Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
with common certification results. It has specifically studied mechanisms for <strong>in</strong>tegrat<strong>in</strong>g CC<br />
security evaluations and DO-178B safety processes, <strong>in</strong>clud<strong>in</strong>g:<br />
• Common Certification of Airborne Software Systems [72]<br />
• Dual Certification for Software [73]<br />
• Common Security Test<strong>in</strong>g and Evaluation [41]<br />
• Integrated Capability Maturity Models [76]<br />
As a result, a grow<strong>in</strong>g body of work exists to guide the government and <strong>in</strong>dustry for how to<br />
create processes to design, test, evaluate, and certify airborne and NAS system elements for<br />
safety and security.<br />
However, the optimum mechanism by which to relate safety and security <strong>in</strong> airborne systems has<br />
rema<strong>in</strong>ed elusive. Resolv<strong>in</strong>g this issue forms one of the primary goals of this study. This issue<br />
is directly addressed <strong>in</strong> this section. This study has significantly diverged from previous studies<br />
by conclud<strong>in</strong>g that the primary issue, as it relates to network airborne safety, is not how to<br />
correlate DO-178B safety and CC security concepts and processes, as was presumed by previous<br />
studies, because such comparisons produce ad hoc results. They are ad hoc because while safety<br />
and security have become <strong>in</strong>tertw<strong>in</strong>ed concerns <strong>in</strong> airborne environments, they are nevertheless<br />
dist<strong>in</strong>ct concepts from each other. Rather, this report states that the primary issue impact<strong>in</strong>g<br />
network airborne safety is how to extend exist<strong>in</strong>g safety policies for airborne system, hardware,<br />
and software <strong>in</strong>to networked environments <strong>in</strong> a mathematically viable manner. This section<br />
recommends that this can be accomplished by us<strong>in</strong>g the Biba Integrity Model. This approach<br />
preserves current safety assurance processes and extends them <strong>in</strong>to networked environments.<br />
Section 6.2 beg<strong>in</strong>s the explanation of the relevant issues. However, before that can be done,<br />
section 6.1 will discuss the derived security requirements of networked safety environments.<br />
6.1 SECURITY REQUIREMENTS OF AIRBORNE NETWORKED ENVIRONMENTS.<br />
The <strong>in</strong>formation presented <strong>in</strong> this section has previously been discussed <strong>in</strong> many studies.<br />
Readers <strong>in</strong>terested <strong>in</strong> additional <strong>in</strong>formation about these concepts are encouraged to read<br />
references 9, 17, 20, and 78-80.<br />
Section 4 and appendix A mention a great many specific security risks that can occur with<strong>in</strong><br />
networked environments. Due to the target-rich nature of this situation, it is not possible to<br />
enumerate all possible security risks that may conceivably occur with<strong>in</strong> airborne network<br />
environments. This section will consider the security requirements at a high-level of abstraction<br />
<strong>in</strong> terms of traditional IA concepts (see glossary). It is important to reiterate that the primary<br />
requirement of all airborne environments, <strong>in</strong>clud<strong>in</strong>g networked environments, is safety. The<br />
security requirements articulated <strong>in</strong> this section are derived from the need to mitigate the known<br />
security threats that occur <strong>in</strong> networked environments so that these security threats will not<br />
create software failure states that could impact safety. These security requirements presume<br />
traditional IA best current practices that were previously described <strong>in</strong> section 5.1.<br />
74