Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
concept, which is needed to create the exemplar architecture itself, is to discuss best practice<br />
SSE. Section 8.1 presents this rema<strong>in</strong><strong>in</strong>g explanatory topic. Section 8.2 then applies the SSE to<br />
the comb<strong>in</strong>ation of current <strong>FAA</strong> safety policies and Biba Integrity Model concepts that were<br />
expla<strong>in</strong>ed <strong>in</strong> sections 3, 6, and 7 to address the network risks that were presented <strong>in</strong> section 4 and<br />
appendix A. This application def<strong>in</strong>es the rules and relationships that underlie this study’s<br />
recommended exemplar airborne network architecture. Section 8.3 presents the result<strong>in</strong>g<br />
airborne network architecture that directly derives from these rules and relationships. Section<br />
8.3 architecture def<strong>in</strong>es an exemplar environment needed by airborne networks to implement<br />
<strong>FAA</strong> policies extended by the Biba Integrity Model. That section <strong>in</strong>cludes the recommended<br />
configurations of the security controls to achieve a m<strong>in</strong>imal set of defense <strong>in</strong> depth protections.<br />
A given deployment may choose to implement additional controls <strong>in</strong> addition to those described<br />
<strong>in</strong> section 8.3, because this design is a m<strong>in</strong>imal subset needed to fulfill the criteria.<br />
8.1 SYSTEM SECURITY ENGINEERING METHODOLOGY.<br />
SSE def<strong>in</strong>es the process for <strong>in</strong>tegrat<strong>in</strong>g computer security concepts and technologies <strong>in</strong>to<br />
coherent system architectures, as shown <strong>in</strong> figure 29. To achieve maximum benefit from the<br />
SSE process, it should permeate the entire life cycle of a system, from birth to death. The SSE<br />
process helps to ensure that all decisions are consistent with the overall system design and<br />
purposes. This process also avoids the bolted-on phenomenon that has proven over time to be<br />
<strong>in</strong>effective. Only by be<strong>in</strong>g developed as an <strong>in</strong>tegral part of the systems <strong>in</strong> which they operate<br />
can subsystem elements successfully counter serious threats and reduce vulnerabilities.<br />
Security is the result of a complex <strong>in</strong>teraction between multiple elements. As a result, one<br />
critical component of the SSE process is to understand the operational environment. This is<br />
accomplished by exam<strong>in</strong><strong>in</strong>g the actual operational environment to identify high-value assets,<br />
determ<strong>in</strong><strong>in</strong>g the threats to those assets, understand<strong>in</strong>g their vulnerabilities, and select<strong>in</strong>g the<br />
proper countermeasures to protect the high-value asset. This process also provides an<br />
accredit<strong>in</strong>g officer with the <strong>in</strong>formation needed to determ<strong>in</strong>e whether the residual risk is<br />
acceptable.<br />
99