EP1008947A1 - Method of bringing an air traffic service unit into use - Google Patents
Method of bringing an air traffic service unit into use Download PDFInfo
- Publication number
- EP1008947A1 EP1008947A1 EP99403069A EP99403069A EP1008947A1 EP 1008947 A1 EP1008947 A1 EP 1008947A1 EP 99403069 A EP99403069 A EP 99403069A EP 99403069 A EP99403069 A EP 99403069A EP 1008947 A1 EP1008947 A1 EP 1008947A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- allowed
- air traffic
- false
- applications
- service unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q99/00—Subject matter not provided for in other groups of this subclass
Definitions
- the present invention relates to a method of implementation of an air traffic service unit.
- This traffic service unit air aims to manage the connections between certain aircraft equipment (such as flight management system (FMS), the computer central maintenance (CMC), the flight alarm system (FWS) %) and the ground / on-board communication means (such that satellite communication (SatCom), the link HF data (HFDL), the presentation system and system communication addressing (ACARS) ).
- FMS flight management system
- CMC computer central maintenance
- FWS flight alarm system
- ground / on-board communication means such that satellite communication (SatCom), the link HF data (HFDL), the presentation system and system communication addressing (ACARS) .
- the operating system 10 manages the inputs / outputs 11, resource use software 12 and hardware 13, the sequence and timing of applications 14: A1 .... An.
- Software resources are the equivalent of subroutines usable by applications and / or the operating system (communications management, libraries, ).
- Material resources include memories, bus, registers, processor, co-processor ...
- Applications are programs that perform each an aircraft system functionality, for example controller / pilot data link communication (CPDLC).
- CPDLC controller / pilot data link communication
- the mission of the air traffic service unit is to increase the operational capabilities of the airplane by automating pilot exchanges / controllers via the use of networks of data communication.
- the air traffic service unit supports the basis of communication and surveillance activities included in the general concept FANS-CNS / ATM within of the ATIMS system.
- the classification of functions offered by the air traffic service does not require architecture particular.
- Figure 3 illustrates the software structure of air traffic service unit with software independent and with their loading relationships.
- Figure 4 illustrates the functions of the unit of air traffic service with their positioning for applications and for the software platform.
- the manufacturer of the traffic service unit air must certify the equipment to various official bodies, certify meaning: to know, check and guarantee the operation of the assembly in all possible operating modes, including including degraded modes or in the event of failure to some of its elements. It is a known procedure and under control.
- Certification has two functions: a purely administrative function equivalent to a authorization to use on commercial aircraft and especially a security guarantee function.
- the certification ensures that the operation or equipment malfunction will have no unacceptable consequences.
- the level of allowed malfunction varies by role functional of the equipment in the aircraft: thus the equipment that manages the individual reading lights of passengers are not subject to the same constraints as a flight control calculator.
- the document [2] illustrates that the complete software of a on-board equipment is affected by certification.
- the subject of the invention is, in the case specific to AOC applications, not to require no certification, such software applications being located at level E (minimum level of criticality of failures vis-à-vis the aircraft), and therefore of reconciling the two needs: certifying the equipment as a whole (i.e. AOC applications included) and allow companies to implement their own applications.
- the present invention relates to a method of implementation of an air traffic service unit (ATSU) which manages the links between certain equipment airplane and ground / on-board communication means, and of which the operating system (OS) manages inputs / outputs, resource use software and hardware, the sequence and application timing, which are programs realizing functionality of the aircraft system, and in which we use cutting mechanisms of the memory, and unit splitting mechanisms central, said method being characterized in that we filter the calls to the operating system from operational communication applications airline or AOC so as to ban said applications to disrupt the operation of said air traffic service unit.
- ATSU air traffic service unit
- OS operating system
- filtering is carried out by the Hook method. This filtering allows only the authorized system calls.
- the invention relates to a method of setting work of the air traffic service unit (ATSU) which manages the connections between certain aircraft equipment and ground / on-board communication means, including operating system (OS) manages the inputs / outputs, the use of software resources and material, the sequence and timing of applications, which are programs that perform aircraft system functionality.
- ATSU air traffic service unit
- OS operating system
- Service unit software architecture of air traffic is based on the use of a system real-time operating system that manages the processing. A software subset is applied to each treatment.
- the invention consists in filtering calls to operating system from AOC-type applications so as to prohibit said applications from disrupt the operation of the service unit air traffic.
- the application cannot perform these accesses directly: it performs operating system access requests through a configured software interruption.
- the parameters define the type of access desired, i.e. the functionality called.
- the operating system manufacturer has planned a possibility called HOOK method allowing during a system call to launch a procedure just before the processing of the call by the operating system.
- Document [3] gives two examples of tests performed on ATSU software and which show the effect filtering by the HOOK procedure.
- any system call activates this dispatcher which ensures the passage in the context of operating system and performs the system call required.
- This dispatcher is the entry point into the operating system ; so this is where the procedure Filter call HOOK is arranged.
- the HOOK procedure is implemented just before distribution and involves enabling activation a treatment (comparable to part of a "Driver") to check the feasibility of the system call.
- the invention relates to a process to prevent these applications from disrupting the rest of the system. We therefore filter all exchanges AOC applications ⁇ operating system.
- the method of the invention includes a filtering procedure, via the HOOK method, operating system calls from AOC applications and authorizing only those who have no influence on what is certified. Each possible system call is analyzed and the risk that its uncontrolled use can cause the overall system is determined individually. Each system call is classified in one of the three categories: refused, conditionally accepted or accepted. During a prohibited system call, the procedure HOOK returns a standard message, do nothing or even end the calling process.
- the operating system thus has a new mechanism which makes it possible to set up, at user level, a control policy for system calls, call by call.
