Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
This study also recommends that the exist<strong>in</strong>g DO-178B assurance processes be applied very<br />
rigorously for higher assurance software (i.e., Level A and Level B software) <strong>in</strong> networked<br />
environments. The approval process should <strong>in</strong>clude the follow<strong>in</strong>g three specific tests:<br />
• A series of penetration tests should be performed upon the completed software item.<br />
Specifically, the software (<strong>in</strong>clud<strong>in</strong>g its OS, if any) needs to be subjected to a range of<br />
network attacks described <strong>in</strong> appendix A. Any problems identified from these attacks<br />
need to be fixed.<br />
• The software should be exam<strong>in</strong>ed under evaluation to verify that its <strong>in</strong>ternal construction<br />
complies with formal models of software construction, such as be<strong>in</strong>g modular and<br />
layered <strong>in</strong> terms of a structured presentation with<strong>in</strong> the implementation itself.<br />
• A rigorous l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection of the software should be conducted to<br />
demonstrate a lack of bugs that can be hostilely attacked. This implies that the approver<br />
has an excellent understand<strong>in</strong>g of how software bugs can be exploited by network attacks<br />
and that the approver str<strong>in</strong>gently exam<strong>in</strong>es that code base to identify and fix those<br />
problems.<br />
Software items that do not undergo, or cannot pass, these three additional tests cannot be stated<br />
to be high assurance when deployed <strong>in</strong> network environments. Therefore, like any other nonhigh-assurance<br />
entity, they can only be deployed with<strong>in</strong> high-assurance environments by means<br />
of an <strong>in</strong>terven<strong>in</strong>g HAG.<br />
This study recommends very str<strong>in</strong>gent application of exist<strong>in</strong>g software certification processes for<br />
high-assurance software <strong>in</strong> networked environments. The l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection<br />
requirement for high-assurance software certification should ensure that high-assurance software<br />
code bases explicitly use formal software techniques and are comparatively small <strong>in</strong> size (<strong>in</strong><br />
terms of number of l<strong>in</strong>es of code). The <strong>in</strong>determ<strong>in</strong>ate number of bugs that are latently present <strong>in</strong><br />
large code bases represent unaddressed attack vulnerabilities <strong>in</strong> networked environments.<br />
Current software development methods cannot be trusted to produce high-assurance results<br />
unless those results are supplemented with extensive scrut<strong>in</strong>y. The larger the code base, the<br />
more questionable the quality of the scrut<strong>in</strong>y. This means that software developers need to<br />
actively consider how to create high-assurance software for network environments so that the<br />
result<strong>in</strong>g software can be assured to be as bug-free as possible. Until a theoretical solution is<br />
devised that produces guaranteed, high-assurance, bug-free results, high-assurance software<br />
needs to undergo a very thorough (formal) l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection. A possible alternative is<br />
for the software developer to assemble high-assurance software <strong>in</strong>to modules. The <strong>in</strong>tegration of<br />
these modules face the same types of <strong>in</strong>tegration issues that are addressed <strong>in</strong> ARP 4754, but this<br />
may potentially result <strong>in</strong> an approval approach <strong>in</strong> which only a select subset of the total software<br />
corpus will require a formal l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection.<br />
8. CANDIDATE SAFETY AND SECURITY NETWORK SOLUTION.<br />
The candidate safety and security network solution, which is presented <strong>in</strong> section 8.3, naturally<br />
follows from the material that has been presented to date. The f<strong>in</strong>al rema<strong>in</strong><strong>in</strong>g explanatory<br />
98