SYSTEM AND METHOD FOR CONTEXT AWARE NETWORK FILTERING

US 20170295031A1
Filed: 04/11/2016
Published: 10/12/2017
Est. Priority Date: 04/11/2016
Status: Active Grant

First Claim

Patent Images

1. A method for automatically filtering network messages in an aviation network for an aircraft based on a current system context, the method comprising:

receiving (401), by a processor (501) of a computer system (500), a network message (415) transmitted via one or more network packets within the aviation network, wherein the network message is transmitted from a source avionic device to a destination avionic device;

establishing (403), by the processor, a current system context (419) based on monitoring one or more avionic devices in the aviation network, wherein the system context indicates an aggregate status (417) of the one or more avionic devices;

analyzing (405), by the processor, an acceptability of the network message by;

identifying (409) a plurality of attributes (425) corresponding to the network message, wherein the plurality of attributes correspond to header and data fields (427) of the one or more network packets corresponding to the network message; and

determining (411) the acceptability of the network message within the system context based on one or more filter rules (429), wherein the one or more filter rules specify what attributes are allowed within a particular system context; and

forwarding (407), by the processor, the network message to the destination avionic device if the network message is determined to be acceptable within the system context.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, certain embodiments of the present disclosure provide techniques or mechanisms for automatically filtering network messages in an aviation network for an aircraft based on a current system context. According to various embodiments, a method is provided comprising receiving a network message transmitted from a source avionic device to a destination avionic device via one or more network packets within the aviation network. A current system context, indicating an aggregate status of avionic devices within the aviation network, is determined based on monitoring the avionic devices. The network message is analyzed by identifying a plurality of attributes corresponding to header and data fields of the one or more network packets corresponding to the network message. The acceptability of the network message within the current system context is determined based on one or more filter rules that specify what attributes are allowed within a particular system context.

30 Citations

20 Claims

1. A method for automatically filtering network messages in an aviation network for an aircraft based on a current system context, the method comprising:
- receiving (401), by a processor (501) of a computer system (500), a network message (415) transmitted via one or more network packets within the aviation network, wherein the network message is transmitted from a source avionic device to a destination avionic device;
  
  establishing (403), by the processor, a current system context (419) based on monitoring one or more avionic devices in the aviation network, wherein the system context indicates an aggregate status (417) of the one or more avionic devices;
  
  analyzing (405), by the processor, an acceptability of the network message by;
  
  identifying (409) a plurality of attributes (425) corresponding to the network message, wherein the plurality of attributes correspond to header and data fields (427) of the one or more network packets corresponding to the network message; and
  
  determining (411) the acceptability of the network message within the system context based on one or more filter rules (429), wherein the one or more filter rules specify what attributes are allowed within a particular system context; and
  
  forwarding (407), by the processor, the network message to the destination avionic device if the network message is determined to be acceptable within the system context.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the current system context (419) includes a combination of one or more of the following:
    - a date, a time, a location of the source avionic device, a location of the destination avionic device, a device state (421) of the plurality of avionic devices, and a flight phase (423) of the aircraft.
  - 3. The method of claim 2, wherein the device state (421) of the plurality of avionic devices includes an operational mode, a maintenance mode, or a data load mode.
  - 4. The method of claim 2, wherein the flight phase (423) of the aircraft includes one of the following operational states:
    - power on, pre-flight, engine start, in-gate, taxi-out, takeoff, initial climb, climb, enroute cruise, descent, approach land, rollout, taxi-in, go around, and engine shutdown.
  - 5. The method of claim 1, wherein the plurality of attributes (425) corresponding to the network message (415) include one or more of the following:
    - a destination address, a source address, a flight phase of the network message, a device state of the network message, a function, a sub-function, a data flow, and a protocol.
  - 6. The method of claim 1, wherein the one or more filter rules (429) are automatically generated (433) during a testing phase of the aviation network by:
    - capturing (451) one or more test network packets corresponding to a test functional network flow transmitted within the aviation network;
      
      parsing (453) the one or more test network packets in order to extract one or more test network messages corresponding to the test functional network flow;
      
      examining (455) a test network message of the one or more test network messages in order to identify a plurality of test attributes (456), wherein the plurality of test attributes correspond to header and data fields of the one or more test network packets corresponding to the test network message;
      
      classifying (457) the plurality of test attributes of the test network message;
      
      automatically generating (459) one or more tables (461) corresponding to the one or more test network messages;
      
      wherein the one or more tables include the one or more filter rules;
      
      wherein the one or more tables are chained (463) based on one or more test attributes of the test network messages;
      
      validating (465) the one or more filter rules.
  - 7. The method of claim 1, wherein the one or more filter rules (429) include one or more deep packet filtering rules (431), wherein the one or more deep packet filtering rules prevent unauthorized data flows on the aviation network by examining one or more payloads of the one or more network packets.

