Integrity monitoring
First Claim
1. A method of operating an avionics component, comprising:
- a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping;
b. running an operating system for the avionics component, within a memory region allocated to the operating system;
c. running the application, the application associated with the avionics component within a memory region allocated to the application; and
d. monitoring, at predefined intervals, the memory management unit to ensure the operating system cannot alter memory allocated to the application;
e. wherein the memory management unit is monitored to ensure that the operating system cannot write to memory allocated to the application.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described here to provide a degree or level of certification to a resident application such as an operating system, e.g., Linux®. In a Linux® implementation, the operating system provides a robust environment including many seasoned communication stacks, e.g., TCP/IP, USB, and the like. However, Linux® is not certified to the level necessary to be a part of many avionics applications. To eliminate the need to certify all of such an operating system, such certification being highly costly, the avionics application itself may be protected so that the operating system cannot alter the application'"'"'s operating environment, e.g., application code and data, once the application is loaded and running. In this case, only the application requires certification at the highest level, and not the operating system such as Linux®.
15 Citations
11 Claims
-
1. A method of operating an avionics component, comprising:
-
a. configuring settings of a memory management unit to allocate a region of memory for an operating system and a region of memory for an application, the two regions non-overlapping; b. running an operating system for the avionics component, within a memory region allocated to the operating system; c. running the application, the application associated with the avionics component within a memory region allocated to the application; and d. monitoring, at predefined intervals, the memory management unit to ensure the operating system cannot alter memory allocated to the application; e. wherein the memory management unit is monitored to ensure that the operating system cannot write to memory allocated to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An avionics component, comprising:
-
a. memory containing instructions for causing instantiation of an operating system; b. memory containing instructions for causing instantiation of an application; c. memory, configured by settings, containing instructions for separating the memories containing instructions for causing instantiation of an operating system and instantiation of an application; and d. memory containing instructions for checking, at predefined intervals, the operation of the memory configured by settings, to ensure the operating system cannot write to memory allocated to the application.
-
Specification