Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.1.4 Confidentiality.<br />
Confidentiality is generally not relevant for safety (see appendix B for a discussion to the<br />
contrary). While there are some scenarios where the real-time location of an airplane might<br />
become known to an adversary and conceivably put the plane <strong>in</strong> jeopardy, this threat has not<br />
become widely accepted with<strong>in</strong> the <strong>FAA</strong>. The flight paths of commercial airplanes are already<br />
known, and the real-time <strong>in</strong>formation would have a short lifespan for an attacker. In this<br />
example, old data is of little value to the attacker <strong>in</strong> general.<br />
6.1.5 Nonrepudiation.<br />
With regards to digital security, nonrepudiation means that it can be verified that the sender and<br />
the recipient were, <strong>in</strong> fact, the parties who claimed to send or receive the message, respectively.<br />
Nonrepudiation of orig<strong>in</strong> proves that data has been sent, and nonrepudiation of delivery proves it<br />
has been received. Digital transactions are potentially subject to fraud, such as when computer<br />
systems are broken <strong>in</strong>to or <strong>in</strong>fected with Trojan horses or viruses. Participants can potentially<br />
claim such fraud to attempt to repudiate a transaction. To counteract this, the underly<strong>in</strong>g<br />
processes need to be demonstrably sound so that such claims would not have credence. Logg<strong>in</strong>g<br />
of significant events is needed to create accountability. Log files should be protected from be<strong>in</strong>g<br />
modified or deleted.<br />
Nonrepudiation should be a required security attribute for all electronic parts distribution<br />
systems (e.g., software distribution). All electronic parts need to be signed <strong>in</strong> accordance with<br />
the U.S. Federal DSS [81] <strong>in</strong> accordance with an <strong>FAA</strong>-approved electronic distribution system.<br />
The source and <strong>in</strong>tegrity assurance of an electronic part is a critical element of verify<strong>in</strong>g its<br />
authenticity prior to <strong>in</strong>stallation. This signature needs to be checked and verified at the<br />
deployment site before any electronic part can be deployed. The checks verify that the software<br />
has not been modified subsequent to be<strong>in</strong>g signed. The identity of the signer needs to be<br />
authenticated and authorized previous to deployment.<br />
In addition, whenever adm<strong>in</strong>istrators (both device and human) <strong>in</strong>teract with aviation equipment<br />
or adm<strong>in</strong>ister devices with<strong>in</strong> aircraft, a log of their activity should be kept for analysis,<br />
accountability, and adm<strong>in</strong>istrative purposes (e.g., fault <strong>in</strong>vestigation). The log file needs to<br />
record the specific identity of the human responsible, the time, actions performed, as well as<br />
optionally the location from which the access occurred. This log needs to be protected from<br />
subsequent modification or deletion. If network or host <strong>in</strong>trusion detection systems (IDS) are<br />
deployed, these log files should be available for those systems to read.<br />
6.2 EXTENDING <strong>FAA</strong> ORDERS, GUIDANCE, AND PROCESSES INTO VAST NETWORK<br />
SYSTEMS.<br />
Different communities use different terms to refer to the same or similar concepts. For example,<br />
it was previously mentioned that current <strong>FAA</strong> safety assurance processes for airborne systems<br />
are based on ARP 4754, ARP 4761, and ACs (e.g., AC 25.1309-1A and AC 23.1309-1C);<br />
software assurance is based on DO-178B; and complex electronic hardware design assurance is<br />
based on DO-254. These references reflect common <strong>FAA</strong> parlance that speaks about the laws,<br />
79