Landscapes
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Traffic Control Systems (AREA)
- Other Investigation Or Analysis Of Materials By Electrical Means (AREA)
Abstract
Description
La présente invention concerne un procédé de mise en oeuvre d'une unité de service de trafic air.The present invention relates to a method of implementation of an air traffic service unit.
Dans les générations d'avions à venir, un nouvel équipement va voir le jour : l'unité de service de trafic air ou ATSU. Cette unité de service de trafic air, telle que décrite dans le document référencé [1] en fin de description, a pour objet de gérer les liaisons entre certains équipements avions (tels le système de gestion de vol (FMS), l'ordinateur de maintenance central (CMC), le système d'alarmes de vol (FWS)...) et les moyens de communication sol/bord (tels que la communication satellite (SatCom), la liaison données HF (HFDL), le système de présentation et d'adressage de communication système (ACARS)...).In future generations of aircraft, a new equipment will see the light of day: the service unit air traffic or ATSU. This traffic service unit air, as described in the document referenced [1] at the end of the description, aims to manage the connections between certain aircraft equipment (such as flight management system (FMS), the computer central maintenance (CMC), the flight alarm system (FWS) ...) and the ground / on-board communication means (such that satellite communication (SatCom), the link HF data (HFDL), the presentation system and system communication addressing (ACARS) ...).
La particularité de l'unité de service de trafic air est d'être conçue comme un calculateur classique avec un système d'exploitation, sur lequel s'exécutent des applications. On retrouve ainsi l'architecture classique illustrée sur la figure 1.The particularity of the service unit air traffic is to be designed as a calculator classic with an operating system, on which run applications. We thus find the classical architecture illustrated in Figure 1.
Le système d'exploitation 10 gère les entrées/sorties 11, l'utilisation des ressources logicielles 12 et matérielles 13, l'enchaínement et le cadencement des applications 14 : A1....An.The operating system 10 manages the inputs / outputs 11, resource use software 12 and hardware 13, the sequence and timing of applications 14: A1 .... An.
Les ressources logicielles sont l'équivalent de sous-programmes utilisables par les applications et/ou le système d'exploitation (gestions des communications, bibliothèques,...). Software resources are the equivalent of subroutines usable by applications and / or the operating system (communications management, libraries, ...).
Les ressources matérielles comprennent mémoires, bus, registres, processeur, co-processeur...Material resources include memories, bus, registers, processor, co-processor ...
Les applications sont des programmes réalisant chacun une fonctionnalité du système avion, par exemple la communication de liaison données contrôleur/pilote (CPDLC).Applications are programs that perform each an aircraft system functionality, for example controller / pilot data link communication (CPDLC).
La mission de l'unité de service de trafic air est d'augmenter les capacités opérationnelles de l'avion en automatisant les échanges pilotes/ contrôleurs via l'utilisation de réseaux de communication de données.The mission of the air traffic service unit is to increase the operational capabilities of the airplane by automating pilot exchanges / controllers via the use of networks of data communication.
L'unité de service de trafic air supporte la base des activités communication et surveillance incluses dans le concept général FANS-CNS/ATM au sein du système ATIMS.The air traffic service unit supports the basis of communication and surveillance activities included in the general concept FANS-CNS / ATM within of the ATIMS system.
Les principales fonctions fournies par l'unité de service de trafic air sont :
- la gestion du dialogue équipage/contrôleur (CPDLC/AFN) ;
- la surveillance dépendante automatique (ADS) ;
- les fonctions d'exploitation de l'avion (AOC), par exemple modification du plan de vol, rapports de maintenance, ... ;
- l'utilisation du réseau ACARS avant la mise en oeuvre du réseau ATN ;
- le routage ACARS.
- management of the crew / controller dialogue (CPDLC / AFN);
- automatic dependent surveillance (ADS);
- aircraft operating functions (AOC), for example modification of the flight plan, maintenance reports, ...;
- the use of the ACARS network before the implementation of the ATN network;
- ACARS routing.
Vis-à-vis des objectifs de sécurité, la classification des fonctions offertes par l'unité de service de trafic air ne nécessite pas d'architecture particulière.With regard to security objectives, the classification of functions offered by the air traffic service does not require architecture particular.
Comme illustré sur la figure 2, l'environnement de l'unité de trafic air est constitué de :
- un système 20 d'accès au sous-réseau air/sol ACARS ;
- des systèmes avioniques 21 tels que :
- système de gestion de vol (FMS),
- système électronique de vol/gestion d'avion centralisée électronique (EFIS/ ECAM),
- ordinateur de maintenance central (CMC),
- système d'avertissement en vol (FWS),
- imprimante,
- unité de commande de disque multi-usage (MDDU),
- horloge ;
- des unités d'affichages (MCDU1, MCDU2, MCDU3,...) ;
- une unité 22 de contrôle de liaison de données et d'affichage.
- a system 20 for access to the ACARS air / ground sub-network;
- avionics systems 21 such as:
- flight management system (FMS),
- electronic flight system / electronic centralized aircraft management (EFIS / ECAM),
- central maintenance computer (CMC),
- flight warning system (FWS),
- printer,
- multi-purpose disk control unit (MDDU),
- clock ;
- display units (MCDU1, MCDU2, MCDU3, ...);
- a data link and display control unit 22.
La figure 3 illustre la structure logicielle de l'unité de service de trafic air avec des logiciels indépendants et avec leurs relations de chargement.Figure 3 illustrates the software structure of air traffic service unit with software independent and with their loading relationships.
La figure 4 illustre les fonctions de l'unité de service de trafic air avec leur positionnement pour les applications et pour la plate-forme logicielle.Figure 4 illustrates the functions of the unit of air traffic service with their positioning for applications and for the software platform.
