Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
should be emphasized that there is no right or wrong answer to the various question 24 topics,<br />
because the <strong>in</strong>dividual answers are <strong>in</strong> terms of a specific context envisioned by the responder,<br />
with no common context be<strong>in</strong>g provided for each respondent. Thus, whenever a respondent<br />
answered “yes,” that person was th<strong>in</strong>k<strong>in</strong>g of a scenario <strong>in</strong> which that event could result <strong>in</strong> a<br />
major fault. If they answered “no,” they did not th<strong>in</strong>k of such a scenario. There is a loose<br />
correlation for those <strong>in</strong>dividuals whose corporate function was actively <strong>in</strong>volved with mak<strong>in</strong>g<br />
software components that tended to answer “yes” more frequently to the question 24 A through<br />
H than those <strong>in</strong>dividuals who worked for entities that were not actively creat<strong>in</strong>g aircraft<br />
software.<br />
Yes answers to questions 24F and 24G represent potential challenges to this study <strong>in</strong> that it has<br />
been stated that confidentiality is not particularly relevant for safety. N<strong>in</strong>e respondents thought<br />
that ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g the confidentiality of passenger lists can have safety implications and 11<br />
thought that reveal<strong>in</strong>g the current location of aircraft could have potential safety implications.<br />
Should the <strong>FAA</strong> determ<strong>in</strong>e that confidentiality can have safety implications, then appropriate<br />
confidentiality controls will need to be added to the exemplar airborne network architecture<br />
recommended by this study.<br />
Two different answers greatly surprised the authors of the survey:<br />
• On question 17, it was expected to see many answers that aircraft software did not use<br />
any operat<strong>in</strong>g system—which three of the five respondents did. From the po<strong>in</strong>t of view<br />
of the study, this is a f<strong>in</strong>e choice for the reasons discussed <strong>in</strong> section 4.4 of this report.<br />
However, the authors were particularly pleased that one respondent is us<strong>in</strong>g “A<br />
commercial operat<strong>in</strong>g system <strong>in</strong>dependently designed for high assurance uses (e.g.,<br />
GreenHills Integrity Kernel).” From the po<strong>in</strong>t of view of this study, this is an<br />
outstand<strong>in</strong>g choice (see sections 4.3 and 4.4). On the other hand, another respondent is<br />
also us<strong>in</strong>g “A general purpose commercial-off-the-shelf (COTS) operat<strong>in</strong>g system such<br />
as MS-DOS, a Microsoft W<strong>in</strong>dows variant (e.g., W<strong>in</strong>dows XP), Mac OS, or a Unix<br />
variant (e.g., L<strong>in</strong>ux).” Section 4.3 of the study discusses why this choice is problematic.<br />
• The above summary does not identify the relationships between a s<strong>in</strong>gle respondent’s<br />
answers. However, when that correlation is preserved, the respondents who are build<strong>in</strong>g<br />
Level A software are do<strong>in</strong>g so by construct<strong>in</strong>g software components with more than 4000<br />
l<strong>in</strong>es of C/C++ code—<strong>in</strong>deed, one respondent stated that their Level A software has more<br />
than 10,000 l<strong>in</strong>es of C code. (Note: this does not count the l<strong>in</strong>es of code for the<br />
operat<strong>in</strong>g system, if any.) Software this large has many opportunities to have numerous<br />
latent software bugs that attackers could leverage should that software be deployed <strong>in</strong> a<br />
networked environment. This is a matter of significant concern.<br />
B-6