A Security Engineering Process Approach for the Future Development of Complex Aircraft Cabin Systems

Hintze, Hartmut; Wiegraefe, Benjamin; God, Ralf

doi:10.1007/978-3-642-39218-4_15

A Security Engineering Process Approach for the Future Development of Complex Aircraft Cabin Systems

Hartmut Hintze⁴,
Benjamin Wiegraefe⁴ &
Ralf God⁴

Conference paper

1896 Accesses
4 Citations

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 405)

Abstract

Due to increasing functionality associated with rising complexity of aircraft cabin systems which are used by cabin crew, passengers, maintenance staff and other stakeholders, security engineering has to become an integral part of the system engineering process in aviation industry. This paper deals with a security engineering process approach for the development of complex aircraft systems, which is fully integrated into the development process. As an appropriate process model we introduce the so called three-V-model, which represents the governing system engineering process (SEP) associated with the safety engineering process (SafEP) and the security engineering process (SecEP). All three processes are pursued concurrently and are interacting reciprocally on each development level with the predominant SEP. We describe in detail involved security engineering activities and finally demonstrate how the interaction between the SEP and the SecEP is improved and optimized by the use of so called security context parameters (SCPs).

Keywords

Security
Aircraft Cabin Systems
Complex Systems
Development Process
Three-V-Model
Security Context Parameters

Download conference paper PDF

References

EUROCAE / SAE: Certification considerations for highly-integrated or complex aircraft systems. EUROCAE ED-79 / SAE ARP-4754 (1996)
Google Scholar
EUROCAE / SAE: Guidelines and methods for conducting the safety assessment process on civil airborne systems. EUROCAE ED-135 / SAE ARP-4761 (1996)
Google Scholar
Benz, S.: Eine Entwicklungsmethodik für sicherheitsrelevante Elektroniksysteme im Automobil. PhD thesis, Universität Karlsruhe, Karlsruhe (2004)
Google Scholar
EUROCAE / RTCA: Airworthiness security process specification. EUROCAE ED-202 / RTCA DO-326 (2010)
Google Scholar
Hintze, H., Tolksdorf, A., God, R.: Cabin core system - A next generation platform for combined electrical power and data services. In: Proceedings of 3rd International Workshop on Aircraft System Technologies, AST 2011, Hamburg, 221-231 (2011)
Google Scholar
Rosenberg, B.: Cabin Management Systems. Avionics Magazine, 26–30 (2010)
Google Scholar
Ebert, C.: Systematisches Requirements Engineering, 3rd edn. dpunkt.verlag, Heidelberg (2010)
Google Scholar
EASA / FAA: Equipment, systems, and installations. EASA Certification Standards 25.1309 / FAA Federal Aviation Regulations 25.1309
Google Scholar
ARINC: Network domain characteristics and interconnection. ARINC 664P5 – Aircraft data network part 5 (2005)
Google Scholar
ARINC: Commercial aircraft information security concepts of operation and process framework. ARINC Report 811 (2005)
Google Scholar
Air Transport Association: Information Standards for Aviation Maintenance. ATA Spec 2200 (2010)
Google Scholar
ISO/IEC: Information technology – Security techniques – Information security risk management. ISO/IEC 27005:2008 (2008)
Google Scholar
Blanquart, J.-P., Bieber, P., Descargues, G., Hazane, E., Julien, M., Léonardon, L.: Similarities and dissimilarities between safety levels and security levels. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-2.pdf
Nahorney, B.: The Downadup Codex - A comprehensive guide to the threat’s mechanics. In: Symantec - Security Response (2009), http://www.whitepapersdb.com/whitepapers/download/1207
Falliere, N., OMurchu, L., Chien, E.: W32.Stuxnet Dossier. In: Symantec - Security Response (2011), http://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf
Bieber, P., Blanquart, J.-P., Descargues, G., Dulucq, M., Fourastier, Y., Hazane, E., Julien, M., Léonardon, L.: Security and Safety Assurance for Aerospace Embedded Systems. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-1.pdf
Hintze, H., God, R.: A model-based security engineering process approach for the development of next generation cabin management systems (2013) (unpublished results)
Google Scholar

Download references

Author information

Authors and Affiliations

Institute of Aircraft Cabin Systems, TUHH, Hamburg, Germany
Hartmut Hintze, Benjamin Wiegraefe & Ralf God

Authors

Hartmut Hintze
View author publications
You can also search for this author in PubMed Google Scholar
Benjamin Wiegraefe
View author publications
You can also search for this author in PubMed Google Scholar
Ralf God
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

The University of Auckland, Private Bag 92019, 1142, Auckland, New Zealand
Lech J. Janczewski
University of Otago, P.O. Box 56, 9016, Dunedin, New Zealand
Henry B. Wolfe
The University of Tulsa, 800 South Tucker Drive, 74104-3189, Tulsa, OK, USA
Sujeet Shenoi

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Hintze, H., Wiegraefe, B., God, R. (2013). A Security Engineering Process Approach for the Future Development of Complex Aircraft Cabin Systems. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_15

Download citation

DOI: https://doi.org/10.1007/978-3-642-39218-4_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)