Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
appendix A. This parallelism means that ground systems would also need to address the same<br />
network management issues (see section 8.4).<br />
The exemplar network architecture recommended by this study, therefore, presumes that if<br />
airborne VPN enclaves are connected to other airborne VPN enclaves or to ground VPN<br />
enclaves at the same software (safety) level, then those l<strong>in</strong>ked VPN enclaves form a common<br />
distributed VPN network enclave together that jo<strong>in</strong>tly operates at that specific safety level. The<br />
specific VPN technology identified by this study was chosen because it is expected to be able to<br />
scale to whatever VPN network size is required to support a worldwide deployment. It is<br />
important to recognize that this connectivity means that the worldwide aeronautical network<br />
consists of both the nonenclave worldwide aeronautical network as well as the various<br />
worldwide VPN network enclaves, with each of the latter operat<strong>in</strong>g at a specific safety level. It<br />
therefore comprises partitioned network enclaves located with<strong>in</strong> a larger civil aviation network<br />
whole.<br />
This relationship creates explicit policy issues that the worldwide civil aviation community will<br />
need to address <strong>in</strong> a coherent way. Specifically, what is the trust model between civil aviation<br />
regions? Will the trust model for the regions’ Level A software networks be the same as for<br />
their Level C software networks? What is the trust model between aircraft and ground entities?<br />
If air-to-air communications occur, what is the trust model between aircraft belong<strong>in</strong>g to<br />
different airl<strong>in</strong>es? Will the Level A VPN components of the NAS completely trust European<br />
Level A VPN components and vice versa, or will they establish dist<strong>in</strong>ct policies and service level<br />
agreement (SLA) mapp<strong>in</strong>gs between their components? What security protections (e.g.,<br />
firewalls) will be <strong>in</strong>serted to protect the rest of the VPN elements at that safety level from a<br />
contam<strong>in</strong>ation that occurred with<strong>in</strong> a specific region? How will aircraft that travel between<br />
regions ma<strong>in</strong>ta<strong>in</strong> their connectivity <strong>in</strong> a seamless, safe, and secure manner? If air-to-air<br />
applications and systems are created, what mechanisms (e.g., firewalls) will protect the VPN at a<br />
given safety level <strong>in</strong> one airplane from (perhaps undiagnosed) misbehaviors occurr<strong>in</strong>g <strong>in</strong> the<br />
VPN at that same safety level <strong>in</strong> a different airplane? What policy systems will govern the<br />
<strong>in</strong>terrelationship between aircraft and ground entities? Will SLAs be required?<br />
For any airborne network architecture to be viable <strong>in</strong> real-life deployments, common worldwide<br />
design choices need to be agreed upon to decide how identity, IP address<strong>in</strong>g, nam<strong>in</strong>g, rout<strong>in</strong>g,<br />
and authentication will be handled systemwide. These common def<strong>in</strong>itions and their associated<br />
<strong>in</strong>frastructure should be shared by both air and ground systems with<strong>in</strong> the worldwide civil<br />
aviation network deployment if the result<strong>in</strong>g airborne network is to operate seamlessly between<br />
regions.<br />
8.3.2 Physical Security.<br />
Specific physical security requirements are embedded with<strong>in</strong> the figure 30 design. Those<br />
requirements are that aircraft control and the cockpit (pilot) networks or their devices must not<br />
be physically accessible by aircraft passengers. If there is any possibility of passengers<br />
physically access<strong>in</strong>g the cockpit (pilot) network, then the high-assurance LAN with<strong>in</strong> the cockpit<br />
must be connected to the aircraft control network via the packet filter. Otherwise, the highassurance<br />
LAN <strong>in</strong> the cockpit can use the same physical high-assurance LAN as aircraft control.<br />
114