CN109714366A - Intercommunication system and method between avionics network domains and information network domain - Google Patents
Intercommunication system and method between avionics network domains and information network domain Download PDFInfo
- Publication number
- CN109714366A CN109714366A CN201910135922.6A CN201910135922A CN109714366A CN 109714366 A CN109714366 A CN 109714366A CN 201910135922 A CN201910135922 A CN 201910135922A CN 109714366 A CN109714366 A CN 109714366A
- Authority
- CN
- China
- Prior art keywords
- avionics
- network
- message
- data
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
Effectively to solve the problems, such as that the security isolation of two-way communication and flow direction are protected between avionics network domains and information network domain under airborne circumstance, the present invention provides the intercommunication systems and method between a kind of avionics network domains and information network domain.Avionics NS software unit is arranged in the present invention inside the network domains boundary Control device of airborne information network, information network access control unit and communication control management unit, in the module of avionics NS software unit deployment and high safety grade application communication, the module communicated with lower security classes of applications is disposed in information network access control unit, and operation is isolated between each module, it can effectively solve the problem that the problem of security isolation of two-way communication and flow direction are protected between avionics network domains and information network domain under airborne circumstance, two-way secure communication provides a solution between civil onboard information network and avionics network.
Description
Technical field
The present invention relates to the intercommunication systems and method between a kind of avionics network domains and information network domain.
Background technique
In aviation field, the high safety run in avionics system, which is applied, provides guarantor for the normal operation of entire aircraft
Barrier.In aircraft conventional electronic system, avionics data are existed by avionics network (such as avionic full-duplex switched-type Ethernet)
It is transmitted in closed airborne circumstance, not will receive external information security attack, ensure that the safety of avionics data.With
Extensive application of the information technology in civil avionics system, in order to provide more, more convenient service to aircraft operator,
Aircraft designers introduce the airborne information service system based on Ethernet, are realized by resident and operation lower security classes of applications
The information service of multiplicity.
Civil airplane avionics system network domains are divided into the avionics network domains of high safety and the information of lower security
Network domains are resident the application (security level A~C grade) higher ranked with operational safety, in information network in avionics network domains
It is resident and the junior application (D~E grades of security level) of operational safety in domain.In order to realize service function demand, high safety
The a large amount of data of real-time exchange are needed between classes of applications and lower security classes of applications.It is come from for this purpose, avionics network domains will face
The network information security in information network domain threatens, and then adversely affects to its safety, comes not for airplane operation safety belt
Benefit influences.
Summary of the invention
For the security isolation and stream for effectively solving two-way communication between avionics network domains and information network domain under airborne circumstance
To the problem of protection, the present invention provides the intercommunication systems and method between a kind of avionics network domains and information network domain.
The technical scheme is that
Intercommunication system between avionics network domains and information network domain is characterized in that the two-way communication system
System is arranged in the network domains boundary Control device of airborne information network, including following procedure module:
Avionics NS software unit: being responsible for and avionics network end node hardware communications, and passes through communication control management
Unit is communicated with information network access control unit;
Information network access control unit: being responsible for and information network end node hardware communications, and passes through communication control management
Unit and avionics NS software unit communication;
Communication control management unit: it is responsible between avionics NS software unit and information network access control unit
Communication control.
It further, further include running state monitoring unit, for monitoring avionics NS software unit and Information Network
The operating status of network access control unit, while recording and saving log.
The present invention also provides the two-way communication between a kind of avionics network domains and information network domain, special character exists
In:
From information network domain to the data transmission procedure of avionics network domains the following steps are included:
1.1) information network access control unit, which receives, is located at the data that the lower security classes of applications in information network domain is sent
Message checks whether data-message is credible according to information network access control rule, if data-message is credible, to lower security etc.
Grade application sends response message, is transferred to step 1.2);If data-message is insincere, the data-message is abandoned, termination is transmitted across
Journey;
1.2) believable data-message is issued into communication control management unit by communication pipe;
1.3) communication control management unit checks the hair of its received data-message according to avionics NS software rule
Data-message is issued avionics by communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient
NS software unit, is transferred to step 1.4);If irregularity either in sender and recipient, abandons the data and disappears
Breath terminates transmission process;
1.4) avionics NS software unit checks the conjunction of its received data-message according to avionics network communication rule
Data-message is first packaged into avionics network communication frame according to network configuration, is then forwarded to position by rule property if data-message closes rule
In the high safety grade application of avionics network domains;If data-message irregularity, the data-message is abandoned, terminates transmission process;
From avionics network domains to the data transmission procedure in information network domain the following steps are included:
2.1) avionics NS software unit is answered according to the high safety grade that network configuration reception is located at avionics network domains
With the avionics network communication frame of transmission;
2.2) after avionics NS software unit unpacks avionics network communication frame, communication is sent to by communication pipe
Control administrative unit;
2.3) communication control management unit checks the hair of its received data-message according to avionics NS software rule
Data-message is issued information via communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient
NS software unit, is transferred to step 2.4);If sender and either one irregularity of recipient, abandon the data-message,
Terminate transmission process;
2.4) the avionics data that information network access control unit is received it according to rule are sent to positioned at Information Network
The lower security classes of applications in network domain.
