Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
alternative requires that parallel (i.e., dist<strong>in</strong>ct) sets of onboard networks and wireless external<br />
communications systems be created, one for passengers and one for the other aircraft systems.<br />
The figure 3 approach, therefore, has a higher SWAP overhead than the figure 1 approach, by<br />
requir<strong>in</strong>g parallel <strong>in</strong>ternal (onboard LAN) and external network (radio, satellite, etc.)<br />
connectivity, without significantly improv<strong>in</strong>g the security profile for the aircraft itself.<br />
3. EXTENDING THE CURRENT <strong>FAA</strong> CERTIFICATION ENVIRONMENT.<br />
The purpose of this section is to provide an orientation for how this study recommends that the<br />
certification environment be extended to handle networked airborne <strong>LANs</strong>. The specific theory,<br />
rationale, and process underly<strong>in</strong>g this study’s recommendations are expla<strong>in</strong>ed <strong>in</strong> subsequent<br />
sections (i.e., sections 6, 7, and 8).<br />
It was previously mentioned that current <strong>FAA</strong> and civil aviation safety assurance processes for<br />
airborne systems are based on ARP 4754, ARP 4761, and the ACs. <strong>FAA</strong> software assurance is<br />
based on compliance with DO-178B, and complex electronic hardware design assurance is based<br />
on DO-254. The primary <strong>FAA</strong> certification standards are the respective regulations, <strong>FAA</strong><br />
policy, and the ACs. This study addresses how to extend these processes and certification<br />
environment to <strong>in</strong>clude networked airborne <strong>LANs</strong> <strong>in</strong> a mathematically viable manner. Because<br />
of the large scope of the current <strong>FAA</strong> policies and processes, this report addresses this larger task<br />
by expla<strong>in</strong><strong>in</strong>g how to specifically extend its airborne software assurance subset.<br />
Figure 5 shows a simplified and abstracted view of the current <strong>FAA</strong> software assurance approval<br />
process. It shows that airborne software is currently developed and approved primarily<br />
accord<strong>in</strong>g to the guidance and processes described with<strong>in</strong> DO-178B. 2 When <strong>in</strong>dividual software<br />
items are comb<strong>in</strong>ed <strong>in</strong>to <strong>in</strong>tegrated or complex systems, then additional safety considerations<br />
apply, which are documented <strong>in</strong> ARP 4754. These considerations address <strong>in</strong>tegration issues and<br />
system vulnerabilities that may arise from system dependencies. ARP 4754 refers to each<br />
element with<strong>in</strong> that system as be<strong>in</strong>g an item. This same term<strong>in</strong>ology is adopted by this study.<br />
DO-178B builds upon system design concepts such as the AC 25.1309-1A fail safe design<br />
concepts, one of which is <strong>in</strong>tegrity. Both DO-178B and ARP 4754 (i.e., section 2.2.2 of<br />
DO-178B, where it is called the “software level def<strong>in</strong>itions,” and Table 3 of ARP 4754) rely<br />
upon the same five failure condition categories. Indeed, the same failure condition categories are<br />
consistently used with<strong>in</strong> other civil aviation documents as well (e.g., Table 2-1 of DO-254 and<br />
Table 1 of ARP 4761). Different development processes are applied to items classified <strong>in</strong><br />
different failure condition categories so that items classified <strong>in</strong> the more severe safety failure<br />
conditions are developed by more extensive processes that produce higher assurance results. For<br />
software items, this is reflected <strong>in</strong> the DO-178B software level def<strong>in</strong>itions. For this reason, this<br />
report refers to DO-178B software levels as reflect<strong>in</strong>g safety assurance levels.<br />
2 There are other applicable policies and guidance <strong>in</strong> addition to DO-178B that can also be applied. Please recall<br />
that this figure is a simplified abstraction.<br />
15