Advertisement

A Security Engineering Process Approach for the Future Development of Complex Aircraft Cabin Systems

  • Hartmut Hintze
  • Benjamin Wiegraefe
  • Ralf God
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 405)

Abstract

Due to increasing functionality associated with rising complexity of aircraft cabin systems which are used by cabin crew, passengers, maintenance staff and other stakeholders, security engineering has to become an integral part of the system engineering process in aviation industry. This paper deals with a security engineering process approach for the development of complex aircraft systems, which is fully integrated into the development process. As an appropriate process model we introduce the so called three-V-model, which represents the governing system engineering process (SEP) associated with the safety engineering process (SafEP) and the security engineering process (SecEP). All three processes are pursued concurrently and are interacting reciprocally on each development level with the predominant SEP. We describe in detail involved security engineering activities and finally demonstrate how the interaction between the SEP and the SecEP is improved and optimized by the use of so called security context parameters (SCPs).

Keywords

Security Aircraft Cabin Systems Complex Systems Development Process Three-V-Model Security Context Parameters 

References

  1. 1.
    EUROCAE / SAE: Certification considerations for highly-integrated or complex aircraft systems. EUROCAE ED-79 / SAE ARP-4754 (1996)Google Scholar
  2. 2.
    EUROCAE / SAE: Guidelines and methods for conducting the safety assessment process on civil airborne systems. EUROCAE ED-135 / SAE ARP-4761 (1996)Google Scholar
  3. 3.
    Benz, S.: Eine Entwicklungsmethodik für sicherheitsrelevante Elektroniksysteme im Automobil. PhD thesis, Universität Karlsruhe, Karlsruhe (2004)Google Scholar
  4. 4.
    EUROCAE / RTCA: Airworthiness security process specification. EUROCAE ED-202 / RTCA DO-326 (2010)Google Scholar
  5. 5.
    Hintze, H., Tolksdorf, A., God, R.: Cabin core system - A next generation platform for combined electrical power and data services. In: Proceedings of 3rd International Workshop on Aircraft System Technologies, AST 2011, Hamburg, 221-231 (2011)Google Scholar
  6. 6.
    Rosenberg, B.: Cabin Management Systems. Avionics Magazine, 26–30 (2010)Google Scholar
  7. 7.
    Ebert, C.: Systematisches Requirements Engineering, 3rd edn. dpunkt.verlag, Heidelberg (2010)Google Scholar
  8. 8.
    EASA / FAA: Equipment, systems, and installations. EASA Certification Standards 25.1309 / FAA Federal Aviation Regulations 25.1309Google Scholar
  9. 9.
    ARINC: Network domain characteristics and interconnection. ARINC 664P5 – Aircraft data network part 5 (2005)Google Scholar
  10. 10.
    ARINC: Commercial aircraft information security concepts of operation and process framework. ARINC Report 811 (2005)Google Scholar
  11. 11.
    Air Transport Association: Information Standards for Aviation Maintenance. ATA Spec 2200 (2010)Google Scholar
  12. 12.
    ISO/IEC: Information technology – Security techniques – Information security risk management. ISO/IEC 27005:2008 (2008)Google Scholar
  13. 13.
    Blanquart, J.-P., Bieber, P., Descargues, G., Hazane, E., Julien, M., Léonardon, L.: Similarities and dissimilarities between safety levels and security levels. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-2.pdf
  14. 14.
    Nahorney, B.: The Downadup Codex - A comprehensive guide to the threat’s mechanics. In: Symantec - Security Response (2009), http://www.whitepapersdb.com/whitepapers/download/1207
  15. 15.
    Falliere, N., OMurchu, L., Chien, E.: W32.Stuxnet Dossier. In: Symantec - Security Response (2011), http://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf
  16. 16.
    Bieber, P., Blanquart, J.-P., Descargues, G., Dulucq, M., Fourastier, Y., Hazane, E., Julien, M., Léonardon, L.: Security and Safety Assurance for Aerospace Embedded Systems. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-1.pdf
  17. 17.
    Hintze, H., God, R.: A model-based security engineering process approach for the development of next generation cabin management systems (2013) (unpublished results)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Hartmut Hintze
    • 1
  • Benjamin Wiegraefe
    • 1
  • Ralf God
    • 1
  1. 1.Institute of Aircraft Cabin SystemsTUHHHamburgGermany

Personalised recommendations