Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Common Criteria Classes<br />
ACM—Configuration Management<br />
ADO—Deliver and Operation<br />
ADV—Development Software<br />
AGD—Guidance Documents<br />
ALC—Life Cycle Support<br />
ATE—Tests Software<br />
AVA—Vulnerability Assessment<br />
<br />
DO-178B Processes<br />
Software Configuration Management<br />
<br />
Software Development Process<br />
<br />
Software Plann<strong>in</strong>g Process<br />
Verification Process<br />
<br />
Software Quality Assurance<br />
Figure 28. Gap Analysis <strong>in</strong> the Alves-Foss, et al. Study [93]<br />
The study recommends the basis for equivalency between the <strong>in</strong>tegrity of security controls and<br />
DO-178B safety levels should be confirmed by further study. However, <strong>in</strong> the <strong>in</strong>terim, the <strong>FAA</strong><br />
can leverage the University of Idaho results to temporarily equate the assurance of security<br />
systems certified at the CC’s EAL 5 with airborne software certified at DO-178B Level A. This<br />
means that security controls deployed on aircraft that support DO-178B Level A software<br />
currently must be certified at CC EAL 5 or higher. 29<br />
7. EXTENDING <strong>FAA</strong> CERTIFICATION TO AIRBORNE NETWORKS.<br />
The previous sections discussed the issues that underlie how <strong>FAA</strong> certification assurance could<br />
be extended to airborne network environments. The fundamental certification issue is that when<br />
airborne software becomes deployed <strong>in</strong> a network environment, the risks and dangers of the<br />
network environment need to be mitigated. Airborne network environments are <strong>in</strong>herently<br />
different than historic ARP 4754 environments for the reasons that were previously <strong>in</strong>troduced <strong>in</strong><br />
section 3. Section 6 discussed the foundational certification issues associated with formally<br />
extend<strong>in</strong>g DO-178B and ARP 4754 policies by means of the Biba Integrity Model <strong>in</strong>to airborne<br />
network environments. The purpose of this section is to provide greater details as to how<br />
specifically ARP 4754 (section 7.1) and DO-178B (section 7.2) processes should be extended to<br />
handle airborne network deployments.<br />
A presupposition of this study is that all airborne entities that are currently assured to DO-178B<br />
criteria or ARP 4754 guidance will need to become re-evaluated if hosted with<strong>in</strong> a networked<br />
airborne environment. Unless these entities are re-evaluated <strong>in</strong> the context of the networked<br />
environment, their security provisions and the safety of the result<strong>in</strong>g system would be<br />
<strong>in</strong>determ<strong>in</strong>ate.<br />
29<br />
This section concludes that until more def<strong>in</strong>itive studies are conducted, security controls that support Level A<br />
software should be certified at CC EAL 5 or higher. Please note that this is regard<strong>in</strong>g security controls, not<br />
airborne software. Specifically, this study recommends that airborne software should cont<strong>in</strong>ue to be ensured by<br />
us<strong>in</strong>g <strong>FAA</strong> processes rather than <strong>in</strong> terms of CC concepts. Please note that EAL 5 is the lowest of the CC’s high<br />
assurance levels. Few COTS products <strong>in</strong> the general case are currently certified at EAL 5 or above. While this<br />
should not be problematic for firewalls or HAGs (other than the fact there are few if any Biba Integrity Model<br />
HAG products today), it may be problematic for routers.<br />
93