Le calculateur de l'unité de service de trafic air est composé de deux catégories de fonctions :
- les fonctions basiques qui assurent le rôle fonctionnel de ce calculateur ;
- les fonctions de gestion du système qui n'ont pas d'impact sur le rôle fonctionnel du calculateur. Elles sont chargées de remplir les services classiques de tout calculateur embarqué sur avion (maintenance, surveillance, etc...).
- the basic functions which ensure the functional role of this computer;
- system management functions which have no impact on the functional role of the computer. They are responsible for fulfilling the conventional services of any computer on board an aircraft (maintenance, monitoring, etc.).
Parmi les fonctions basiques on trouve les applications. La terminologie « application » fait référence à un protocole de communication de liaison de données air/sol et à son intégration à bord. Chaque application possède la compétence nécessaire pour le séquencement des traitements différents requis.Among the basic functions are applications. The terminology "application" makes reference to a link communication protocol for air / ground data and its integration on board. Each application has the necessary competence for the sequencing of the different treatments required.
Ces applications comprennent :
- Les applications de service de trafic aérien ou ATC
qui regroupent :
- les services de gestion de trafic aérien (ATMS). Ces applications supportent et initialisent les échanges d'informations bord/sol et sol/bord, les communications de liaison données contrôleur/pilote (CPDLC) et la notification de facilité de trafic aérien (AFN) étant incluses ;
- l'application de surveillance (ADS) qui permet en particulier de donner en permanence la position de l'avion ;
- les services d'information de vol.
- Les applications de communication opérationnelles
compagnie ou AOC.
Lorsque l'unité de service de trafic air est
livrée, la compagnie client peut implémenter des
applications qui lui appartiennent, qu'elle a
développées elle-même ou fait développer par un tiers.
Cette possibilité est très intéressante
commercialement, ces applications permettant à ladite
compagnie d'exploiter pour ses besoins propres
certaines données présentes au niveau de l'avion, qui
ne concernent pas le fonctionnement proprement dit de
l'avion mais son exploitation en tant qu'outil
commercial (durée de certaines parties d'un vol,
consommation de carburant, ..). Ces applications,
appelées AOC, ne sont pas connues du fabricant de
l'unité de service de trafic air.L'unité de service de trafic air doit pouvoir
accueillir de telles applications AOC développées par
des tiers à la demande des compagnies aériennes. Les
contraintes associées à une telle exigence se
traduisent par une structure d'accueil permettant de :
- rendre ces différents développements (réalisation, mise au point et support) les plus autonomes possible ;
- rendre la plate-forme matérielle « transparente » pour le logiciel ;
- garantir une capacité de traitement à chaque processus (temps unité centrale) ;
- garantir la non-perturbation d'une application ATC par une application AOC.
- Air traffic service or ATC applications which include:
- air traffic management services (ATMS). These applications support and initialize on-board / ground and on-board / ground information exchange, controller / pilot data link communications (CPDLC) and air traffic facility notification (AFN) being included;
- the surveillance application (ADS) which in particular makes it possible to permanently give the position of the aircraft;
- flight information services.
- Company or AOC operational communication applications. When the air traffic service unit is delivered, the client company can implement applications that belong to it, that it has developed itself or has developed by a third party. This possibility is very interesting commercially, these applications allowing said company to use for its own needs certain data present at the level of the aircraft, which do not relate to the actual operation of the aircraft but to its operation as a tool. commercial (duration of certain parts of a flight, fuel consumption, etc.). These applications, called AOCs, are not known to the manufacturer of the air traffic service unit. The air traffic service unit must be able to accommodate such AOC applications developed by third parties at the request of the airlines. The constraints associated with such a requirement translate into a reception structure making it possible to:
- make these different developments (production, development and support) as autonomous as possible;
- make the hardware platform “transparent” for the software;
- guarantee processing capacity for each process (central unit time);
- guarantee the non-disturbance of an ATC application by an AOC application.
Le fabricant de l'unité de service de trafic air doit certifier l'équipement auprès de divers organismes officiels, certifier signifiant : connaítre, vérifier et garantir le fonctionnement de l'ensemble dans tous les modes possibles de fonctionnement, y compris des modes dégradés ou lors de défaut de certains de ses éléments. C'est une procédure connue et maítrisée.The manufacturer of the traffic service unit air must certify the equipment to various official bodies, certify meaning: to know, check and guarantee the operation of the assembly in all possible operating modes, including including degraded modes or in the event of failure to some of its elements. It is a known procedure and under control.
La certification a deux fonctions : une fonction purement administrative qui équivaut à une autorisation d'emploi sur avion commercial et surtout une fonction de garantie de sécurité. La certification permet de garantir que le fonctionnement ou le dysfonctionnement d'un équipement n'aura pas de conséquences inacceptables. Le niveau de dysfonctionnement permis varie suivant le rôle fonctionnel de l'équipement dans l'avion : ainsi l'équipement qui gère les liseuses individuelles des passagers n'est pas soumis aux mêmes contraintes qu'un calculateur de commandes de vol. Le document [2] illustre le fait que le logiciel complet d'un équipement de bord est concerné par la certification.Certification has two functions: a purely administrative function equivalent to a authorization to use on commercial aircraft and especially a security guarantee function. The certification ensures that the operation or equipment malfunction will have no unacceptable consequences. The level of allowed malfunction varies by role functional of the equipment in the aircraft: thus the equipment that manages the individual reading lights of passengers are not subject to the same constraints as a flight control calculator. The document [2] illustrates that the complete software of a on-board equipment is affected by certification.
