Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
either the user or the trusted software and may not be imitated by other software.<br />
… This section argues that without operat<strong>in</strong>g system support for mandatory<br />
security and trusted path, application-space mechanisms for access control and<br />
cryptography cannot be implemented securely.” (Quoted from Section 2 of<br />
reference 32.)<br />
“A secure operat<strong>in</strong>g system is an important and necessary piece to the total<br />
system security puzzle, but it is not the only piece. A highly secure operat<strong>in</strong>g<br />
system would be <strong>in</strong>sufficient without application-specific security built upon it.<br />
Certa<strong>in</strong> problems are actually better addressed by security implemented above the<br />
operat<strong>in</strong>g system. One such example is an electronic commerce system that<br />
requires a digital signature on each transaction.” (Quoted from Section 5 of<br />
reference 32.)<br />
Additionally, although not mentioned <strong>in</strong> the NSA paper, a secure system also needs to leverage<br />
secured communications protocols (see section 4.5).<br />
Modern COTS OSs lack the controls that permit them to be secured <strong>in</strong> a high-assurance manner.<br />
Because of this, the applications that they host do not provide the provisions to permit them to<br />
have high-assurance properties either. For example, their access control and cryptographic<br />
functions cannot be implemented <strong>in</strong> a demonstrably secure manner today. These effects escalate,<br />
impact<strong>in</strong>g the effectiveness of their data communications protocols and <strong>in</strong>terdevice relationships,<br />
cumulatively potentially affect<strong>in</strong>g the many devices populat<strong>in</strong>g the networked environment.<br />
Another factor directly affect<strong>in</strong>g the viability of COTS security <strong>in</strong> networked environments is the<br />
very high reliance that COTS devices have upon correct configuration and management practice.<br />
COTS devices usually have many possible configuration sett<strong>in</strong>gs that must be properly set <strong>in</strong> a<br />
coord<strong>in</strong>ated manner with the sett<strong>in</strong>gs of other devices with<strong>in</strong> the networked system if the<br />
cumulative protections of that networked system can be effective. The relative competency of<br />
system adm<strong>in</strong>istrators and network adm<strong>in</strong>istrators to correctly configure these devices is,<br />
therefore, an essential issue affect<strong>in</strong>g the security of these systems. Because network security<br />
currently has such high operational reliance, it is not possible to certify the vast majority of<br />
COTS-based network environments today except at the lowest assurance levels.<br />
While these observations about the security vulnerabilities of COTS devices <strong>in</strong> networked<br />
systems are sober<strong>in</strong>g, it is important to recognize that these issues are not localized to avionics<br />
systems but rather are universally common to both <strong>in</strong>dustry and government worldwide.<br />
Network systems are potentially vast collections of entities directly or <strong>in</strong>directly cooperat<strong>in</strong>g<br />
together. The relative security profile of networked COTS devices is based upon each of the<br />
follow<strong>in</strong>g dependencies work<strong>in</strong>g correctly and <strong>in</strong> harmony:<br />
• Potentially complex device sett<strong>in</strong>gs effectively coord<strong>in</strong>ated among the devices networkwide.<br />
For COTS system elements, this traditionally equates to a high dependence upon<br />
the competency of system and network adm<strong>in</strong>istrative personnel to correctly configure<br />
and manage networked devices over time.<br />
33