Further, data in transmission process, monitor avionics network in real time between avionics network domains and information network domain
The operating status of access control unit and information network access control unit, while recording and saving log.
Further, information network access control rule described in step 1.1) is led to by sender's IP address, sender
Believe port numbers, signature algorithm and algorithm secret key composition.
Further, avionics NS software rule described in step 1.3) and step 2.3) is by sender IP
Location, sender's data-message title, recipient's avionics network address, recipient's communication port numbers, message unique value, message-length
Composition.
Further, the rule of avionics network communication described in step 1.4) by avionics network hardware number, communication type,
Communication port numbers, communication direction composition.
Advantages of the present invention:
1, avionics NS software list is arranged in the present invention inside the network domains boundary Control device of airborne information network
Member, information network access control unit and communication control management unit, in the deployment of avionics NS software unit and high safety
The module of classes of applications communication disposes the module communicated with lower security classes of applications in information network access control unit, and each
Operation is isolated between a unit (program module), can effectively solve the problem that under airborne circumstance between avionics network domains and information network domain
The problem of security isolation and flow direction of two-way communication are protected, bidirectional safe is logical between civil onboard information network and avionics network
Letter provides a solution.
2, the present invention is visited by configuring avionics network communication rule in avionics NS software unit in information network
It asks configuration information network access control rule in control unit, avionics NS software is configured in communication control management unit
Rule realizes the fine granularity control of multilevel security.
Detailed description of the invention
Fig. 1 is overall architecture schematic diagram of the invention.
Fig. 2 is the data flow model that information network domain of the invention flows to avionics network domains.
Fig. 3 is the data flow model that avionics network domains of the invention flow to information network domain.
Specific embodiment
Below in conjunction with attached drawing, the invention will be further described.
The present invention realizes the safety of the two-way communication between avionics network domains and information network domain.
1. framework forms
Framework composition of the invention is as shown in Figure 1, include the following procedure mould being arranged in network domains boundary Control device
Block:
Avionics NS software unit 101: being responsible for and avionics network end node hardware communications, and passes through communication control pipe
Reason unit 103 is communicated with information network access control unit 102.
Information network access control unit 102: being responsible for and information network end node hardware communications, and passes through communication control pipe
Reason unit 103 is communicated with avionics NS software unit 101.
Communication control management unit 103: it is responsible for avionics NS software unit 101 and information network access control unit
Communication control between 102.
Running state monitoring unit 104: monitoring avionics NS software unit 101, information network access control unit
102 operating status, while recording and saving log.
2. data-flow-control simulation
The present invention realizes the separation control of communication flow direction, number by the traffic organising of functional module isolation and communication information
It is as shown in Figures 2 and 3 according to flow model.
As shown in Fig. 2, flowing to the data transmission procedure of avionics network domains from information network domain are as follows:
Step 1: the lower security classes of applications positioned at information network domain sends data to information network access control unit 102
Message after information network access control unit 102 receives data-message, checks data according to information network access control rule
Whether message is credible, if the data-message is credible, sends response message to lower security classes of applications, is transferred to step 2;It is no
The data-message is then abandoned, transmission process is terminated.Information network access control rule is by sender's IP address, sender's communication ends
Slogan, signature algorithm and algorithm secret key composition.
Step 2: data-message is issued communication control management list by communication pipe by information network access control unit 102
Member 103.
Step 3: after communication control management unit 103 receives data-message, according to avionics NS software rule inspection
The sender of data-message and the compliance of recipient are issued if sender and recipient close rule by communication pipe
Avionics NS software unit 101, is transferred to step 4;Otherwise the message is abandoned, transmission process is terminated.The access control of avionics network
System rule by sender's IP address, sender's data-message title, recipient's avionics network address, recipient's communication port numbers,
Message unique value, message-length composition.
Step 4: after avionics NS software unit 101 receives data-message, according to avionics network communication rule inspection
Data-message is first packaged into avionics network according to network configuration and led to by the compliance of data-message if data-message closes rule
Believe frame, then the high safety grade application positioned at avionics network domains is sent to by avionics network end node hardware;Otherwise abandoning should
Data-message.Avionics network communication rule is made of avionics network hardware number, communication type, communication port numbers, communication direction.