On a donc un équipement dont le fonctionnement est certifié (connu, vérifié et garanti) sur lequel on peut exécuter une application AOC inconnue. Manifestement, le nouvel ensemble n'est plus celui qui a été certifié. Pour le certifier il faudrait recommencer une procédure de certification pour l'ensemble fabriqué, enrichi de la (ou des) application(s) AOC. Une telle procédure serait beaucoup trop chère. De plus l'avantage commercial de proposer à une compagnie la possibilité d'implémenter ses propres applications disparaítrait.So we have equipment whose operation is certified (known, verified and guaranteed) on which can run an unknown AOC application. Obviously, the new set is no longer the one that has been certified. To certify it would be necessary repeat a certification procedure for the whole manufactured, enriched with (or) AOC application (s). Such a procedure would be much too expensive. In addition, the commercial advantage of offering a company the possibility of implementing its own applications disappear.
Pour minimiser les procédures de certification pour chaque évolution, l'unité de service de trafic air met en oeuvre :
- une conception logicielle modulaire ;
- un concept de plate-forme centrale ;
- des interfaces de haut niveau entre cette plate-forme centrale et les applications ;
- une séparation des applications.
- modular software design;
- a central platform concept;
- high-level interfaces between this central platform and the applications;
- separation of applications.
Afin de concentrer les intégration/validation détaillées et la qualification uniquement sur l'application modifiée/ajoutée, le procédé réduit résulte d'une analyse d'impact de modification lorsqu'un nouveau logiciel (sauf les applications AOC) est ajouté.In order to focus integration / validation detailed and qualification only on the modified / added application, the reduced process results from a modification impact analysis when new software (except AOC applications) is added.
Une certification initiale de l'unité de service de trafic air couvre, bien sûr, tous les aspects, mais la certification d'une évolution de cette unité de service de trafic air ne doit pas se focaliser sur les nouvelles parties modifiées.An initial certification of the unit of air traffic service covers, of course, all aspects but the certification of an evolution of this air traffic service unit should not focus on the new modified parts.
L'invention a pour objet, dans le cas spécifique des applications AOC, de ne nécessiter aucune certification, le logiciel de telles applications étant situé au niveau E (niveau minimum de criticité de pannes vis-à-vis de l'avion), et donc de concilier les deux nécessités : certifier l'équipement dans son ensemble (c'est-à-dire applications AOC comprises) et permettre aux compagnies d'implémenter des applications qui leur sont propres.The subject of the invention is, in the case specific to AOC applications, not to require no certification, such software applications being located at level E (minimum level of criticality of failures vis-à-vis the aircraft), and therefore of reconciling the two needs: certifying the equipment as a whole (i.e. AOC applications included) and allow companies to implement their own applications.
La présente invention concerne un procédé de mise en oeuvre d'une unité de service de trafic air (ATSU) qui gère les liaisons entre certains équipements avion et les moyens de communication sol/bord, et dont le système d'exploitation (OS) gère les entrées/sorties, l'utilisation des ressources logicielles et matérielles, l'enchaínement et le cadencement des applications, qui sont des programmes réalisant des fonctionnalités du système avion, et dans lequel on utilise des mécanismes de découpage de la mémoire, et des mécanismes de découpage de l'unité centrale, ledit procédé étant caractérisé en ce que l'on filtre les appels au système d'exploitation issus d'applications de communication opérationnelle compagnie aérienne ou AOC de manière à interdire auxdites applications de perturber le fonctionnement de ladite unité de service de trafic air.The present invention relates to a method of implementation of an air traffic service unit (ATSU) which manages the links between certain equipment airplane and ground / on-board communication means, and of which the operating system (OS) manages inputs / outputs, resource use software and hardware, the sequence and application timing, which are programs realizing functionality of the aircraft system, and in which we use cutting mechanisms of the memory, and unit splitting mechanisms central, said method being characterized in that we filter the calls to the operating system from operational communication applications airline or AOC so as to ban said applications to disrupt the operation of said air traffic service unit.
Avantageusement le filtrage est réalisé par la méthode Hook. Ce filtrage ne laisse passer que les appels système autorisés. Advantageously, filtering is carried out by the Hook method. This filtering allows only the authorized system calls.
Dans un mode de réalisation avantageux, un logiciel de contrôle des appels système permet de :
- configurer les filtres dont certaines caractéristiques peuvent être fixées par un processus « super-utilisateur », de l'unité de service de trafic air ;
- filtrer les appels système qui doivent l'être ;
- enregistrer dans une zone spécifique les refus d'exécution d'appels système ;
- fournir, à la demande du processus super-utilisateur de l'unité de service de trafic air, les données stockées sur les rejets d'appels système.
- configure the filters, certain characteristics of which can be fixed by a “super-user” process, from the air traffic service unit;
- filter the system calls that should be;
- record refusals to execute system calls in a specific zone;
- provide, on request of the air traffic service unit superuser process, the data stored on system call rejections.
- La figure 1 illustre la structure de l'unité de service de trafic air ;Figure 1 illustrates the structure of the unit air traffic service;
- la figure 2 illustre l'environnement de l'unité de service de trafic air ;Figure 2 illustrates the environment of the air traffic service unit;
- la figure 3 illustre la structure logicielle de l'unité de service de trafic air ;Figure 3 illustrates the software structure the air traffic service unit;
- la figure 4 illustre les fonctions de l'unité de service de trafic air ;Figure 4 illustrates the functions of the unit air traffic service;
- la figure 5 illustre le procédé de l'invention.FIG. 5 illustrates the method of the invention.
