CN109714366A - Intercommunication system and method between avionics network domains and information network domain - Google Patents

Intercommunication system and method between avionics network domains and information network domain Download PDF

Info

Publication number
CN109714366A
CN109714366A CN201910135922.6A CN201910135922A CN109714366A CN 109714366 A CN109714366 A CN 109714366A CN 201910135922 A CN201910135922 A CN 201910135922A CN 109714366 A CN109714366 A CN 109714366A
Authority
CN
China
Prior art keywords
avionics
network
message
data
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910135922.6A
Other languages
Chinese (zh)
Other versions
CN109714366B (en
Inventor
张双
郑涛
王辰娇
刘绚
万欣宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Aeronautics Computing Technique Research Institute of AVIC
Original Assignee
Xian Aeronautics Computing Technique Research Institute of AVIC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Aeronautics Computing Technique Research Institute of AVIC filed Critical Xian Aeronautics Computing Technique Research Institute of AVIC
Priority to CN201910135922.6A priority Critical patent/CN109714366B/en
Publication of CN109714366A publication Critical patent/CN109714366A/en
Application granted granted Critical
Publication of CN109714366B publication Critical patent/CN109714366B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

Effectively to solve the problems, such as that the security isolation of two-way communication and flow direction are protected between avionics network domains and information network domain under airborne circumstance, the present invention provides the intercommunication systems and method between a kind of avionics network domains and information network domain.Avionics NS software unit is arranged in the present invention inside the network domains boundary Control device of airborne information network, information network access control unit and communication control management unit, in the module of avionics NS software unit deployment and high safety grade application communication, the module communicated with lower security classes of applications is disposed in information network access control unit, and operation is isolated between each module, it can effectively solve the problem that the problem of security isolation of two-way communication and flow direction are protected between avionics network domains and information network domain under airborne circumstance, two-way secure communication provides a solution between civil onboard information network and avionics network.

