This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Assessing the Security of Airborne Networks
Technical Paper
2007-01-3784
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
As designers and developers of avionics, we find ourselves challenged by the need to maintain safety guarantees while providing connectivity options that threaten to expose airborne networks to today's internet security hazards. In this presentation, we discuss six approaches to security assessments of airborne systems, including risk assessment and security design assessments defined in existing standards such as NIST 800-30 and CLUSIF Mehari, and those in new and emerging standards.
Recommended Content
Technical Paper | Common Firewall Approach to Aviation Architecture |
Technical Paper | Leveraging Hardware Security to Secure Connected Vehicles |
Instructor-Led Training | Validating Requirements and Improving Specifications with Telematics Data |
Authors
Citation
Johnson, D., "Assessing the Security of Airborne Networks," SAE Technical Paper 2007-01-3784, 2007, https://doi.org/10.4271/2007-01-3784.Also In
Aerospace Safety- Design, Maintenance/Operations, and Safety/Security
Number: SP-2141; Published: 2007-09-17
Number: SP-2141; Published: 2007-09-17
References
- CLUSIF MEHARI V3 Oct 2004 http://www.clusif.fr/en/clusif/present/
- DCSSI EBIOS “EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité)” Feb 2004 http://www.ssi.gouv.fr/en/confidence/ebiospresentati on.html
- ARINC Technical Report 811 “Commercial Aircraft Information Security Concepts of Operation and Process Framework” July 2005
- DoD 5000.2-R “Mandatory Procedures for major Defense Acquisition Programs (MDAP)” April 2002
- ED-79/SAE ARP 4754 “Certification Considerations for Highly-Integrated or Complex Aircraft Systems” April 1996
- EUROCAE WG72 “Air Worthiness Security Assessment Process” 2007
- FAA AC/AMJ 25.1309 (Arsenal Draft) “System Design and Analysis for Part 25 Airplanes” June 2002
- IEEE Std 1220-1998 “Standard for Application and Management of the Systems Engineering Process” 1998
- ISO/SEC 15408 “Common Criteria for Information Technology Security Evaluation, version 3.0” June 2005
- NIST 800-30 “Risk Management Guide for Information Technology Systems” July 2002
- NIST 800-53 “Recommended Security Controls for Federal Information Systems” Feb 2005
- NSA IATF “Information Assurance Technical Framework” Sept 2002 www.iatf.net
- SAE ARP 4761 “Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment” Dec 1996
- SAE ARP 5150 “Safety Assessment of Transport Airplanes in Commercial Service” Nov 2003