Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
with extensive scrut<strong>in</strong>y. The larger the code base, the more questionable the quality of<br />
the scrut<strong>in</strong>y. This means that software developers need to actively consider how to create<br />
high-assurance software for network environments so that the result<strong>in</strong>g software can be<br />
assured to be as bug free as possible. Until a theoretical solution is devised that produces<br />
guaranteed, high-assurance, bug free results, high-assurance software needs to undergo a<br />
very thorough (formal) l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection. A possible alternative is for the<br />
software developer to assemble high-assurance software modules. The <strong>in</strong>tegration of<br />
these modules faces the same types of <strong>in</strong>tegration issues addressed <strong>in</strong> ARP 4754, but this<br />
may potentially result <strong>in</strong> an approval approach <strong>in</strong> which only a select subset of the total<br />
software corpus will require a formal l<strong>in</strong>e-by-l<strong>in</strong>e code <strong>in</strong>spection.<br />
27. All software <strong>in</strong> networked environments should comply with the processes established by<br />
an <strong>FAA</strong>-approved software distribution (i.e., storage and download) system. Software<br />
development processes need to <strong>in</strong>clude concrete plans for how software will be<br />
ma<strong>in</strong>ta<strong>in</strong>ed and securely distributed over the software’s life span.<br />
28. Software that is currently hosted on COTS OSs should be evaluated to be ported to a<br />
more secure foundation. High-assurance software (i.e., Levels A and B) cannot reside on<br />
COTS OSs, because COTS OSs are not high-assurance and conta<strong>in</strong> latent vulnerabilities<br />
that can be attacked. That software should be either ported to reside on a high-assurance<br />
OS or else rewritten to not reside on any OS.<br />
29. The worldwide civil aviation community should identify common solutions for identity<br />
(see section 4.8), IP address<strong>in</strong>g (see sections 5.3 and 5.4), nam<strong>in</strong>g, rout<strong>in</strong>g (see section<br />
5.5), protocol security (see section 4.5), and authentication (see section 4.9) subsystems.<br />
These common approaches need to be realized by consistent technology and<br />
configuration choices that produce a coherent worldwide civil aviation network<br />
<strong>in</strong>frastructure. These important technical issues need to be agreed upon by the<br />
aeronautical community before airborne avionics systems become networked to other<br />
aircraft or ground systems. This is because the safety of networked airborne LAN<br />
systems is potentially affected by the quality and <strong>in</strong>tegrity of the network system that is<br />
created by the worldwide civil aviation community. It is risky to permit networked<br />
airborne LAN systems to be created before the worldwide civil aviation community has<br />
decided on a common approach to address these key subsystems. <strong>Aircraft</strong> need to handle<br />
identity, IP address<strong>in</strong>g, nam<strong>in</strong>g, rout<strong>in</strong>g, protocol security, and authentication <strong>in</strong> a<br />
consistent manner with each other and with civil aviation ground systems if aircraft and<br />
NAS systems are to be networked together. The <strong>in</strong>terfaces of both airborne and ground<br />
systems therefore need to be carefully articulated and designed if potentially significant<br />
security problems are to be avoided.<br />
30. This study recommends that the <strong>FAA</strong> evaluate us<strong>in</strong>g AJ waveforms for air-to-ground<br />
communications.<br />
31. Before a worldwide civil aviation network can be deployed, the worldwide civil aviation<br />
community explicitly should determ<strong>in</strong>e the policies and trust models that will perta<strong>in</strong> to<br />
the worldwide civil aviation network <strong>in</strong>frastructure.<br />
146