Description

Intercommunication system and method between avionics network domains and information network domain
Technical field
The present invention relates to the intercommunication systems and method between a kind of avionics network domains and information network domain.
Background technique
In aviation field, the high safety run in avionics system, which is applied, provides guarantor for the normal operation of entire aircraft Barrier.In aircraft conventional electronic system, avionics data are existed by avionics network (such as avionic full-duplex switched-type Ethernet) It is transmitted in closed airborne circumstance, not will receive external information security attack, ensure that the safety of avionics data.With Extensive application of the information technology in civil avionics system, in order to provide more, more convenient service to aircraft operator, Aircraft designers introduce the airborne information service system based on Ethernet, are realized by resident and operation lower security classes of applications The information service of multiplicity.
Civil airplane avionics system network domains are divided into the avionics network domains of high safety and the information of lower security Network domains are resident the application (security level A~C grade) higher ranked with operational safety, in information network in avionics network domains It is resident and the junior application (D~E grades of security level) of operational safety in domain.In order to realize service function demand, high safety The a large amount of data of real-time exchange are needed between classes of applications and lower security classes of applications.It is come from for this purpose, avionics network domains will face The network information security in information network domain threatens, and then adversely affects to its safety, comes not for airplane operation safety belt Benefit influences.
Summary of the invention
For the security isolation and stream for effectively solving two-way communication between avionics network domains and information network domain under airborne circumstance To the problem of protection, the present invention provides the intercommunication systems and method between a kind of avionics network domains and information network domain.
The technical scheme is that
Intercommunication system between avionics network domains and information network domain is characterized in that the two-way communication system System is arranged in the network domains boundary Control device of airborne information network, including following procedure module:
Avionics NS software unit: being responsible for and avionics network end node hardware communications, and passes through communication control management Unit is communicated with information network access control unit;
Information network access control unit: being responsible for and information network end node hardware communications, and passes through communication control management Unit and avionics NS software unit communication;
Communication control management unit: it is responsible between avionics NS software unit and information network access control unit Communication control.
It further, further include running state monitoring unit, for monitoring avionics NS software unit and Information Network The operating status of network access control unit, while recording and saving log.
The present invention also provides the two-way communication between a kind of avionics network domains and information network domain, special character exists In:
From information network domain to the data transmission procedure of avionics network domains the following steps are included:
1.1) information network access control unit, which receives, is located at the data that the lower security classes of applications in information network domain is sent Message checks whether data-message is credible according to information network access control rule, if data-message is credible, to lower security etc. Grade application sends response message, is transferred to step 1.2);If data-message is insincere, the data-message is abandoned, termination is transmitted across Journey;
1.2) believable data-message is issued into communication control management unit by communication pipe;
1.3) communication control management unit checks the hair of its received data-message according to avionics NS software rule Data-message is issued avionics by communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient NS software unit, is transferred to step 1.4);If irregularity either in sender and recipient, abandons the data and disappears Breath terminates transmission process;
1.4) avionics NS software unit checks the conjunction of its received data-message according to avionics network communication rule Data-message is first packaged into avionics network communication frame according to network configuration, is then forwarded to position by rule property if data-message closes rule In the high safety grade application of avionics network domains;If data-message irregularity, the data-message is abandoned, terminates transmission process;
From avionics network domains to the data transmission procedure in information network domain the following steps are included:
2.1) avionics NS software unit is answered according to the high safety grade that network configuration reception is located at avionics network domains With the avionics network communication frame of transmission;
2.2) after avionics NS software unit unpacks avionics network communication frame, communication is sent to by communication pipe Control administrative unit;
2.3) communication control management unit checks the hair of its received data-message according to avionics NS software rule Data-message is issued information via communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient NS software unit, is transferred to step 2.4);If sender and either one irregularity of recipient, abandon the data-message, Terminate transmission process;
2.4) the avionics data that information network access control unit is received it according to rule are sent to positioned at Information Network The lower security classes of applications in network domain.
Further, data in transmission process, monitor avionics network in real time between avionics network domains and information network domain The operating status of access control unit and information network access control unit, while recording and saving log.
Further, information network access control rule described in step 1.1) is led to by sender's IP address, sender Believe port numbers, signature algorithm and algorithm secret key composition.
Further, avionics NS software rule described in step 1.3) and step 2.3) is by sender IP Location, sender's data-message title, recipient's avionics network address, recipient's communication port numbers, message unique value, message-length Composition.
Further, the rule of avionics network communication described in step 1.4) by avionics network hardware number, communication type, Communication port numbers, communication direction composition.
Advantages of the present invention:
1, avionics NS software list is arranged in the present invention inside the network domains boundary Control device of airborne information network Member, information network access control unit and communication control management unit, in the deployment of avionics NS software unit and high safety The module of classes of applications communication disposes the module communicated with lower security classes of applications in information network access control unit, and each Operation is isolated between a unit (program module), can effectively solve the problem that under airborne circumstance between avionics network domains and information network domain The problem of security isolation and flow direction of two-way communication are protected, bidirectional safe is logical between civil onboard information network and avionics network Letter provides a solution.
2, the present invention is visited by configuring avionics network communication rule in avionics NS software unit in information network It asks configuration information network access control rule in control unit, avionics NS software is configured in communication control management unit Rule realizes the fine granularity control of multilevel security.
Detailed description of the invention
Fig. 1 is overall architecture schematic diagram of the invention.
Fig. 2 is the data flow model that information network domain of the invention flows to avionics network domains.
Fig. 3 is the data flow model that avionics network domains of the invention flow to information network domain.
Specific embodiment
Below in conjunction with attached drawing, the invention will be further described.
The present invention realizes the safety of the two-way communication between avionics network domains and information network domain.
1. framework forms
Framework composition of the invention is as shown in Figure 1, include the following procedure mould being arranged in network domains boundary Control device Block:
Avionics NS software unit 101: being responsible for and avionics network end node hardware communications, and passes through communication control pipe Reason unit 103 is communicated with information network access control unit 102.
Information network access control unit 102: being responsible for and information network end node hardware communications, and passes through communication control pipe Reason unit 103 is communicated with avionics NS software unit 101.
Communication control management unit 103: it is responsible for avionics NS software unit 101 and information network access control unit Communication control between 102.
Running state monitoring unit 104: monitoring avionics NS software unit 101, information network access control unit 102 operating status, while recording and saving log.
2. data-flow-control simulation
The present invention realizes the separation control of communication flow direction, number by the traffic organising of functional module isolation and communication information It is as shown in Figures 2 and 3 according to flow model.
As shown in Fig. 2, flowing to the data transmission procedure of avionics network domains from information network domain are as follows:
Step 1: the lower security classes of applications positioned at information network domain sends data to information network access control unit 102 Message after information network access control unit 102 receives data-message, checks data according to information network access control rule Whether message is credible, if the data-message is credible, sends response message to lower security classes of applications, is transferred to step 2;It is no The data-message is then abandoned, transmission process is terminated.Information network access control rule is by sender's IP address, sender's communication ends Slogan, signature algorithm and algorithm secret key composition.
Step 2: data-message is issued communication control management list by communication pipe by information network access control unit 102 Member 103.
Step 3: after communication control management unit 103 receives data-message, according to avionics NS software rule inspection The sender of data-message and the compliance of recipient are issued if sender and recipient close rule by communication pipe Avionics NS software unit 101, is transferred to step 4;Otherwise the message is abandoned, transmission process is terminated.The access control of avionics network System rule by sender's IP address, sender's data-message title, recipient's avionics network address, recipient's communication port numbers, Message unique value, message-length composition.
Step 4: after avionics NS software unit 101 receives data-message, according to avionics network communication rule inspection Data-message is first packaged into avionics network according to network configuration and led to by the compliance of data-message if data-message closes rule Believe frame, then the high safety grade application positioned at avionics network domains is sent to by avionics network end node hardware;Otherwise abandoning should Data-message.Avionics network communication rule is made of avionics network hardware number, communication type, communication port numbers, communication direction.
As shown in figure 3, flowing to the transmission process in information network domain from avionics network domains are as follows:
Step 1: being applied positioned at the high safety grade of avionics network domains and avionics network communication frame is sent extremely by avionics network Avionics NS software unit 101 in network domains boundary Control device.
Step 2: after avionics NS software unit 101 unpacks avionics network communication frame, being sent by communication pipe To communication control management unit 103.
Step 3: after communication control management unit 103 receives data-message, according to avionics NS software rule inspection The sender of data-message and the compliance of recipient, if sender and recipient close rule, by data-message via communication Pipeline issues information network access control unit 102, is transferred to step 4;Otherwise, the data-message is abandoned, transmission process is terminated.
Step 4: after information network access control unit 102 receives data-message, according to information network access control rule Data-message is sent to the lower security classes of applications positioned at information network domain.
Data between avionics network domains and information network domain in transmission process, supervise in real time by running state monitoring unit 104 The operating status for controlling avionics NS software unit 101, information network access control unit 102, when detecting operation When failure, fault log is recorded, restores avionics NS software unit 101 and information network access control unit 102 to just Normal operating status;Stop recovery operation if continuous 3 times are restored all to fail, and records fault log.

