Scalable security architecture systems and methods
First Claim
1. A method, comprising:
- detecting a system resource request transmitted over a system fabric;
determining a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with a plurality of user modules each comprising a corresponding security application interface broker,wherein each of the plurality of user modules are securely isolated from one another via a firewall and physically partitioned from one another within a system enclosure, and wherein each of the plurality of user modules are separately removable from the system enclosure; and
allocating system resources for at least one of the plurality of user modules, using at least one of the corresponding security application interface brokers, based, at least in part, on the determined security status of the system resource request,wherein the user modules are configured to be coupled within the system enclosure, the system enclosure is configured to be mounted to or within a mobile structure, and the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for systems and methods to provide a secure federated computing system for mobile structures. A secure federated computing system includes a secure system controller and one or more user modules each implemented with a secure system processor and configured to communicate over one or more system fabrics. The secure system controller and the user modules are configured to form secure communication channels to each other over the one or more system fabrics to facilitate a secure initialization procedure. Once the secure initialization procedure is complete, the secure system controller and the user modules can be used to dynamically allocate secure and non-secure system resources as needed or as indicated by a security rule set programmed into the secure system processor.
-
Citations
20 Claims
-
1. A method, comprising:
-
detecting a system resource request transmitted over a system fabric; determining a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with a plurality of user modules each comprising a corresponding security application interface broker, wherein each of the plurality of user modules are securely isolated from one another via a firewall and physically partitioned from one another within a system enclosure, and wherein each of the plurality of user modules are separately removable from the system enclosure; and allocating system resources for at least one of the plurality of user modules, using at least one of the corresponding security application interface brokers, based, at least in part, on the determined security status of the system resource request, wherein the user modules are configured to be coupled within the system enclosure, the system enclosure is configured to be mounted to or within a mobile structure, and the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a plurality of user modules configured to communicate with each other over a system fabric, wherein each of the plurality of user modules comprises a corresponding security application interface broker, and wherein each of the plurality of user modules are securely isolated from one another via a firewall and physically partitioned from one another within a system enclosure, and wherein each of the plurality of user modules are separately removable from the system enclosure; and a secure system controller adapted to couple to the system fabric, wherein the secure system controller is configured to; detect a system resource request transmitted over the system fabric; determine a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with the plurality of user modules; and allocate system resources for at least one of the plurality of user modules, using at least one of the corresponding security application interface brokers, based, at least in part, on the determined security status of the system resource request, wherein the user modules are configured to be coupled within the system enclosure, the system enclosure is configured to be mounted to or within a mobile structure, and the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method, comprising:
-
coupling a secure system controller and a plurality of user modules to a system fabric for a federated computing system; coupling a secure programming station to the secure system controller; and programming the secure system controller according to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with the plurality of user modules, each comprising a corresponding security application interface broker, wherein each of the plurality of user modules are securely isolated from one another via a firewall and physically partitioned from one another within a system enclosure, and wherein each of the plurality of user modules are separately removable from the system enclosure, wherein the secure system controller is operable to allocate system resources for at least one of the plurality of user modules, using at least one of the corresponding security application interface brokers, and wherein the user modules are configured to be coupled within the system enclosure, the system enclosure is configured to be mounted to or within a mobile structure, and the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle. - View Dependent Claims (19, 20)
-
Specification