L'invention concerne un procédé de mise en oeuvre de l'unité de service de trafic air (ATSU) qui gère les liaisons entre certains équipements avion et les moyens de communication sol/bord, et dont le système d'exploitation (OS) gère les entrées/sorties, l'utilisation des ressources logicielles et matérielles, l'enchaínement et le cadencement des applications, qui sont des programmes réalisant des fonctionnalités du système avion.The invention relates to a method of setting work of the air traffic service unit (ATSU) which manages the connections between certain aircraft equipment and ground / on-board communication means, including operating system (OS) manages the inputs / outputs, the use of software resources and material, the sequence and timing of applications, which are programs that perform aircraft system functionality.
L'architecture logicielle de l'unité de service de trafic air est basée sur l'utilisation d'un système d'exploitation temps réel qui gère les traitements. Un sous-ensemble logiciel est appliqué sur chaque traitement.Service unit software architecture of air traffic is based on the use of a system real-time operating system that manages the processing. A software subset is applied to each treatment.
Chaque traitement est protégé des autres traitements par différents mécanismes de protection tels que :
- Un découpage de la mémoire
Le système d'exploitation utilise une unité de
gestion de mémoire (MMU) du microprocesseur de telle
manière que deux étapes sont nécessaires pour traduire
l'adresse logique du code courant en adresse physique :
- adresse logique → adresse linéaire au travers d'un mécanisme de segmentation de l'unité de gestion de mémoire ;
- adresse linéaire → adresse physique au travers d'un mécanisme de pagination de l'unité de gestion de mémoire.
- le code utilisateur (non privilégié) ne peut accéder directement le code système d'exploitation ou espace de données. Seul un accès indirect au travers des appels au système d'exploitation est possible ;
- le code procédé ne peut accéder un autre code procédé ou espace de données.
- Un découpage de l'utilisation de l'unité centrale de traitement. Chaque procédé peut être composé de quatre tâches au maximum. Chaque tâche a une priorité inférieure ou égale à la priorité du procédé dont elle est issue. Le système d'exploitation fournit un relevé de priorité préemptif combiné avec une gestion circulaire par niveau de priorité. Ainsi une tâche de bas niveau ne peut empêcher une tâche de niveau supérieur d'utiliser l'unité centrale et une tâche ne peut monopoliser l'unité centrale indéfiniment au détriment d'une tâche ayant la même priorité.
- Memory splitting The operating system uses a memory management unit (MMU) of the microprocessor so that two steps are necessary to translate the logical address of the current code into a physical address:
- logical address → linear address through a segmentation mechanism of the memory management unit;
- linear address → physical address through a paging mechanism of the memory management unit.
- the user code (not privileged) cannot directly access the operating system or data space code. Only indirect access through calls to the operating system is possible;
- the process code cannot access another process code or data space.
- A breakdown of the use of the central processing unit. Each process can consist of a maximum of four tasks. Each task has a priority less than or equal to the priority of the process from which it originated. The operating system provides a preemptive priority statement combined with circular management by priority level. Thus a low-level task cannot prevent a higher-level task from using the central processing unit and a task cannot monopolize the central processing unit indefinitely to the detriment of a task having the same priority.
L'invention consiste à filtrer les appels au système d'exploitation issus d'applications de type AOC de manière à interdire auxdites applications de perturber le fonctionnement de l'unité de service de trafic air.The invention consists in filtering calls to operating system from AOC-type applications so as to prohibit said applications from disrupt the operation of the service unit air traffic.
Pour comprendre ce mécanisme de filtrage, on va revenir rapidement sur le fonctionnement du système d'exploitation.To understand this filtering mechanism, we will quickly return to the functioning of the system operating.
Lorsqu'une application a besoin d'une ressource logicielle ou matérielle, de communiquer avec une autre application ou même de modifier des paramètres du système d'exploitation, elle doit transiter par le système d'exploitation.When an application needs a resource software or hardware, to communicate with another application or even to modify parameters of the operating system, it must pass through the operating system.
De par la conception même du calculateur, de type UNIX par exemple, l'application ne peut pas effectuer ces accès directement : elle effectue des demandes d'accès au système d'exploitation par le biais d'une interruption logicielle paramétrée. Les paramètres définissent le type d'accès souhaité, c'est-à-dire la fonctionnalité appelée.By the very design of the calculator, UNIX type for example, the application cannot perform these accesses directly: it performs operating system access requests through a configured software interruption. The parameters define the type of access desired, i.e. the functionality called.
Le fabricant du système d'exploitation a prévu une possibilité appelée méthode HOOK permettant lors d'un appel système de lancer une procédure juste avant le traitement de l'appel par le système d'exploitation.The operating system manufacturer has planned a possibility called HOOK method allowing during a system call to launch a procedure just before the processing of the call by the operating system.
Le document [3] donne deux exemples de tests réalisés sur le logiciel ATSU et qui montrent l'effet du filtrage par la procédure HOOK.Document [3] gives two examples of tests performed on ATSU software and which show the effect filtering by the HOOK procedure.
Le filtrage des appels est effectué via une procédure dont le principe conduit à créer :
- un mécanisme de procédure HOOK dans le traitement du répartiteur des appels systèmes du système d'exploitation ;
- un logiciel « driver » (code développé par le fabricant pour filtrer les appels au système ; le tableau I donné en fin de description à titre d'exemple liste les 266 appels système ainsi que le type de filtrage associé ; le fabricant proposant, en effet, en standard un noyau configurable par l'utilisateur à l'aide de « stubs », mécanismes qui simulent des appels réels en n'effectuant aucun traitement). Ce logiciel activé par la procédure HOOK, réalise effectivement le filtrage.