Claims (7)

1. the intercommunication system between avionics network domains and information network domain, it is characterised in that: the intercommunication system setting In the network domains boundary Control device of airborne information network, including following procedure module:
Avionics NS software unit (101): being responsible for and avionics network end node hardware communications, and passes through communication control management Unit (103) is communicated with information network access control unit (102);
Information network access control unit (102): being responsible for and information network end node hardware communications, and passes through communication control management Unit (103) is communicated with avionics NS software unit (101);
Communication control management unit (103): it is responsible for avionics NS software unit (101) and information network access control unit (102) communication control between.
2. the intercommunication system between avionics network domains according to claim 1 and information network domain, it is characterised in that: also Including running state monitoring unit (104), for monitoring avionics NS software unit (101) and information network access control The operating status of unit (102), while recording and saving log.
3. the two-way communication between avionics network domains and information network domain, it is characterised in that:
From information network domain to the data transmission procedure of avionics network domains the following steps are included:
1.1) information network access control unit (102), which receives, is located at the data that the lower security classes of applications in information network domain is sent Message checks whether data-message is credible according to information network access control rule, if data-message is credible, to lower security etc. Grade application sends response message, is transferred to step 1.2);If data-message is insincere, the data-message is abandoned, termination is transmitted across Journey;
1.2) believable data-message is issued into communication control management unit (103) by communication pipe;
1.3) communication control management unit (103) checks the hair of its received data-message according to avionics NS software rule Data-message is issued avionics by communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient NS software unit (101) is transferred to step 1.4);If either one irregularity in sender and recipient, abandons the data Message terminates transmission process;
1.4) avionics NS software unit (101) checks the conjunction of its received data-message according to avionics network communication rule Data-message is first packaged into avionics network communication frame according to network configuration, is then forwarded to position by rule property if data-message closes rule In the high safety grade application of avionics network domains;If data-message irregularity, the data-message is abandoned, terminates transmission process;
From avionics network domains to the data transmission procedure in information network domain the following steps are included:
2.1) avionics NS software unit (101) is answered according to the high safety grade that network configuration reception is located at avionics network domains With the avionics network communication frame of transmission;
2.2) it after avionics NS software unit (101) unpacks avionics network communication frame, is sent to by communication pipe logical Letter control administrative unit (103);
2.3) communication control management unit (103) checks the hair of its received data-message according to avionics NS software rule Data-message is issued information via communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient NS software unit (102), is transferred to step 2.4);If sender and either one irregularity of recipient, abandon the data Message terminates transmission process;
2.4) the avionics data that information network access control unit (102) is received it according to rule are sent to positioned at Information Network The lower security classes of applications in network domain.
4. the two-way communication between avionics network domains according to claim 3 and information network domain, it is characterised in that: number According in the transmission process between avionics network domains and information network domain, monitor in real time avionics NS software unit (101) and The operating status of information network access control unit (102), while recording and saving log.
5. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist In: information network access control rule described in step 1.1) is calculated by sender's IP address, sender's communication port numbers, signature Method and algorithm secret key composition.
6. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist In: avionics NS software rule described in step 1.3) and step 2.3) is disappeared by sender's IP address, sender's data Cease title, recipient's avionics network address, recipient's communication port numbers, message unique value, message-length composition.
7. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist In: avionics network communication rule described in step 1.4) by avionics network hardware number, communication type, communication port numbers, logical Believe direction composition.
CN201910135922.6A 2019-02-19 2019-02-19 Bidirectional communication system and method between avionic network domain and information network domain Active CN109714366B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910135922.6A CN109714366B (en) 2019-02-19 2019-02-19 Bidirectional communication system and method between avionic network domain and information network domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910135922.6A CN109714366B (en) 2019-02-19 2019-02-19 Bidirectional communication system and method between avionic network domain and information network domain

