Modern aircraft utilize a significant number of avionics systems. A graphics server such as ARINC 661 graphics server (may be referred to as AGS) or the like may be utilized to work with one or more user applications (e.g., ARINC 661 clients) to manage a display that is presented to a pilot/user. The visual/display elements that make up the display (e.g., buttons, windows, text labels) may be referred to as widgets. A widget is owned by one-and-only-one user application.
In non-secure aircraft configurations, a graphics server is normally not involved with input processing. In such configurations, input is normally treated as out-of-band data that is passed directly from the input device to the user application. If multiple user applications are involved, often times the out-of-band input data is passed to all applications, and only those applications whose widget has focus will respond to the input.
However, this approach breaks down in a multi-level security (MLS) display environment. MLS requires the system to process information with different sensitivities (security levels), permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. Therefore, in a MLS display environment, the input provided by an input device must only be routed to a single security domain, i.e., the security domain of the selected widget.
Therein lies a need for a method and system for securely distributing human-machine input/output to multi-level displays in a MLS environment without the aforementioned shortcomings.