- a HOOK procedure mechanism in the processing of the operating system dispatcher;
- "driver" software (code developed by the manufacturer to filter calls to the system; table I given at the end of the description by way of example lists the 266 system calls as well as the associated filtering type; the manufacturer proposing, in fact , as standard a kernel configurable by the user using "stubs", mechanisms which simulate real calls while not performing any processing). This software activated by the HOOK procedure, effectively performs the filtering.
Dans la procédure HOOK du répartiteur des appels système, tout appel système active ce répartiteur qui assure le passage dans le contexte du système d'exploitation et réalise l'appel système requis. Ce répartiteur est le point d'entrée dans le système d'exploitation ; c'est donc là que la procédure HOOK d'appel du filtre est disposée.In the HOOK procedure of the dispatcher system calls any system call activates this dispatcher which ensures the passage in the context of operating system and performs the system call required. This dispatcher is the entry point into the operating system ; so this is where the procedure Filter call HOOK is arranged.
La procédure HOOK est implémentée juste avant la répartition et consiste à permettre l'activation d'un traitement (assimilable à une partie d'un « driver ») de contrôle du caractère réalisable de l'appel système.The HOOK procedure is implemented just before distribution and involves enabling activation a treatment (comparable to part of a "Driver") to check the feasibility of the system call.
Ce logiciel de contrôle des appels système permet de :
- configurer les filtres dont certaines caractéristiques peuvent être fixées par un processus, dit « super-utilisateur », de l'unité de service de trafic air ;
- filtrer les appels système qui doivent l'être (lettre « H » dans le tableau I) ;
- enregistrer dans une zone spécifique les refus d'exécution d'appels système ;
- fournir, à la demande du processus super-utilisateur de l'unité de service de trafic air, les données stockées sur les rejets d'appels système.
- configure the filters, certain characteristics of which can be fixed by a process, called "superuser", of the air traffic service unit;
- filter the system calls that must be filtered (letter "H" in Table I);
- record refusals to execute system calls in a specific zone;
- provide, on request of the air traffic service unit superuser process, the data stored on system call rejections.
Sachant qu'on ne sait rien du fonctionnement des applications AOC et qu'on ne peut pas les contrôler, l'invention a pour objet un procédé permettant d'empêcher ces applications de perturber le reste du système. On filtre donc tous les échanges applications AOC ↔ système d'exploitation.Knowing that we know nothing about how it works AOC applications and you can't control, the invention relates to a process to prevent these applications from disrupting the rest of the system. We therefore filter all exchanges AOC applications ↔ operating system.
Comme illustré sur la figure 5, le procédé de l'invention comprend une procédure filtrant, via la méthode HOOK, les appels du système d'exploitation issus des applications AOC et n'autorisant que celles qui n'ont aucune influence sur ce qui est certifié. Chaque appel système possible est analysé et le risque que son utilisation incontrôlée peut faire courir au système global est déterminé individuellement. Chaque appel système se trouve classé dans une des trois catégories : refusé, accepté sous conditions ou accepté. Lors d'un appel système interdit, la procédure HOOK renvoie un message type, ne rien faire ou même mettre fin au processus appelant.As illustrated in FIG. 5, the method of the invention includes a filtering procedure, via the HOOK method, operating system calls from AOC applications and authorizing only those who have no influence on what is certified. Each possible system call is analyzed and the risk that its uncontrolled use can cause the overall system is determined individually. Each system call is classified in one of the three categories: refused, conditionally accepted or accepted. During a prohibited system call, the procedure HOOK returns a standard message, do nothing or even end the calling process.
Le système d'exploitation possède ainsi un nouveau mécanisme qui permet de mettre en place, au niveau utilisateur, une politique de contrôle des appels système, appel par appel. The operating system thus has a new mechanism which makes it possible to set up, at user level, a control policy for system calls, call by call.
Claims (4)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR9815690 | 1998-12-11 | ||
FR9815690A FR2787269B1 (en) | 1998-12-11 | 1998-12-11 | METHOD FOR IMPLEMENTING AN AIR TRAFFIC SERVICE UNIT |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1008947A1 true EP1008947A1 (en) | 2000-06-14 |
Family
ID=9533888
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99403069A Withdrawn EP1008947A1 (en) | 1998-12-11 | 1999-12-08 | Method of bringing an air traffic service unit into use |
Country Status (4)
Country | Link |
---|---|
US (1) | US6275767B1 (en) |
EP (1) | EP1008947A1 (en) |
CA (1) | CA2291865C (en) |
FR (1) | FR2787269B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7965227B2 (en) | 2006-05-08 | 2011-06-21 | Era Systems, Inc. | Aircraft tracking using low cost tagging as a discriminator |
CN104750111A (en) * | 2015-03-09 | 2015-07-01 | 王琪杰 | Flying monitoring system of unmanned aerial vehicle |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8203486B1 (en) | 1999-03-05 | 2012-06-19 | Omnipol A.S. | Transmitter independent techniques to extend the performance of passive coherent location |
US7739167B2 (en) | 1999-03-05 | 2010-06-15 | Era Systems Corporation | Automated management of airport revenues |
US7777675B2 (en) | 1999-03-05 | 2010-08-17 | Era Systems Corporation | Deployable passive broadband aircraft tracking |
US7570214B2 (en) | 1999-03-05 | 2009-08-04 | Era Systems, Inc. | Method and apparatus for ADS-B validation, active and passive multilateration, and elliptical surviellance |
US8446321B2 (en) | 1999-03-05 | 2013-05-21 | Omnipol A.S. | Deployable intelligence and tracking system for homeland security and search and rescue |
US7667647B2 (en) | 1999-03-05 | 2010-02-23 | Era Systems Corporation | Extension of aircraft tracking and positive identification from movement areas into non-movement areas |
US7908077B2 (en) | 2003-06-10 | 2011-03-15 | Itt Manufacturing Enterprises, Inc. | Land use compatibility planning software |
US7782256B2 (en) | 1999-03-05 | 2010-08-24 | Era Systems Corporation | Enhanced passive coherent location techniques to track and identify UAVs, UCAVs, MAVs, and other objects |
US7889133B2 (en) | 1999-03-05 | 2011-02-15 | Itt Manufacturing Enterprises, Inc. | Multilateration enhancements for noise and operations management |
US6408258B1 (en) * | 1999-12-20 | 2002-06-18 | Pratt & Whitney Canada Corp. | Engine monitoring display for maintenance management |
FR2818769B1 (en) * | 2000-12-21 | 2004-06-18 | Eads Airbus Sa | MULTI-TASK REAL-TIME OPERATION METHOD AND SYSTEM |
US7346528B2 (en) * | 2001-11-13 | 2008-03-18 | Navitaire, Inc. | Integrated decision support system for optimizing the training and transition of airline pilots |
US7249047B2 (en) * | 2002-01-10 | 2007-07-24 | Navitaire, Inc. | Employee transfer and leave optimization processor |
US7240018B2 (en) * | 2002-01-11 | 2007-07-03 | Navitaire, Inc. | Rapid generation of minimum length pilot training schedules |
US7379887B2 (en) * | 2002-01-31 | 2008-05-27 | Accenture Global Services Gmbh | Integrated decision support system for optimizing the training and transition of airline pilots |
US7398057B2 (en) * | 2002-08-20 | 2008-07-08 | Arinc Inc. | Security messenger system |
US7904081B2 (en) | 2002-08-20 | 2011-03-08 | Arinc Incorporated | ACARS messages over iridium |
US7647139B2 (en) * | 2005-12-02 | 2010-01-12 | The Boeing Company | Seamless air traffic control (ATC) datalink transfers |
US7495602B2 (en) * | 2005-12-02 | 2009-02-24 | The Boeing Company | Single air traffic control (ATC) operator interface |
US8280563B2 (en) * | 2009-11-13 | 2012-10-02 | Honeywell International Inc. | Method and system to reduce impact of non-ATC data-link messages on ATC data-link messages on a shared air-ground communication link |
FR2989808B1 (en) | 2012-04-24 | 2014-06-06 | Thales Sa | COMPLETELY PARAMETRABLE ELECTRONIC ALERT AND PROCEDURE SYSTEM FOR AN AIRCRAFT |
US10592749B2 (en) | 2016-11-14 | 2020-03-17 | General Electric Company | Systems and methods for analyzing turns at an airport |
RU2648913C1 (en) * | 2016-12-07 | 2018-03-28 | Акционерное общество "Научно-исследовательский институт информационных технологий" | Aircraft control and coordination system |
FR3065945B1 (en) * | 2017-05-04 | 2021-04-16 | Thales Sa | METHOD AND ELECTRONIC DEVICE FOR MONITORING AN AVIONICS SOFTWARE APPLICATION, COMPUTER PROGRAM AND ASSOCIATED AVIONICS SYSTEM |
US10834336B2 (en) | 2018-01-29 | 2020-11-10 | Ge Aviation Systems Llc | Thermal imaging of aircraft |
FR3103038B1 (en) * | 2019-11-07 | 2021-11-19 | Thales Sa | METHOD AND ELECTRONIC DEVICE FOR MONITORING AN AVIONICS SOFTWARE APPLICATION VIA CALL COUNTER (S) ASSOCIATED SYSTEM, COMPUTER PROGRAM AND AVIONICS SYSTEM |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2748145A1 (en) * | 1996-04-30 | 1997-10-31 | Sextant Avionique | FLIGHT DATA INPUT AND MONITORING METHOD AND DEVICE |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4943919A (en) * | 1988-10-17 | 1990-07-24 | The Boeing Company | Central maintenance computer system and fault data handling method |
FR2712742B1 (en) | 1993-11-15 | 1995-12-15 | Commissariat Energie Atomique | Solid, monolithic, self-aligned microlaser, passive triggering by saturable absorbent and its manufacturing process. |
US5541863A (en) * | 1994-09-30 | 1996-07-30 | Rockwell International | Virtual integrated software testbed for avionics |
FR2736217B1 (en) | 1995-06-27 | 1997-08-08 | Commissariat Energie Atomique | CAVITE MICROLASER AND SOLID PULSE MICROLASER WITH MICROMODULATOR ACTIVATION |
-
1998
- 1998-12-11 FR FR9815690A patent/FR2787269B1/en not_active Expired - Lifetime
-
1999
- 1999-12-07 CA CA002291865A patent/CA2291865C/en not_active Expired - Lifetime
- 1999-12-08 US US09/456,434 patent/US6275767B1/en not_active Expired - Lifetime
- 1999-12-08 EP EP99403069A patent/EP1008947A1/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2748145A1 (en) * | 1996-04-30 | 1997-10-31 | Sextant Avionique | FLIGHT DATA INPUT AND MONITORING METHOD AND DEVICE |