Publications (2)

Publication Number Publication Date
CN109714366A true CN109714366A (en) 2019-05-03
CN109714366B CN109714366B (en) 2021-06-04

Family

ID=66264846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910135922.6A Active CN109714366B (en) 2019-02-19 2019-02-19 Bidirectional communication system and method between avionic network domain and information network domain

Country Status (1)

Country Link
CN (1) CN109714366B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601544A (en) * 2014-12-05 2015-05-06 中国航空工业集团公司第六三一研究所 Aviation data service communication method for airborne network service system
US9300645B1 (en) * 2013-03-14 2016-03-29 Ip Holdings, Inc. Mobile IO input and output for smartphones, tablet, and wireless devices including touch screen, voice, pen, and gestures
CN107888599A (en) * 2017-11-17 2018-04-06 中国航空工业集团公司西安航空计算技术研究所 Intercommunication system and method between a kind of avionics height secure network domain
CN107920116A (en) * 2017-11-17 2018-04-17 中国航空工业集团公司西安航空计算技术研究所 A kind of onboard networks service data communications method of dynamic extending

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9300645B1 (en) * 2013-03-14 2016-03-29 Ip Holdings, Inc. Mobile IO input and output for smartphones, tablet, and wireless devices including touch screen, voice, pen, and gestures
CN104601544A (en) * 2014-12-05 2015-05-06 中国航空工业集团公司第六三一研究所 Aviation data service communication method for airborne network service system
CN107888599A (en) * 2017-11-17 2018-04-06 中国航空工业集团公司西安航空计算技术研究所 Intercommunication system and method between a kind of avionics height secure network domain
CN107920116A (en) * 2017-11-17 2018-04-17 中国航空工业集团公司西安航空计算技术研究所 A kind of onboard networks service data communications method of dynamic extending

Also Published As

Publication number Publication date
CN109714366B (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CA2659120C (en) Methods and systems for network failure reporting
CN105991384B (en) The space flight ethernet communication method of compatible time trigger Ethernet and 1553B
CN107888599B (en) Two-way communication system and method between high-low security network domains of avionics
RU2653261C1 (en) Architecture of broadband communication network, unified train management network and train service network, and method of communication with its application
US8094576B2 (en) Integrated switch tap arrangement with visual display arrangement and methods thereof
US8432827B2 (en) Arrangement for utilization rate display and methods thereof
CN101689234B (en) Access control onboard system for communication from open domain to avionics domain
CN104219218B (en) A kind of method and device of active safety defence
CN101529763A (en) Disabled state and state signaling for link aggregation
CN105681313A (en) Flow detection system and method for virtualization environment
SA111320469B1 (en) Secure System for Interconnection Between Two Public Networks
CN100521685C (en) Security-translator and method for testing the integrality of the security-translator
KR20110118962A (en) Apparatus and method that transmit dynamic lane information in multi-lane based ethernet
CN209086928U (en) A kind of deployment architecture of database audit
CN103051482B (en) Based on a kind of port isolation of FC switch and the implementation method of recovery
CN109714366A (en) Intercommunication system and method between avionics network domains and information network domain
CN109831438A (en) Intercommunication system and method between avionics network domains based on virtualization and information network domain
CN114884887B (en) Security-oriented AFDX switch credit dynamic management system and method
Timmerman A security model for dynamic adaptive traffic masking
Fourneau et al. Multiple class G-networks with jumps back to zero
CN103607288B (en) The linear lossless network guard method of data network
CN101888386A (en) Firewall device for No.7 signaling network
Scheer et al. Selecting, designing, and installing modern data networks in electrical substations
Zimmermann et al. Dependability evaluation of AFDX real-time avionic communication networks
Tian et al. Analysis of AFDX network delay based on NS2

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant