Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
separation of roles, need-to-know, secure failure and recovery, <strong>in</strong>put validation, and<br />
tra<strong>in</strong><strong>in</strong>g plans.<br />
8. Develop the system. In this step, the design is tested and technologies are selected for<br />
implementation. In most cases, this <strong>in</strong>cludes the use of COTS systems and applications<br />
software. However, COTS products with a large <strong>in</strong>stalled base are attractive targets for<br />
attackers. As a result, all COTS products should be identified and their suitability for<br />
implementation with<strong>in</strong> specific NAS subsystems determ<strong>in</strong>ed dur<strong>in</strong>g risk analysis.<br />
Another potential security concern is the outsourc<strong>in</strong>g of software development. The<br />
problem that must be considered is the potential for the <strong>in</strong>troduction of malicious<br />
software <strong>in</strong>to the developed and delivered product. Steps such as security vett<strong>in</strong>g of the<br />
development company, verify<strong>in</strong>g the company’s development practices (capability<br />
maturity models or ISO certified), and issues such as ownership should be considered.<br />
Next, the developed system should <strong>in</strong>clude audit<strong>in</strong>g capabilities and, optionally,<br />
automated alerts to adm<strong>in</strong>istrative personnel. Only by exam<strong>in</strong><strong>in</strong>g the audits, can misuse<br />
actions be traced to the offend<strong>in</strong>g user or program. As a result, these audits should be<br />
organized by <strong>in</strong>dividual user, and they should record all user or software <strong>in</strong>teraction with<br />
protected data. Other elements of concern dur<strong>in</strong>g the development process <strong>in</strong>clude the<br />
software languages used (some are <strong>in</strong>herently <strong>in</strong>secure), constructs used, how errors are<br />
handled, the use of cryptography and digital signatures and their implementation, the<br />
access control mechanisms selected and implemented, and the proper implementation of<br />
all countermeasures.<br />
9. Test the developed system. In this step, the implemented security countermeasures are<br />
verified. Test<strong>in</strong>g can be as simple as a visual verification or as complex as a full<br />
mathematical proof of correctness. Most test<strong>in</strong>g falls <strong>in</strong> between the two, rely<strong>in</strong>g upon<br />
use and misuse cases to verify correctness. These cases ensure the system properly<br />
protects the high-value assets from malicious <strong>in</strong>siders and outsiders. The approach taken<br />
is typically documented <strong>in</strong> a test plan that <strong>in</strong>cludes the use and misuse cases. The result<br />
of the test<strong>in</strong>g phase is a report of the tests performed and the verification that all security<br />
functionality has been exercised accord<strong>in</strong>g to the plan.<br />
10. Operations. Such issues still relevant to the security systems eng<strong>in</strong>eer<strong>in</strong>g process <strong>in</strong>clude<br />
processes for software updates. Dur<strong>in</strong>g the operation of the system, security mechanisms<br />
must be patched and updated. This process should be planned prior to operations.<br />
8.2 APPLYING THE SSE METHODOLOGIES TO AIRBORNE NETWORKS.<br />
Follow<strong>in</strong>g the SSE process is <strong>in</strong>tended to produce a best current practice security design for a<br />
specific deployment <strong>in</strong> terms of the specific requirements and needs of that deployment. SSE<br />
was not devised to create generic security designs for generic deployments. This study leverages<br />
SSE to benefit from best current practices rather than <strong>in</strong>vent a novel approach with unproven<br />
results. This application of SSE solely addresses the articulation of current <strong>FAA</strong> safety policy<br />
(e.g., DO-178B and ARP 4754) <strong>in</strong> terms of the Biba Integrity Model framework. It does not<br />
address the very important issues and requirements that specific deployments have that extend<br />
beyond this foundational policy framework. For this reason, this study views its result<strong>in</strong>g<br />
102