Abstract
The era of digital avionics is opening a fabulous opportunity to improve aircraft operational functions, airline dispatch and service continuity. But arising vulnerabilities could be an open door to malicious attacks. Necessity for security protection on airborne systems has been officially recognized and new standards are actually under construction. In order to provide development assurance and countermeasures effectiveness evidence to certification authorities, security objectives and specifications must be clearly identified thanks to a security risk assessment process. This paper gives main characteristics for a security risk assessment methodology to be integrated in the early design of airborne systems development and compliant with airworthiness security standards.
Keywords
- airworthiness
- risk assessment
- security
- safety
- avionic networks
Download conference paper PDF
References
SAE International (Society of Automotive Engineers, Inc.): Certification Considerations for Highly-Integrated Or Complex Aircraft Systems (ARP-4754), USA (1996)
SAE International (Society of Automotive Engineers): Guidelines and methods for constructing the safety assessment process on civil airborne systems and equipment (ARP-4761), USA (1996)
Radio Technical Commission for Aeronautics (RTCA SC-167) and European Organization for Civil Aviation Electronics (EUROCAE WG-12): Software considerations in airborne systems and equipment certification (DO-178B/ED-12), Washington, USA (1992)
European Organization for Civil Aviation Electronics (EUROCAE WG-46) and Radio Technical Commission for Aeronautics (RTCA SC-180): Design assurance guidance for airborne electronic hardware (DO-254/ED-80), Paris, France (2000)
De Cerchio, R., Riley, C.: Aircraft systems cyber security. In: IEEE/AIAA Digital Avionics Systems Conference, Seattle, USA, pp. 1C3.1–1C3.7 (2011)
European Organization for Civil Aviation Equipment (EUROCAE WG-72) and Radio Technical Commission for Aeronautics (RTCA SC-216): Airworthiness security process specification, ED-202 (2010)
RTCA SC-216 and EUROCAE WG-72: Airworthiness security methods and considerations (ED-203). Working draft version rev.9.5 (2011)
Jacob, J.M.: High assurance security and safety for digital avionics. In: 23rd IEEE/AIAA Digital Avionics Systems Conference, Salt Lake City, USA, vol. 2, pp. 8.E.4–8.1-9 (2004)
International Organization for Standardization: Common Criteria for Information Technology Security Evaluation (CC v.3.1) (2009), http://www.commoncriteriaportal.org
Ministerio de Administraciones Publicas (Spanish Ministry for Public Administrations), MAGERIT. Spain (2005)
Insight Consulting: CRAMM (CCTA Risk Analysis and Management Method). United Kingdom (2003)
National Institute for Standards and Technology (NIST): Risk Management Guide for Information Technology systems. United States (2002)
Carnegie Mellon University, SEI (Software Engineering Institute): OCTAVE v2.0. USA (2005)
CLUSIF (Club for the Security of Information in France): MEHARI (Method for Harmonized Analysis of Risk), France (2010)
Direction Centrale de la Sécurité des Systèmes d’Information (DCSSI): EBIOS - Expression des Besoins et Identification des Objectifs de Sécurité, Paris, France (2004)
Liao, N., Li, F., Song, Y.: Research on real-time network security risk assessment and forecast. In: 2010 International Conference on Intelligent Computation Technology and Automation (ICICTA), Changsha, China, vol. 3, pp. 84–87 (2010)
Alhabeeb, M., Almuhaideb, A., Dung, L.P., Srinivasan, B.: Information Security Threats Classification Pyramid. In: 24th IEEE International Conference on Advanced Information Networking and Applications Workshops, Paderborn, Germany, pp. 208–213 (2010)
Ortalo, R., Deswarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. In: 6th International Conference on Dependable Computing for Critical Application (DCCA-6), Garmish, Germany (1997)
Ben Mahmoud, M.S., Larrieu, N., Pirovano, A.: A risk propagation based quantitative assessment methodology for network security. In: 2011 Conference on Network and Information Systems Security (SAR-SSI), La Rochelle, France, pp. 1–9 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gil Casals, S., Owezarski, P., Descargues, G. (2012). Risk Assessment for Airworthiness Security. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-33678-2_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33677-5
Online ISBN: 978-3-642-33678-2
eBook Packages: Computer ScienceComputer Science (R0)
