Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
• Requirement 4: Entities that are located outside of aircraft (e.g., ground-based, spacebased<br />
(e.g., satellite), other aircraft)) that directly or <strong>in</strong>directly communicate with<br />
elements with<strong>in</strong> the airborne system at Level A through Level D (i.e., Requirement 1<br />
systems) must belong to the same distributed network enclave partition as the airborne<br />
software or system with which they are communicat<strong>in</strong>g (see figures 27 and 30). These<br />
entities therefore need to either have been certified and accredited at that software level<br />
or else be connected to that software level (VPN) network via a Biba Integrity Model<br />
HAG (see Requirement 8).<br />
• Requirement 5: The physical network system elements that connect the airborne network<br />
elements with other entities located outside of that aircraft (see Requirement 4), need to<br />
comply with the same requirements that perta<strong>in</strong> to aircraft physical network systems (i.e.,<br />
Requirement 3).<br />
• Requirement 6: If a software system (e.g., a comb<strong>in</strong>ation of software entities) primarily<br />
or exclusively communicates <strong>in</strong> a tight relationship with<strong>in</strong> their select group and the<br />
group is comprised of entities at different software levels, then that tight-knit, cross-level<br />
community can be comb<strong>in</strong>ed <strong>in</strong>to a partitioned network enclave together (e.g., <strong>in</strong>tegrated<br />
modular avionics systems). That localized enclave operates <strong>in</strong> a system-high manner.<br />
There needs to be a special extenuat<strong>in</strong>g process or policy established with<strong>in</strong> that enclave<br />
to enable a system-high situation to exist, s<strong>in</strong>ce it represents an exception to the most<br />
direct application of the Biba Integrity Model, which naturally results <strong>in</strong> MSLS<br />
partitioned networks (i.e., see Requirement 1). System high networks are classified at the<br />
software level of the lowest classification level entity with<strong>in</strong> that group<strong>in</strong>g and are<br />
dist<strong>in</strong>ct network enclave partitions from MSLS partitioned enclaves (i.e., Requirement 1<br />
systems).<br />
• Requirement 7: It needs to be noted with<strong>in</strong> the assurance process whenever a system or<br />
software entity has safety-related network connectivity requirements or dependencies<br />
with any other system or software entities. Specifically, it should be noted if entities<br />
have real-time, latency-sensitive, or high-availability connectivity requirements with<br />
specific other entities. If the network enclave that supports those entities cannot be<br />
assured to satisfy those network connectivity requirements, then those elements can be<br />
supported via a dedicated data bus (or LAN) that solely exists to meet that connectivity<br />
requirement. 32 If a dedicated physical data bus needs to communicate with other <strong>LANs</strong> or<br />
data buses, then the dedicated physical data bus is l<strong>in</strong>ked to that other physical network<br />
via a router (i.e., a relay device operat<strong>in</strong>g at the network (i.e., IP) layer only).<br />
32<br />
The reason for the dedicated data bus (or LAN) is to ensure that the special network requirements of those<br />
devices will be met. It is of course preferable if their requirements can be met <strong>in</strong> the normal manner (e.g., via a<br />
common high-assurance LAN). However, this requirement exists to say that it is okay to provide special data<br />
bus connectivity for certa<strong>in</strong> devices hav<strong>in</strong>g requirements that absolutely require dedicated physical data buses or<br />
<strong>LANs</strong>.<br />
104