Embedded guard-sanitizer
First Claim
1. An apparatus configured to be embedded in a bus between networks or data buses, wherein at least two of the networks or data buses operate at different security levels, the apparatus comprising:
- a single dedicated processor;
a volatile, high-to-low working memory partition connected to the single dedicated processor;
a volatile, low-to-high working memory partition connected to the processor;
the high-to-low and low-to-high working memory partitions configured by the processor to limit the range of memory in which the processor is working until a specific operation is executed to reset to another partition;
a high-side, input/output section providing an interface to a high-side network or data bus, and configured to send messages to the high-to-low working memory partition, and to receive messages from the low-to-high working memory partition;
a low-side, input/output section providing an interface to a low-side network or data bus, and configured to send messages to the low-to-high working memory partition, and to receive messages from the high-to-low working memory partition;
a first non-volatile memory for storing a binary rule set image, whereby the processor controls the transfer of messages between the high-side input/output section and the low-side input/output section in accordance with the rule set; and
a second non-volatile, memory for storing firmware for controlling executive functions of the apparatus;
wherein messages received from the high-side network or data bus are inspected using the rule set and based on that inspection, the apparatus passes the message to the low side network or data bus unmodified, redacts or substitutes the message prior to passing the message to the low side network or data bus, or blocks the message; and
wherein messages received from the low-side network or data bus are inspected using the rule set and based on that inspection, the apparatus passes the message to the high side network or data bus unmodified, redacts or substitutes the message prior to passing the message to the high side network or data bus, or blocks the message.
1 Assignment
0 Petitions
Accused Products
Abstract
An embedded guard-sanitizer apparatus is disclosed including a processor, a volatile, high-to-low working memory partition connected to the processor, and a volatile, low-to-high working memory partition connected to the processor. The embedded guard-sanitizer further includes a high-side, input/output section providing an interface to a high-side network or data bus, and configured to send messages to the high-to-low working memory, and to receive messages from the low-to-high working memory, and a low-side, input/output section providing an interface to a low-side network or data bus, and configured to send messages to the low-to-high working memory, and to receive messages from the high-to-low working memory. The embedded guard-sanitizer also includes a first non-volatile memory for storing a rule set binary image, whereby the processor controls the transfer of messages between the high-side input/output section and the low-side input/output section in accordance with the rule set, and a second non-volatile, memory for storing firmware for controlling executive functions of the apparatus.
-
Citations
20 Claims
-
1. An apparatus configured to be embedded in a bus between networks or data buses, wherein at least two of the networks or data buses operate at different security levels, the apparatus comprising:
-
a single dedicated processor; a volatile, high-to-low working memory partition connected to the single dedicated processor; a volatile, low-to-high working memory partition connected to the processor;
the high-to-low and low-to-high working memory partitions configured by the processor to limit the range of memory in which the processor is working until a specific operation is executed to reset to another partition;a high-side, input/output section providing an interface to a high-side network or data bus, and configured to send messages to the high-to-low working memory partition, and to receive messages from the low-to-high working memory partition; a low-side, input/output section providing an interface to a low-side network or data bus, and configured to send messages to the low-to-high working memory partition, and to receive messages from the high-to-low working memory partition; a first non-volatile memory for storing a binary rule set image, whereby the processor controls the transfer of messages between the high-side input/output section and the low-side input/output section in accordance with the rule set; and a second non-volatile, memory for storing firmware for controlling executive functions of the apparatus; wherein messages received from the high-side network or data bus are inspected using the rule set and based on that inspection, the apparatus passes the message to the low side network or data bus unmodified, redacts or substitutes the message prior to passing the message to the low side network or data bus, or blocks the message; and wherein messages received from the low-side network or data bus are inspected using the rule set and based on that inspection, the apparatus passes the message to the high side network or data bus unmodified, redacts or substitutes the message prior to passing the message to the high side network or data bus, or blocks the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus configured to be embedded in a bus between networks or data buses, wherein at least two of the networks or data buses operate at different security levels, the apparatus comprising:
-
a single dedicated processor; a volatile, high-to-low working memory partition connected to a single dedicated processor; a volatile, low-to-high working memory partition connected to the processor;
the high-to-low and low-to-high working memory partitions configured by the processor to limit the range of memory in which the processor is working until a specific operation is executed to reset to another partition;a high-side, input/output section providing an interface to a high-side network or data bus, and configured to send messages to the high-to-low working memory partition, and to receive messages from the low-to-high working memory partition; a low-side, input/output section providing an interface to a low-side network or data bus, and configured to send messages to the low-to-high working memory partition, and to receive messages from the high-to-low working memory partition; a first non-volatile memory for storing a binary rule set image, whereby the processor controls the transfer of messages between the high-side input/output section and the low-side input/output section in accordance with the rule set; and a second non-volatile, memory for storing firmware for controlling executive functions of the apparatus; wherein messages received from the high-side network or data bus are inspected using the rule set and based on that inspection, the apparatus redacts or substitutes the message prior to passing the message to the low side network or data bus; and wherein messages received from the low-side network or data bus are inspected using the rule set and based on that inspection, the apparatus redacts or substitutes the message prior to passing the message to the high side network or data bus. - View Dependent Claims (17, 18, 19, 20)
-
Specification