8. A system for automatically filtering network messages in an aviation network for an aircraft, the system comprising:
- one or more processors (501);
  
  memory (503); and
  
  one or more programs stored in the memory, the one or more programs including instructions for;
  
  receiving (401), by the one or more processors, a network message (415) transmitted via one or more network packets within the aviation network, wherein the network message is transmitted from a source avionic device to a destination avionic device;
  
  establishing (403), by the one or more processors, a current system context (419) based on monitoring one or more avionic devices in the aviation network, wherein the system context indicates an aggregate status (417) of the one or more avionic devices;
  
  analyzing (405), by the one or more processors, an acceptability of the network message by;
  
  identifying (409) a plurality of attributes (425) corresponding to the network message, wherein the plurality of attributes correspond to header and data fields (427) of the one or more network packets corresponding to the network message, anddetermining (411) the acceptability of the network message within the system context based on one or more filter rules (429), wherein the one or more filter rules specify what attributes are allowed within a particular system context; and
  
  forwarding (407), by the one or more processors, the network message to the destination avionic device if the network message is determined to be acceptable within the system context.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the system context (419) includes a combination of one or more of the following:
    - a date, a time, a location of the source avionic device, a location of the destination avionic device, a device state (421) of the plurality of avionic devices, and a flight phase (423) of the aircraft.
  - 10. The system of claim 9, wherein the device state (421) of the plurality of avionic devices includes an operational mode, a maintenance mode, or a data load mode.
  - 11. The system of claim 9, wherein the flight phase (423) of the aircraft includes one of the following operational states:
    - power on, pre-flight, engine start, in-gate, taxi-out, takeoff, initial climb, climb, enroute cruise, descent, approach land, rollout, taxi-in, go around, and engine shutdown.
  - 12. The system of claim 8, wherein the plurality of attributes (425) corresponding to the network message (415) include one or more of the following:
    - a destination address, a source address, a flight phase of the network message, a device state of the network message, a function, a sub-function, a data flow, and a protocol.
  - 13. The system of claim 8, wherein the one or more filter rules (429) are automatically generated (433) during a testing phase of the aviation network by:
    - capturing (451) one or more test network packets corresponding to a test functional network flow transmitted within the aviation network;
      
      parsing (453) the one or more test network packets in order to extract one or more test network messages corresponding to the test functional network flow;
      
      examining (455) a test network message of the one or more test network messages in order to identify a plurality of test attributes (456), wherein the plurality of test attributes correspond to header and data fields of the one or more test network packets corresponding to the test network message;
      
      classifying (457) the plurality of test attributes of the test network message;
      
      automatically generating (459) one or more tables (461) corresponding to the one or more test network messages;
      
      wherein the one or more tables include the one or more filter rules;
      
      wherein the one or more tables are chained (463) based on one or more test attributes of the test network messages;
      
      validating (465) the one or more filter rules.
  - 14. The system of claim 8, wherein the one or more filter rules (429) include one or more deep packet filtering rules (431), wherein the one or more deep packet filtering rules prevent unauthorized data flows on the aviation network by examining one or more payloads of the one or more network packets.

15. A non-transitory computer readable medium comprising one or more programs configured for execution by a computer system, the one or more programs including instructions for:
- receiving (401), by a processor (501) of a computer system (500), a network message (415) transmitted via one or more network packets within an aviation network for an aircraft, wherein the network message is transmitted from a source avionic device to a destination avionic device;
  
  establishing (403), by the processor, a current system context (419) based on monitoring one or more avionic devices in the aviation network, wherein the system context indicates an aggregate status (417) of the one or more avionic devices;
  
  analyzing (405), by the processor, an acceptability of the network message by;
  
  identifying (409) a plurality of attributes (425) corresponding to the network message, wherein the plurality of attributes correspond to header and data fields (427) of the one or more network packets corresponding to the network message; and
  
  determining (411) the acceptability of the network message within the system context based on one or more filter rules (429), wherein the one or more filter rules specify what attributes (425) are allowed within a particular system context; and
  
  forwarding (407), by the processor, the network message to the destination avionic device if the network message is determined to be acceptable within the system context.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the current system context (419) includes a combination of one or more of the following:
    - a date, a time, a location of the source avionic device, a location of the destination avionic device, a device state (421) of the plurality of devices, and a flight phase (423) of the aircraft.
  - 17. The non-transitory computer readable medium of claim 16, wherein the device state (421) of the plurality of avionic devices includes an operational mode, a maintenance mode, or a data load mode.
  - 18. The non-transitory computer readable medium of claim 16, wherein the flight phase (423) of the aircraft includes one of the following operational states:
    - power on, pre-flight, engine start, in-gate, taxi-out, takeoff, initial climb, climb, enroute cruise, descent, approach land, rollout, taxi-in, go around, and engine shutdown.
  - 19. The non-transitory computer readable medium of claim 15, wherein the plurality of attributes (425) corresponding to the network message (415) include one or more of the following:
    - a destination address, a source address, a flight phase of the network message, a device state of the network message, a function, a sub-function, a data flow, and a protocol.
  - 20. The non-transitory computer readable medium of claim 15, wherein the one or more filter rules (429) include one or more deep packet filtering rules (431), wherein the one or more deep packet filtering rules prevent unauthorized data flows on the networked aviation system by examining the payloads of the one or more network packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Bush, John E., Arnold, Steven L., Ayyagari, Arun

Granted Patent

US 10,063,435 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/028   by filtering

H04L 43/08   Monitoring or testing based...

H04L 45/70   Routing based on monitoring...

H04L 63/02   for separating internal fro...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 69/22   Parsing or analysis of headers

SYSTEM AND METHOD FOR CONTEXT AWARE NETWORK FILTERING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTEXT AWARE NETWORK FILTERING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links