Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
level). This pair<strong>in</strong>g potentially provides a framework for consider<strong>in</strong>g <strong>FAA</strong> and the CC processes<br />
and concepts <strong>in</strong> an <strong>in</strong>tegrated manner. Specifically, it is conceivable that the modest <strong>FAA</strong><br />
confidentiality requirements (if any) roughly equate to the DoD public (i.e., basic)<br />
confidentiality level, such that the DO-178B software levels can be mapped <strong>in</strong>to the public<br />
variant of the three different MAC levels to identify IA (i.e., security) requirements for <strong>FAA</strong><br />
systems. Of course, s<strong>in</strong>ce DoDI 8500.2 is a DoD document, this association is <strong>in</strong> terms of DoD<br />
processes, and not <strong>FAA</strong> processes. However, it does provide a possible <strong>in</strong>tersection that may be<br />
relevant for <strong>in</strong>creased synergy between the DoD and <strong>FAA</strong>.<br />
Therefore, DoDI 8500.2 may provide a start<strong>in</strong>g po<strong>in</strong>t for potentially <strong>in</strong>tegrat<strong>in</strong>g airborne network<br />
safety and security concepts <strong>in</strong>to a common federal system by leverag<strong>in</strong>g established DoD<br />
processes that comply with federal law. Nevertheless, to pursue this, the <strong>FAA</strong> needs to study<br />
and verify whether the three MAC levels identified by DoDI 8500.2 provide adequate<br />
granularity for the NAS and airborne system requirements. If they do, then the <strong>FAA</strong> could<br />
potentially directly leverage current DoD processes, if appropriate, perhaps creat<strong>in</strong>g a<br />
government-wide <strong>in</strong>tegrated safety and security eng<strong>in</strong>eer<strong>in</strong>g system.<br />
Regardless, this study concludes that this issue needs further study to be useful. Consequently,<br />
at this time, it does not provide the assurances needed to underlie the exemplar airborne network<br />
architecture. Therefore, this study will tentatively relate safety and security issues <strong>in</strong> terms of<br />
the relative assurances provided by their respective certification processes.<br />
The CC has provided seven predef<strong>in</strong>ed security assurance packages, on a ris<strong>in</strong>g scale of<br />
assurance, which are known as evaluation assurance levels (EAL). EALs provide group<strong>in</strong>gs of<br />
assurance components that are <strong>in</strong>tended to be generally applicable. The seven EALs are as<br />
follows:<br />
• EAL 1—Functionally Tested<br />
• EAL 2—Structurally Tested<br />
• EAL 3—Methodically Tested and Checked<br />
• EAL 4—Methodically Designed, Tested, and Reviewed<br />
• EAL 5—Semiformally Designed and Tested<br />
• EAL 6—Semiformally Verified Design and Tested<br />
• EAL 7—Formally Verified Design and Tested<br />
EAL 1, therefore, is the entry level classification of the system. EAL 1 through EAL 4<br />
(<strong>in</strong>clusive) are expected to be generic commercial products. EAL 5 through EAL 7 (<strong>in</strong>clusive)<br />
are considered to be high-assurance products.<br />
Carol Taylor, Jim Alves-Foss, and Bob R<strong>in</strong>ker of the University of Idaho have studied the issue<br />
of dual software certification [93] for CC and DO-178B. Figure 28 is copied from their study<br />
and shows a high-level gap analysis between the CC classes and the DO-178B processes. Their<br />
study provided a fairly detailed analysis of the differences. Their study suggested that security<br />
functionality certified at EAL 5 can be directly compared with DO-178B Level A.<br />
92