Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
espective system safety or security mechanism, with possible safety consequences to the<br />
aircraft, depend<strong>in</strong>g on the specific consequence of that failure.<br />
Previous studies have sought to address airborne software safety and security by correlat<strong>in</strong>g<br />
DO-178B safety processes with CC security processes. This correlation produces necessary but<br />
<strong>in</strong>adequate results. It is <strong>in</strong>adequate because it lacks mathematical rigor and therefore produces<br />
ad hoc conclusions. The results are ad hoc because even when safety and security are correlated,<br />
they are nevertheless dist<strong>in</strong>ct concepts from each other, address<strong>in</strong>g very different concerns.<br />
This report states that the primary issue impact<strong>in</strong>g network airborne system safety is how to<br />
extend exist<strong>in</strong>g ARP 4574, ARP 4761, DO-178B, and DO-254 assurance guidance processes<br />
<strong>in</strong>to networked systems and environments <strong>in</strong> a mathematically viable manner. This study<br />
recommends to extend these processes <strong>in</strong>to arbitrarily vast network environments <strong>in</strong> a<br />
mathematically viable manner by us<strong>in</strong>g the Biba Integrity Model framework. This report maps<br />
current DO-178B and ARP 4754 processes <strong>in</strong>to the Biba Integrity Model framework us<strong>in</strong>g wellestablished<br />
system security eng<strong>in</strong>eer<strong>in</strong>g processes to def<strong>in</strong>e airborne safety requirements. It<br />
applies best current <strong>in</strong>formation assurance techniques upon those airborne safety requirements to<br />
create a generic airborne network architecture.<br />
S<strong>in</strong>ce the Biba Integrity Model is an <strong>in</strong>tegrity framework, it has a natural mechanism for relat<strong>in</strong>g<br />
safety and security concepts <strong>in</strong> terms of their respective <strong>in</strong>tegrity attributes. Nevertheless, this<br />
study recommends that the model be implemented solely with<strong>in</strong> the context of exist<strong>in</strong>g <strong>FAA</strong><br />
safety processes. This results <strong>in</strong> airborne network systems be<strong>in</strong>g organized <strong>in</strong>to networks that<br />
operate at specific safety <strong>in</strong>tegrity levels (e.g., the DO-178B software levels).<br />
There are fortuitous secondary effects from us<strong>in</strong>g the Biba Integrity Model to extend current<br />
<strong>FAA</strong> processes <strong>in</strong>to networked environments, which stem from its role as the direct analog of the<br />
Bell-LaPadula Confidentiality Model. The Bell-LaPadula Confidentiality Model forms the<br />
framework for confidentiality with<strong>in</strong> U.S. DoD <strong>in</strong>formation process<strong>in</strong>g. Consequently, the<br />
application of the Biba Integrity Model to airborne system assurance processes results <strong>in</strong> an<br />
airborne network architecture that remarkably resembles the emerg<strong>in</strong>g DoD network<br />
architecture, the global <strong>in</strong>formation grid, despite their very different underly<strong>in</strong>g goals.<br />
Consequently, the generic airborne network architecture identified by this study greatly<br />
resembles the DoD’s GIG architecture. While military technologies could be used to implement<br />
the airborne network architecture, this study recommends the use of civilian IPs deployed as a<br />
virtual private network. In addition, the similarities between the Biba Integrity Model and the<br />
Bell-LaPadula Confidentiality Model may result <strong>in</strong> <strong>in</strong>creased synergies between DoD and <strong>FAA</strong><br />
certification processes.<br />
Deploy<strong>in</strong>g airborne systems <strong>in</strong>to networked environments means that the <strong>FAA</strong> system safety<br />
assessment (ARP 4761), system development (ARP 4754), software assurance (DO-178B), and<br />
complex electronic hardware assurance (DO-254) processes need to be extended to address and<br />
mitigate network threats. For example, although security is primarily a systems concept<br />
<strong>in</strong>volv<strong>in</strong>g system issues (e.g., ARP 4754), the Biba Integrity Model relies upon the networked<br />
items hav<strong>in</strong>g <strong>in</strong>tegrity attributes that function at a known assurance level (e.g., specific DO-178B<br />
software levels). This means that the processes for develop<strong>in</strong>g those items for network<br />
138