As shown in figure 3, flowing to the transmission process in information network domain from avionics network domains are as follows:
Step 1: being applied positioned at the high safety grade of avionics network domains and avionics network communication frame is sent extremely by avionics network
Avionics NS software unit 101 in network domains boundary Control device.
Step 2: after avionics NS software unit 101 unpacks avionics network communication frame, being sent by communication pipe
To communication control management unit 103.
Step 3: after communication control management unit 103 receives data-message, according to avionics NS software rule inspection
The sender of data-message and the compliance of recipient, if sender and recipient close rule, by data-message via communication
Pipeline issues information network access control unit 102, is transferred to step 4;Otherwise, the data-message is abandoned, transmission process is terminated.
Step 4: after information network access control unit 102 receives data-message, according to information network access control rule
Data-message is sent to the lower security classes of applications positioned at information network domain.
Data between avionics network domains and information network domain in transmission process, supervise in real time by running state monitoring unit 104
The operating status for controlling avionics NS software unit 101, information network access control unit 102, when detecting operation
When failure, fault log is recorded, restores avionics NS software unit 101 and information network access control unit 102 to just
Normal operating status;Stop recovery operation if continuous 3 times are restored all to fail, and records fault log.
Claims (7)
1. the intercommunication system between avionics network domains and information network domain, it is characterised in that: the intercommunication system setting
In the network domains boundary Control device of airborne information network, including following procedure module:
Avionics NS software unit (101): being responsible for and avionics network end node hardware communications, and passes through communication control management
Unit (103) is communicated with information network access control unit (102);
Information network access control unit (102): being responsible for and information network end node hardware communications, and passes through communication control management
Unit (103) is communicated with avionics NS software unit (101);
Communication control management unit (103): it is responsible for avionics NS software unit (101) and information network access control unit
(102) communication control between.
2. the intercommunication system between avionics network domains according to claim 1 and information network domain, it is characterised in that: also
Including running state monitoring unit (104), for monitoring avionics NS software unit (101) and information network access control
The operating status of unit (102), while recording and saving log.
3. the two-way communication between avionics network domains and information network domain, it is characterised in that:
From information network domain to the data transmission procedure of avionics network domains the following steps are included:
1.1) information network access control unit (102), which receives, is located at the data that the lower security classes of applications in information network domain is sent
Message checks whether data-message is credible according to information network access control rule, if data-message is credible, to lower security etc.
Grade application sends response message, is transferred to step 1.2);If data-message is insincere, the data-message is abandoned, termination is transmitted across
Journey;
1.2) believable data-message is issued into communication control management unit (103) by communication pipe;
1.3) communication control management unit (103) checks the hair of its received data-message according to avionics NS software rule
Data-message is issued avionics by communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient
NS software unit (101) is transferred to step 1.4);If either one irregularity in sender and recipient, abandons the data
Message terminates transmission process;
1.4) avionics NS software unit (101) checks the conjunction of its received data-message according to avionics network communication rule
Data-message is first packaged into avionics network communication frame according to network configuration, is then forwarded to position by rule property if data-message closes rule
In the high safety grade application of avionics network domains;If data-message irregularity, the data-message is abandoned, terminates transmission process;
From avionics network domains to the data transmission procedure in information network domain the following steps are included:
2.1) avionics NS software unit (101) is answered according to the high safety grade that network configuration reception is located at avionics network domains
With the avionics network communication frame of transmission;
2.2) it after avionics NS software unit (101) unpacks avionics network communication frame, is sent to by communication pipe logical
Letter control administrative unit (103);
2.3) communication control management unit (103) checks the hair of its received data-message according to avionics NS software rule
Data-message is issued information via communication pipe if sender and recipient close rule by the compliance of the side of sending and recipient
NS software unit (102), is transferred to step 2.4);If sender and either one irregularity of recipient, abandon the data
Message terminates transmission process;
2.4) the avionics data that information network access control unit (102) is received it according to rule are sent to positioned at Information Network
The lower security classes of applications in network domain.
4. the two-way communication between avionics network domains according to claim 3 and information network domain, it is characterised in that: number
According in the transmission process between avionics network domains and information network domain, monitor in real time avionics NS software unit (101) and
The operating status of information network access control unit (102), while recording and saving log.
5. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist
In: information network access control rule described in step 1.1) is calculated by sender's IP address, sender's communication port numbers, signature
Method and algorithm secret key composition.
6. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist
In: avionics NS software rule described in step 1.3) and step 2.3) is disappeared by sender's IP address, sender's data
Cease title, recipient's avionics network address, recipient's communication port numbers, message unique value, message-length composition.
