Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
12. COTS computer systems cannot be adequately secured with<strong>in</strong> large network<br />
environments, <strong>in</strong> general, because their security controls cannot be trusted to perform as<br />
<strong>in</strong>tended when attacked. These devices conta<strong>in</strong> potential vulnerabilities potentially<br />
affect<strong>in</strong>g security and safety of other networked entities whenever they are deployed<br />
with<strong>in</strong> large networks. COTS computer systems, and the applications they support,<br />
cannot be high assurance.<br />
The follow<strong>in</strong>g are the recommendations of this study (see section 8.3 for a generic safety and<br />
security design implement<strong>in</strong>g these recommendations and safety requirements).<br />
1. Exist<strong>in</strong>g ARP 4574, ARP 4761, DO-178B, and DO-254 assurance guidance processes be<br />
extended <strong>in</strong>to network environments by us<strong>in</strong>g the Biba Integrity Model framework to<br />
def<strong>in</strong>e network safety and security assurance concepts.<br />
2. The Biba Integrity Model be implemented solely with<strong>in</strong> the context of exist<strong>in</strong>g <strong>FAA</strong><br />
safety processes. This results <strong>in</strong> airborne network systems be<strong>in</strong>g organized <strong>in</strong>to networks<br />
that operate at specific safety <strong>in</strong>tegrity levels (e.g., the DO-178B software levels).<br />
3. ARP 4754 and <strong>FAA</strong> policy be extended to address attack prevention and mitigation by<br />
us<strong>in</strong>g security controls. IA controls need to comply with best common IA practice,<br />
which is def<strong>in</strong>ed by the NSA’s IATF [50]. These controls need to be implemented <strong>in</strong><br />
accordance with best current defense-<strong>in</strong>-depth practices.<br />
4. <strong>Aircraft</strong> be def<strong>in</strong>ed as Mobile ASs, which have embedded VPN network enclave<br />
partitions, each of which operates at a specific assurance level.<br />
5. The aircraft should be configured as a mobile AS that moves <strong>in</strong> reference to other ASs<br />
with<strong>in</strong> the larger worldwide aeronautical system. In this approach, each <strong>in</strong>dividual<br />
networked entity with<strong>in</strong> aircraft is IP addressed and the network topology changes that<br />
occur as the aircraft moves are handled by the BGP protocol that l<strong>in</strong>ks the aircraft to<br />
other ASs. IP address<strong>in</strong>g issues may arise with this model depend<strong>in</strong>g on whether the<br />
aircraft’s IP addresses are associated with a specific service provider (e.g., CIDR; see<br />
RFC 1517) or not.<br />
6. DO-178B and ARP 4754 processes be extended to <strong>in</strong>clude security vulnerability<br />
penetration tests of the <strong>in</strong>tegrated airborne network, systems, and each of its constituent<br />
items prior to <strong>in</strong>itial certification and deployment. This <strong>in</strong>cludes exam<strong>in</strong><strong>in</strong>g their actual<br />
vulnerability to attacks as shown <strong>in</strong> appendix A (e.g., network mapp<strong>in</strong>g, vulnerability<br />
scann<strong>in</strong>g, penetration test<strong>in</strong>g, password crack<strong>in</strong>g, etc.).<br />
7. Devices operat<strong>in</strong>g at specific criticality levels (i.e., failure condition categories, ARP<br />
4754 system development assurance levels, DO-178B software levels, DO-254 Hardware<br />
Design Assurance Levels) should be organized <strong>in</strong>to specific network partitions (VPN<br />
network enclaves) that operate at a specific assurance level <strong>in</strong> a manner parallel to the<br />
DoD classification levels. Network enclaves for IP networks should be established by<br />
141