Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
elationship with other equipment <strong>in</strong> networked environments. Attackers could<br />
potentially leverage the lower-assurance items to attack the higher-assurance items by<br />
hostilely chang<strong>in</strong>g the environment <strong>in</strong> which the higher-assurance items operate. The<br />
goal of the network security assurance process, which adds security controls with<strong>in</strong> a<br />
Biba Integrity Model-based architecture, is to address and mitigate these dangers.<br />
• Issues arise <strong>in</strong> regard to Section 23.1309 B 3:<br />
“Warn<strong>in</strong>g <strong>in</strong>formation must be provided to alert the crew to unsafe system<br />
operat<strong>in</strong>g conditions and enable them to take appropriate corrective action.”<br />
It may be challeng<strong>in</strong>g to warn aga<strong>in</strong>st un<strong>in</strong>tended or nonanticipated <strong>in</strong>teractions result<strong>in</strong>g<br />
from other network-resident items that have no functional relationship to the system <strong>in</strong><br />
question. Also, the attack vectors of crackers (hostile human attackers) are difficult to<br />
predict because the attacks are constantly evolv<strong>in</strong>g. Given this, it is unlikely that many<br />
dangers may not be discerned until it is too late.<br />
• Issues arise <strong>in</strong> regard to Section 23.1309 B 4:<br />
“Compliance with the requirements of … may be shown by analysis and,<br />
where necessary, by appropriate ground, flight, or simulator tests.”<br />
Analysis is unlikely to address or recognize the gamut of possible subtle effects result<strong>in</strong>g<br />
from the postattack actions of a compromised network device. Similarly, preattack<br />
system <strong>in</strong>teractions that these types of tests would address may have little relationship to<br />
the modified system <strong>in</strong>teractions that occur dur<strong>in</strong>g or after attacks.<br />
• Issues arise <strong>in</strong> regard to Section 25.1309 b:<br />
“(b) The airplane systems and associated components, considered separately<br />
and <strong>in</strong> relation to other systems, must be designed so that – (1) the<br />
occurrence of any failure condition which would prevent the cont<strong>in</strong>ued safe<br />
flight and land<strong>in</strong>g of the airplane is extremely improbable, …”<br />
This goal is difficult to achieve for networked software for fly-by-wire designs unless<br />
flight critical systems are partitioned by VPNs (or by an equivalently appropriate<br />
partition<strong>in</strong>g approach for networks) to limit and constra<strong>in</strong> un<strong>in</strong>tended <strong>in</strong>teractions that<br />
may occur dur<strong>in</strong>g or after the system has been attacked.<br />
• Issues arise <strong>in</strong> regard to Section 25.1309 d:<br />
“(d) Compliance with the requirements of paragraph (b) of this section must<br />
be shown by analysis, and where necessary, by appropriate ground, flight, or<br />
simulator tests.”<br />
133