7. the two-way communication between avionics network domains according to claim 3 or 4 and information network domain, feature exist
In: avionics network communication rule described in step 1.4) by avionics network hardware number, communication type, communication port numbers, logical
Believe direction composition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910135922.6A CN109714366B (en) | 2019-02-19 | 2019-02-19 | Bidirectional communication system and method between avionic network domain and information network domain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910135922.6A CN109714366B (en) | 2019-02-19 | 2019-02-19 | Bidirectional communication system and method between avionic network domain and information network domain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109714366A true CN109714366A (en) | 2019-05-03 |
CN109714366B CN109714366B (en) | 2021-06-04 |
Family
ID=66264846
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910135922.6A Active CN109714366B (en) | 2019-02-19 | 2019-02-19 | Bidirectional communication system and method between avionic network domain and information network domain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109714366B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104601544A (en) * | 2014-12-05 | 2015-05-06 | 中国航空工业集团公司第六三一研究所 | Aviation data service communication method for airborne network service system |
US9300645B1 (en) * | 2013-03-14 | 2016-03-29 | Ip Holdings, Inc. | Mobile IO input and output for smartphones, tablet, and wireless devices including touch screen, voice, pen, and gestures |
CN107888599A (en) * | 2017-11-17 | 2018-04-06 | 中国航空工业集团公司西安航空计算技术研究所 | Intercommunication system and method between a kind of avionics height secure network domain |
CN107920116A (en) * | 2017-11-17 | 2018-04-17 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of onboard networks service data communications method of dynamic extending |
-
2019
- 2019-02-19 CN CN201910135922.6A patent/CN109714366B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9300645B1 (en) * | 2013-03-14 | 2016-03-29 | Ip Holdings, Inc. | Mobile IO input and output for smartphones, tablet, and wireless devices including touch screen, voice, pen, and gestures |
CN104601544A (en) * | 2014-12-05 | 2015-05-06 | 中国航空工业集团公司第六三一研究所 | Aviation data service communication method for airborne network service system |
CN107888599A (en) * | 2017-11-17 | 2018-04-06 | 中国航空工业集团公司西安航空计算技术研究所 | Intercommunication system and method between a kind of avionics height secure network domain |
CN107920116A (en) * | 2017-11-17 | 2018-04-17 | 中国航空工业集团公司西安航空计算技术研究所 | A kind of onboard networks service data communications method of dynamic extending |
Also Published As
Publication number | Publication date |
---|---|
CN109714366B (en) | 2021-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2659120C (en) | Methods and systems for network failure reporting | |
CN105991384B (en) | The space flight ethernet communication method of compatible time trigger Ethernet and 1553B | |
CN107888599B (en) | Two-way communication system and method between high-low security network domains of avionics | |
RU2653261C1 (en) | Architecture of broadband communication network, unified train management network and train service network, and method of communication with its application | |
US8094576B2 (en) | Integrated switch tap arrangement with visual display arrangement and methods thereof | |
US8432827B2 (en) | Arrangement for utilization rate display and methods thereof | |
CN101689234B (en) | Access control onboard system for communication from open domain to avionics domain | |
CN104219218B (en) | A kind of method and device of active safety defence | |
CN101529763A (en) | Disabled state and state signaling for link aggregation | |
CN105681313A (en) | Flow detection system and method for virtualization environment | |
SA111320469B1 (en) | Secure System for Interconnection Between Two Public Networks | |
CN100521685C (en) | Security-translator and method for testing the integrality of the security-translator | |
KR20110118962A (en) | Apparatus and method that transmit dynamic lane information in multi-lane based ethernet | |
CN209086928U (en) | A kind of deployment architecture of database audit | |
CN103051482B (en) | Based on a kind of port isolation of FC switch and the implementation method of recovery | |
CN109714366A (en) | Intercommunication system and method between avionics network domains and information network domain | |
CN109831438A (en) | Intercommunication system and method between avionics network domains based on virtualization and information network domain | |
CN114884887B (en) | Security-oriented AFDX switch credit dynamic management system and method | |
Timmerman | A security model for dynamic adaptive traffic masking | |
Fourneau et al. | Multiple class G-networks with jumps back to zero | |
CN103607288B (en) | The linear lossless network guard method of data network | |
CN101888386A (en) | Firewall device for No.7 signaling network | |
Scheer et al. | Selecting, designing, and installing modern data networks in electrical substations | |
Zimmermann et al. | Dependability evaluation of AFDX real-time avionic communication networks | |
Tian et al. | Analysis of AFDX network delay based on NS2 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |