The present invention relates to a tool for the supervision and/or hypervision of a set of systems of different security levels. It applies notably to the centralized supervision of several information systems when said systems are subjected to unequal security constraints.
In order to supervise entities such as information systems, protected rooms, production or control systems, it is known practice to employ a centralized supervision or hypervision tool. A supervision tool assembles in one and the same location indicators originating from various supervised entities in order to offer an overview of the state of said entities. A hypervision tool offers, in addition to the supervision tool, a synthetic view of the state indicators, correlations being able to be made between indicators originating from distinct entities.
However, when the levels of sensitivity of the data handled on each of the networks are different, the centralized supervision of said networks becomes difficult because of the constraints imposed by the rules aimed at protecting the data. The interconnection of a first system, with a high security level, with a second system, with a lower security level, poses at least two types of problems: the leakage of sensitive information from the first system to the second system and the intrusions originating from the second system.
Conventionally, the supervision centers are then installed in the network of highest security, the other networks being linked via one-way links to the supervision center in order to feed said center with state indicators. Since communications are made only in the uplink direction, no leakage of information present in the network of highest security level is possible. However, the regulation applied to the level of the network of highest security usually induces the application of costly constraints, both from the technical point of view and in matters of training, organization and personnel authorization.
In order to place a supervision center in a network of lower security, in order to avoid the abovementioned constraints, it is known practice to use an interconnection system of multiple security levels. According to one operating mode, such a multilevel system is first configured in order to define what types of data are confidential. Labeling of the data streams is carried out in order to distinguish the confidential data streams from the data streams that are not very sensitive. It is therefore necessary to define manually, for each of the communication protocols used, labels and filtering rules to be applied. This manual configuration phase is protracted and costly. Moreover, the labels applied to the data streams must be signed by cryptographic keys, which requires the use of a key-management infrastructure.
Finally, a supervision and/or hypervision tool must be able to transmit possible alarms in real time, which also excludes the solutions that make use of a manual operation for filtering the sensitive information.