Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
IP networks are organized <strong>in</strong> terms of ASs, which are the unit of policy (e.g., security policy,<br />
QoS policy) with<strong>in</strong> IP networks (see section 5.3). The router-to-router protocols of IP networks<br />
are subdivided <strong>in</strong>to two dist<strong>in</strong>ct systems:<br />
• An <strong>in</strong>terior gateway protocol (IGP) is used between routers with<strong>in</strong> a common AS.<br />
Example IGP protocols <strong>in</strong> IP systems <strong>in</strong>clude OSPF (see RFC 2328) and IS-IS (see RFC<br />
1195).<br />
• An exterior gateway protocol (EGP) is used between routers located <strong>in</strong> different ASs<br />
from each other. The prevalent IP EGP is the border gateway protocol (BGP, see RFC<br />
1771).<br />
Both of these router protocol systems are subject to attack. Attacks aga<strong>in</strong>st rout<strong>in</strong>g protocols are<br />
a subset of the possible attacks aga<strong>in</strong>st the network system itself.<br />
Appendix A conta<strong>in</strong>s technical details about historic attack mechanisms and tools to identify and<br />
exploit latent bugs with<strong>in</strong> COTS comput<strong>in</strong>g and network systems [32-39]. These mechanisms<br />
are not fully expla<strong>in</strong>ed for nonsecurity personnel—a complete explanation of those details is<br />
outside of the scope of this document. Rather, those details are described <strong>in</strong> the appendix to<br />
provide partial evidence of the fact that the vast majority of modern comput<strong>in</strong>g equipment<br />
deployed with<strong>in</strong> IP networks today cannot be trusted to be secure <strong>in</strong> general. Their security<br />
provisions, <strong>in</strong>clud<strong>in</strong>g their trusted paths and security controls, have repeatedly been<br />
demonstrated to not be viable when attacked. This po<strong>in</strong>t is discussed <strong>in</strong> section 4.4. However,<br />
to prepare the reader for that discussion, it is necessary to alert the reader about the myriad of<br />
vulnerabilities that are currently latent <strong>in</strong> today’s COTS devices, vulnerabilities that can be<br />
exploited by (remote) attackers to attack the security, and possibly the safety, of networked<br />
systems. Readers who are unfamiliar with these vulnerabilities are encouraged to read appendix<br />
A before proceed<strong>in</strong>g.<br />
4.4 MIXING EMBEDDED SYSTEMS AND GENERIC OPERATING SYSTEMS.<br />
Embedded systems can be successfully designed for high-assurance environments. For example,<br />
DO-178B def<strong>in</strong>es processes so that Level A systems can have a very high degree of safety<br />
assurance. What is unknown, however, is whether these same systems will ma<strong>in</strong>ta<strong>in</strong> their high<br />
level of assurance should they be deployed <strong>in</strong> a network environment for which they were not<br />
orig<strong>in</strong>ally designed or approved. Embedded systems can be potentially stressed by localized<br />
attacks <strong>in</strong> ways that were not anticipated by their developers or certifiers, potentially creat<strong>in</strong>g<br />
unexpected results. For example, a latency-sensitive real-time application that is deployed<br />
with<strong>in</strong> a networked environment should be evaluated with a view towards the effects that may<br />
occur should its support<strong>in</strong>g network experience an availability attack (see appendix A, section<br />
A.3). Therefore, each of the items that will be deployed with<strong>in</strong> a generic network environment<br />
need to be evaluated for the entire gamut of network threats discussed <strong>in</strong> appendix A.<br />
31