Non-Patent Citations (3)
Title |
---|
BRITTEN P D ET AL: "Implementation of OSI compliant aircraft communication systems", FIFTH INTERNATIONAL CONFERENCE ON SATELLITE SYSTEMS FOR MOBILE COMMUNICATIONS AND NAVIGATION (CONF. PUBL.NO.424), FIFTH INTERNATIONAL CONFERENCE ON SATELLITE SYSTEMS FOR MOBILE COMMUNICATIONS AND NAVIGATION (CONF. PUBL.NO.424), LONDON, UK, 13-15 MAY, 1996, London, UK, IEE, UK, pages 40 - 43, XP002113404, ISBN: 0-85296-658-X * |
UBNOSKE M J ET AL: "Use of COTS software products to manage air traffic control systems", 41ST ANNUAL AIR TRAFFIC CONTROL ASSOCIATION CONFERENCE PROCEEDINGS, PROCEEDINGS OF 41ST ANNUAL INTERNATIONAL PROGRAM AND EXHIBITION OF THE AIR TRAFFIC CONTROL ASSOCIATION, NASHVILLE, TN, USA, 13-17 OCT. 1996, 1996, Arlington, VA, USA, Air Traffic Control Assoc, USA, pages 36 - 40, XP002113403 * |
VASUDEVAN N ET AL: "Migrating DSR to a POSIX-compliant platform: lessons learned", 41ST ANNUAL AIR TRAFFIC CONTROL ASSOCIATION CONFERENCE PROCEEDINGS, PROCEEDINGS OF 41ST ANNUAL INTERNATIONAL PROGRAM AND EXHIBITION OF THE AIR TRAFFIC CONTROL ASSOCIATION, NASHVILLE, TN, USA, 13-17 OCT. 1996, 1996, Arlington, VA, USA, Air Traffic Control Assoc, USA, pages 184 - 189, XP002113402 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7965227B2 (en) | 2006-05-08 | 2011-06-21 | Era Systems, Inc. | Aircraft tracking using low cost tagging as a discriminator |
CN104750111A (en) * | 2015-03-09 | 2015-07-01 | 王琪杰 | Flying monitoring system of unmanned aerial vehicle |
CN104750111B (en) * | 2015-03-09 | 2019-02-22 | 王琪杰 | A kind of unmanned plane during flying monitoring system |
Also Published As
Publication number | Publication date |
---|---|
US6275767B1 (en) | 2001-08-14 |
CA2291865A1 (en) | 2000-06-11 |
FR2787269A1 (en) | 2000-06-16 |
FR2787269B1 (en) | 2001-03-02 |
CA2291865C (en) | 2009-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2291865C (en) | Procedure for setting up an air traffic service unit | |
US7715819B2 (en) | Airborne security manager | |
EP1961195B1 (en) | Scalable on-board open data network architecture | |
CA2686770C (en) | System for managing rights of access to avionic applications and data and method implemented by this system | |
EP3017367A1 (en) | Communication device for airborne system | |
EP1644906A2 (en) | Device and method for providing automatic assistance to air traffic controllers | |
CN102656559B (en) | Enforcement needs automatically processing of the multi-purpose data of the function of different level of security or responsibility restriction | |
FR2910124A1 (en) | METHOD FOR CREATING AND UPDATING A REAL-TIME ATC FLIGHT PLAN FOR THE TAKING INTO ACCOUNT OF FLIGHT INSTRUCTIONS AND DEVICE FOR IMPLEMENTING THE SAME | |
FR3013831A1 (en) | AVIONIC SYSTEM OF AN AIRCRAFT | |
FR2953954A1 (en) | Device for elaborating alert from communicating equipment of avionic system in e.g. military airplane, has detection unit processing object status consultation and receiving requests to transmit alerts associated with abnormalities | |
FR2935818A1 (en) | TASK SCHEDULING SYSTEM FOR CONTROLLING THE EXECUTION OF ALERT PROCEDURES ON AN AIRCRAFT | |
EP1846824B1 (en) | Test flight on-board processing system and method | |
CA2796016A1 (en) | Method of upgrading an aircraft | |
FR3023912A1 (en) | PERFORMANCE CALCULATION FOR AIRCRAFT | |
FR2936071A1 (en) | METHOD AND DEVICE FOR AUTOMATING EQUIPMENT VERIFICATION PROCEDURES IN AN AIRCRAFT. | |
FR3030805A1 (en) | QUALITY OF SERVICE OF A FLIGHT MANAGEMENT SYSTEM | |
CN114244604B (en) | Integrated authority management method and system suitable for fort machine, electronic equipment and readable storage medium | |
CA3119337A1 (en) | Remote distribution system for aircraft computer files, assembly and associated process | |
US9153138B1 (en) | Agent-based airfield conflict resolution | |
FR2940480A1 (en) | DEVICE FOR RECONFIGURING A TASK TREATMENT CONTEXT | |
FR2737028A1 (en) | APPLICATION SKINNING ARCHITECTURE FOR A COMPUTER PLATFORM | |
FR2952258A1 (en) | METHOD AND APPARATUS FOR ACCESSING MAINTENANCE FUNCTIONS OF AN AIRCRAFT FROM A MOBILE MAINTENANCE TERMINAL | |
Kozłowski et al. | Risk analysis in air transport telematics systems based on aircraft’s Airbus A320 accident | |
FR3026507A1 (en) | SERVICE INFRASTRUCTURE OF SERVICES IN AN AIRCRAFT, AND ASSOCIATED ACCESS METHOD | |
CN115580616A (en) | Cloud RPA system under multi-tenant architecture and multi-cloud platform and application method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): DE GB IT |
|
AX | Request for extension of the european patent |
Free format text: AL;LT;LV;MK;RO;SI |
|
17P | Request for examination filed |
Effective date: 20001120 |
|
AKX | Designation fees paid |
Free format text: DE GB IT |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: EUROPEAN AERONAUTIC DEFENCE AND SPACE COMPANY - EA |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AIRBUS FRANCE |
|
17Q | First examination report despatched |
Effective date: 20070103 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AIRBUS OPERATIONS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20140701 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06F0017600000 Ipc: G06Q0050300000 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06F0017600000 Ipc: G06Q0050300000 Effective date: 20150119 |