and a response exchange mechanism and wherein each frame of an exchanged gateway data is decomposed into predefined fields of a fixed length.
  - 4. The gateway according to claim 1, wherein said first and second protocol adapters comprise:
    - first and second elementary management components, respectively, configured to manage authorized applicative protocols relative to applications belonging to the first and second domains, respectively,first and second elementary constructing components, respectively, configured to construct a gateway data out of a corresponding application data by adapting the application data from an applicative protocol format into said gateway internal protocol format before sending said gateway data to the security module via the first and second data links,first and second elementary reconstructing components, respectively, configured to reconstruct an application data according to the applicative protocol format out of a corresponding gateway data formatted according to the internal gateway protocol.
  - 5. The gateway according to claim 1, wherein said set of functional blocs comprises:
    - first and second driving blocs configured to receive and send gateway data from and to said first and second protocol adapters along said first and second unidirectional paths, andan analyzing bloc of elementary components configured to analyse and implement a series of security rules at the gateway internal protocol level on gateway data flowing along at least one unidirectional path to ensure that no malicious or unauthorized gateway data is flowing along that at least one unidirectional path.
  - 6. The gateway according to claim 5, wherein said analyzing bloc comprises first and second sets of elementary controlling components and a set of associated elementary stateful context components, said first set of elementary controlling components comprising a first set of elementary observing components configured to gather information on gateway data flowing along said first directional path and to transmit it to the associated set of stateful context components which is configured to store said information, and said second set of elementary controlling components comprising a second set of associated elementary filtering components configured to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second directional path, said first series of application-level security rules comprising first consulting rules intended to consult the information stored in said associated set of stateful context components.
  - 7. The gateway according to claim 6, wherein said second set of elementary controlling components further comprises a second set of elementary observing components configured to gather information on gateway data flowing along said second directional path and to transmit it to the associated set of stateful context components, and in that said first set of elementary controlling components further comprises a first set of elementary filtering components configured to implement a second series of application-level security rules comprising second consulting rules intended to consult the information stored in said associated set of stateful context components.
  - 8. The gateway according to claim 5, wherein the first driving bloc is made up of a single bloc comprising a first input buffer configured to receive gateway data from the first protocol adapter and a first output buffer configured to send gateway data to the first protocol adapter, said first input and output buffers being separated from each other, andthe second driving bloc is made up of a single bloc comprising a second input buffer configured to receive gateway data from the second protocol adapter and a second output buffer configured to send gateway data to the second protocol adapter, said second input and output buffers being separated from each other.
  - 9. The gateway according to claim 5, wherein the first driving bloc is made up of two separate blocs composed of a first receiving bloc of elementary components and a first transmitting bloc of elementary component, said first receiving bloc being configured to receive gateway data from said first protocol adapter along the first directional path and said first transmitting bloc being configured to send gateway data to said first protocol adapter along the second unidirectional path, andthe second driving bloc is made up of two separate blocs composed of a second receiving bloc of elementary components and a second transmitting bloc of elementary components, said second receiving bloc being configured to receive gateway data from said second protocol adapter along the second unidirectional path and said second transmitting bloc being configured to send gateway data to said second protocol adapter along the first unidirectional path.
  - 10. The gateway according to claim 9, wherein said first and second receiving blocs comprise:
    - first and second elementary stack receiver components, respectively, configured to process an incoming flow of gateway data frames from first and second protocol adapters respectively by interpreting the format of each gateway data frame into separate gateway data fields,first and second elementary flow security receiver components, respectively, configured to receive said gateway data fields and to copy useful gateway data fields into an internal structure before applying network security rules onto said useful gateway data fields, andfirst and second elementary flow dispatch receiver components, respectively, configured to receive said useful gateway data fields and to dispatch them to the appropriate elementary components of the analyzing bloc.
  - 11. The gateway according to claim 9, wherein said first and second transmitting blocs comprise:
    - first and second elementary flow transmitter components, respectively, configured to gather gateway data fields from the corresponding elementary controlling components and to assemble the different gateway data fields into gateway data frames,first and second elementary stack transmitter components, respectively, configured to receive the gateway data frames from the first and second transmitting blocs respectively and to send them to the second and first protocol adapters, respectively.
  - 12. The gateway according to claim 5, further comprising:
    - a first network interface component connected to the first driving bloc, said first network interface being configured to communicate with the first protocol adapter, anda second network interface component connected to the second driving bloc, said second network interface being configured to communicate with the second protocol adapter.
  - 13. The gateway according to claim 1, wherein the security module further comprises:
    - an audit component configured to gather audit logs from all sets of elementary components for forensic analysis,a monitoring component configured to health monitor all sets of elementary components and to take decisions in case anomalies or unusual behaviors are detected, anda self-testing component configured to test elementary components by injecting test data.

14. An embedded infrastructure comprising a gateway adapted to interconnect a first domain to a second domain, the gateway comprising:
- a gateway internal protocol,first and second protocol adapters configured to be hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, anda security module hosted on a separate hosting platform and configured to communicate with the first and second protocol adapters via respectively first and second data links according to the gateway internal protocol,wherein said first protocol adapter, second protocol adapter and security module are physically segregated from each other and wherein said security module comprises a set of functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate first and second unidirectional paths between the first protocol adapter and the second protocol adapter.

15. An aircraft communication system comprising a gateway adapted to interconnect a first domain to a second domain, the gateway comprising:
- a gateway internal protocol,first and second protocol adapters configured to be hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, anda security module hosted on a separate hosting platform and configured to communicate with the first and second protocol adapters via respectively first and second data links according to the gateway internal protocol,wherein said first protocol adapter, second protocol adapter and security module are physically segregated from each other and wherein said security module comprises a set of functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate first and second unidirectional paths between the first protocol adapter and the second protocol adapter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Airbus Operations SAS (Airbus SE)
Original Assignee
Airbus Operations SAS (Airbus SE)
Inventors
TRIQUET, Benoit, SIMACHE, Cristina, LECONTE, Bertrand

Granted Patent

US 10,609,029 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

H04L 12/40032   Details regarding a bus int...

H04L 12/4625   Single bridge functionality...

H04L 12/66   Arrangements for connecting...

H04L 2012/40267   Bus for use in transportati...

H04L 47/196   Integration of transport la...

H04L 63/02   for separating internal fro...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/1408   by monitoring network traff...

H04L 67/02   based on web technology, e....

H04L 67/133   Protocols for remote proced...

H04L 69/08   Protocols for interworking;...

HIGH ASSURANCE SEGREGATED GATEWAY INTERCONNECTING DIFFERENT DOMAINS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

HIGH ASSURANCE SEGREGATED GATEWAY INTERCONNECTING DIFFERENT DOMAINS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links