Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
approach is to keep the log <strong>in</strong>formation both on the aircraft and on the ground and to create an<br />
alarm whenever the two copies conta<strong>in</strong> different <strong>in</strong>formation (e.g., produce different hashes).<br />
10.5 HOW CAN IT BE ENSURED THAT NETWORKED SYSTEMS CANNOT IMPACT<br />
SAFETY?<br />
The recommendations and exemplar airborne network architecture of this study are the answer to<br />
this question. For example, see figure 32.<br />
10.6 WHAT SHOULD THE PROCESS BE FOR UPDATING SECURITY PROTECTION<br />
SOFTWARE?<br />
The aircraft design should specify the mechanism by which security protection software is<br />
updated. It is important that security protection software be updated us<strong>in</strong>g the same processes<br />
and the same <strong>FAA</strong>-approved system that handles the issuance of versions of all other aircraft<br />
software.<br />
The system should <strong>in</strong>clude the follow<strong>in</strong>g concepts: the <strong>FAA</strong> should ensure that a secure,<br />
ground-based software storage facility is created to house authoritative versions of aircraft<br />
software. All authorized versions and variants of airborne software are stored <strong>in</strong> this secure<br />
facility. An authorized human signs each software item previous to stor<strong>in</strong>g with<strong>in</strong> this secure<br />
facility us<strong>in</strong>g the U.S. Federal DSS (FIPS 186). Authorized adm<strong>in</strong>istrative personnel or systems<br />
securely retrieve the appropriate software from the secure facility and download it to the target<br />
device with<strong>in</strong> an airplane via formally established processes. This could potentially occur dur<strong>in</strong>g<br />
flight if do<strong>in</strong>g so will not have a detrimental safety impact. To download this software, the<br />
adm<strong>in</strong>istrator will need to establish his or her authentication credentials and to become<br />
authorized to download the software via the airplane software download system. That software<br />
download system then checks the DSS signature of the software that has been securely retrieved<br />
from the secure software storage facility to verify that<br />
• the <strong>in</strong>dividual who orig<strong>in</strong>ally signed that software is authorized to sign software for that<br />
airl<strong>in</strong>e.<br />
• the signed software has not been modified subsequent to sign<strong>in</strong>g.<br />
• the signed software is <strong>in</strong>deed <strong>in</strong>tended to be deployed onto the device the adm<strong>in</strong>istrator is<br />
attempt<strong>in</strong>g to download it onto (<strong>in</strong>clud<strong>in</strong>g be<strong>in</strong>g the appropriate variant).<br />
The aircraft’s software download system will only <strong>in</strong>stall the retrieved official software <strong>in</strong>to the<br />
target device if it successfully passes all three checks. Regardless of whether the checks pass or<br />
fail, the ma<strong>in</strong>tenance event must be logged, list<strong>in</strong>g the identity of the adm<strong>in</strong>istrator, a timestamp,<br />
what was attempted, and the action taken.<br />
135