Method and system for reconciling safety-critical and high assurance security functional requirements between safety and security domains
First Claim
1. A system for providing both safety and security functions, the system comprising:
- a computing device providing at least a first partition and a second partition, the computing device implementing time and space partitioning to isolate resources available to the first partition and the second partition;
a safety module operating in the first partition, the safety module providing safety functions for the system;
a security module operating in the second partition, the security module providing security functions for the system; and
a predefined communication interface defining a set of communications allowable between the safety module and the security module, wherein information sharing between the safety module and the security module is restricted to only the set of communications allowable through the predefined communication interface,wherein the security functions provided by the security module include detecting a security violation, and wherein the set of communications allowable between the safety module and the security module includes a corrective action request from the security module to the safety module specifying a set of security-relevant partitions to be shutdown and restarted when the security violation is detected.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing safety and security functions are disclosed. The system includes a computing device that provides at least a first partition and a second partition. The computing device implements time and space partitioning to isolate resources available to the first partition and the second partition. The system also includes a safety module that operates in the first partition for providing safety functions for the system. The system further includes a security module that operates in the second partition for providing security functions for the system. A predefined communication interface is utilized to facilitate communications between the safety module and the security module. The communication interface defines a set of communications allowable between the safety module and the security module, wherein information sharing between the safety module and the security module is restricted to only the set of communications allowed through the communication interface.
29 Citations
20 Claims
-
1. A system for providing both safety and security functions, the system comprising:
-
a computing device providing at least a first partition and a second partition, the computing device implementing time and space partitioning to isolate resources available to the first partition and the second partition; a safety module operating in the first partition, the safety module providing safety functions for the system; a security module operating in the second partition, the security module providing security functions for the system; and a predefined communication interface defining a set of communications allowable between the safety module and the security module, wherein information sharing between the safety module and the security module is restricted to only the set of communications allowable through the predefined communication interface, wherein the security functions provided by the security module include detecting a security violation, and wherein the set of communications allowable between the safety module and the security module includes a corrective action request from the security module to the safety module specifying a set of security-relevant partitions to be shutdown and restarted when the security violation is detected. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for reconciling safety and security functions in an integrated computing device, the method comprising:
-
partitioning the computing device to provide at least a first partition and a second partition; isolating resources available to the first partition and the second partition utilizing time and space partitioning; providing a safety module in the first partition, the safety module configured for performing safety functions; providing a security module in the second partition, the security module configured for performing security functions, wherein the security functions include detecting a security violation; and providing a predefined communication interface between the safety module and the security module, the predefined communication interface defining a set of communications allowable between the safety module and the security module, wherein information sharing between the safety module and the security module is restricted to only the set of communications allowable through the predefined communication interface, and wherein the set of communications allowable between the safety module and the security module includes a corrective action request from the security module to the safety module specifying a set of security-relevant partitions to be shutdown and restarted when the security violation is detected. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing both safety and security functions, the system comprising:
-
a computing device providing at least a first partition and a second partition, the computing device implementing time and space partitioning to isolate resources available to the first partition and the second partition; a safety module operating in the first partition, the safety module providing safety functions for the system; a security module operating in the second partition, the security module providing security functions for the system; and a predefined communication interface defining a set of communications allowable between the safety module and the security module, wherein the security functions provided by the security module include detecting a security violation, wherein the set of communications allowable between the safety module and the security module includes a corrective action request from the security module to the safety module specifying a set of security-relevant partitions to be shutdown and restarted when the security violation is detected, and wherein the safety module and the security module operate independently within the computing device and information sharing between the safety module and the security module is restricted to only the set of communications allowable through the predefined communication interface, allowing the safety module and the security module to be independently certifiable. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification