Trusted, cross domain information sharing between multiple legacy and IP based devices
First Claim
1. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using internet protocol (IP), the method comprising:
- transmitting, by the first host, data to a driver in a data guard;
establishing, by a second task group, a transmission control protocol (TCP) connection from the second task group to the second host through a second interface;
establishing, by a first task group, a user datagram protocol (UDP) connection from the first task group to the second task group;
transmitting the data, by a first interface, to the first task group;
storing, by the first task group, the data in a file system;
receiving, by a filter task group, a file name for the data;
filtering, by the filter task group, the data according to a rule set;
changing, by the filter task group, a security level of the data;
forwarding, by the filter task group, the file name to the second task group for forwarding the data to the second host; and
forwarding, by the second task group, the data to the second host,wherein the first task group and the second task group allow for processes of the first hostto be isolated from processes of the second host,wherein the second host operates in one of a secret domain and an unclassified domain.
1 Assignment
0 Petitions
Accused Products
Abstract
The methods and systems of the present disclosure provide a high assurance means for multiple legacy communication (e.g., Mil-Std-1553 communications protocol) system users and/or devices and multiple IP based network users and/or devices to seamlessly, and in real time, share information across various security domains. Specifically, the system enables multiple legacy communication system protocols and interfaces to communicate with existing IP interfaces and protocols with a high degree of trust. The system includes a configurable filtering capability to allow for the data to be inspected prior to being passed from one security domain to another security domain.
-
Citations
17 Claims
-
1. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using internet protocol (IP), the method comprising:
-
transmitting, by the first host, data to a driver in a data guard; establishing, by a second task group, a transmission control protocol (TCP) connection from the second task group to the second host through a second interface; establishing, by a first task group, a user datagram protocol (UDP) connection from the first task group to the second task group; transmitting the data, by a first interface, to the first task group; storing, by the first task group, the data in a file system; receiving, by a filter task group, a file name for the data; filtering, by the filter task group, the data according to a rule set; changing, by the filter task group, a security level of the data; forwarding, by the filter task group, the file name to the second task group for forwarding the data to the second host; and forwarding, by the second task group, the data to the second host, wherein the first task group and the second task group allow for processes of the first host to be isolated from processes of the second host, wherein the second host operates in one of a secret domain and an unclassified domain. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using the legacy protocol, the method comprising:
-
transmitting, by the first host, data to a driver in a data guard; discarding, by the driver, a first command word of the data; storing, by the driver, the data as a user datagram protocol (UDP) packet; writing, by a first interface, the UDP packet to a file; forwarding, by the first interface, a file name of the file to a network interface; forwarding, by the network interface, the file name to a second interface; binding, by a filter task group, with the network interface to receive all subsequent UDP packet file names; filtering, by the filter task group, the UDP packet according to a rule set; forwarding, by the filter task group, a file name of the filtered UDP packet to the second interface for forwarding to the second host; and forwarding, by the second interface, the UDP packet to the second host, wherein the second host operates in one of a secret domain and an unclassified domain. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for a low-to-high security level exchange of information from a first host operating in a lower security domain using internet protocol (IP) to a second host operating in a higher security domain using a legacy protocol, the method comprising:
-
establishing, by a second task group, a user datagram protocol (UDP) connection with an interface and a first driver; informing, by the first driver, the second host that the first driver has data for the second host; sending, by the second task group, a message to a first task group; establishing, by the first task group, a transmission control protocol (TCP) connection with the interface and the first host; transmitting, by the first host, data to the first driver; storing, by the first task group, the data in a file system; sending, by the first task group, a file name of the data to the second task group; forwarding, by the second task group, the data to a second driver; and forwarding, by the second driver, the data to the second host, wherein the first task group and the second task group allow for processes of the first host to be isolated from processes of the second host, wherein the second host operates in one of a top secret domain and a secret domain. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification