Risk Assessment for Airworthiness Security

  • Silvia Gil Casals
  • Philippe Owezarski
  • Gilles Descargues
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7612)


The era of digital avionics is opening a fabulous opportunity to improve aircraft operational functions, airline dispatch and service continuity. But arising vulnerabilities could be an open door to malicious attacks. Necessity for security protection on airborne systems has been officially recognized and new standards are actually under construction. In order to provide development assurance and countermeasures effectiveness evidence to certification authorities, security objectives and specifications must be clearly identified thanks to a security risk assessment process. This paper gives main characteristics for a security risk assessment methodology to be integrated in the early design of airborne systems development and compliant with airworthiness security standards.


airworthiness risk assessment security safety avionic networks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    SAE International (Society of Automotive Engineers, Inc.): Certification Considerations for Highly-Integrated Or Complex Aircraft Systems (ARP-4754), USA (1996) Google Scholar
  2. 2.
    SAE International (Society of Automotive Engineers): Guidelines and methods for constructing the safety assessment process on civil airborne systems and equipment (ARP-4761), USA (1996)Google Scholar
  3. 3.
    Radio Technical Commission for Aeronautics (RTCA SC-167) and European Organization for Civil Aviation Electronics (EUROCAE WG-12): Software considerations in airborne systems and equipment certification (DO-178B/ED-12), Washington, USA (1992)Google Scholar
  4. 4.
    European Organization for Civil Aviation Electronics (EUROCAE WG-46) and Radio Technical Commission for Aeronautics (RTCA SC-180): Design assurance guidance for airborne electronic hardware (DO-254/ED-80), Paris, France (2000)Google Scholar
  5. 5.
    De Cerchio, R., Riley, C.: Aircraft systems cyber security. In: IEEE/AIAA Digital Avionics Systems Conference, Seattle, USA, pp. 1C3.1–1C3.7 (2011)Google Scholar
  6. 6.
    European Organization for Civil Aviation Equipment (EUROCAE WG-72) and Radio Technical Commission for Aeronautics (RTCA SC-216): Airworthiness security process specification, ED-202 (2010)Google Scholar
  7. 7.
    RTCA SC-216 and EUROCAE WG-72: Airworthiness security methods and considerations (ED-203). Working draft version rev.9.5 (2011)Google Scholar
  8. 8.
    Jacob, J.M.: High assurance security and safety for digital avionics. In: 23rd IEEE/AIAA Digital Avionics Systems Conference, Salt Lake City, USA, vol. 2, pp. 8.E.4–8.1-9 (2004)Google Scholar
  9. 9.
    International Organization for Standardization: Common Criteria for Information Technology Security Evaluation (CC v.3.1) (2009),
  10. 10.
    Ministerio de Administraciones Publicas (Spanish Ministry for Public Administrations), MAGERIT. Spain (2005)Google Scholar
  11. 11.
    Insight Consulting: CRAMM (CCTA Risk Analysis and Management Method). United Kingdom (2003)Google Scholar
  12. 12.
    National Institute for Standards and Technology (NIST): Risk Management Guide for Information Technology systems. United States (2002)Google Scholar
  13. 13.
    Carnegie Mellon University, SEI (Software Engineering Institute): OCTAVE v2.0. USA (2005)Google Scholar
  14. 14.
    CLUSIF (Club for the Security of Information in France): MEHARI (Method for Harmonized Analysis of Risk), France (2010)Google Scholar
  15. 15.
    Direction Centrale de la Sécurité des Systèmes d’Information (DCSSI): EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, Paris, France (2004)Google Scholar
  16. 16.
    Liao, N., Li, F., Song, Y.: Research on real-time network security risk assessment and forecast. In: 2010 International Conference on Intelligent Computation Technology and Automation (ICICTA), Changsha, China, vol. 3, pp. 84–87 (2010)Google Scholar
  17. 17.
    Alhabeeb, M., Almuhaideb, A., Dung, L.P., Srinivasan, B.: Information Security Threats Classification Pyramid. In: 24th IEEE International Conference on Advanced Information Networking and Applications Workshops, Paderborn, Germany, pp. 208–213 (2010)Google Scholar
  18. 18.
    Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. In: 6th International Conference on Dependable Computing for Critical Application (DCCA-6), Garmish, Germany (1997)Google Scholar
  19. 19.
    Ben Mahmoud, M.S., Larrieu, N., Pirovano, A.: A risk propagation based quantitative assessment methodology for network security. In: 2011 Conference on Network and Information Systems Security (SAR-SSI), La Rochelle, France, pp. 1–9 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Silvia Gil Casals
    • 1
    • 2
    • 3
  • Philippe Owezarski
    • 1
    • 3
  • Gilles Descargues
    • 2
  1. 1.CNRS, LAASToulouseFrance
  2. 2.THALES AvionicsToulouseFrance
  3. 3.Univ de Toulouse: INSA, LAASToulouseFrance

Personalised recommendations