Browse Publications Technical Papers 2017-01-2103

Secure Deterministic L2/L3 Ethernet Networking for Integrated Architectures 2017-01-2103

Cybersecurity attacks exploit vulnerabilities related to the increased complexity and connectivity of critical infrastructure systems. This paper investigates the context and use of key security technologies, processes, challenges and use cases for the design of advanced integrated architectures with security, safety, and real-time performance considerations. In such architectures, deterministic Ethernet standards are used as a baseline for system integration in closed embedded systems or open mixed criticality systems.
Security-informed safety development processes for integrated architectures are required to prevent catastrophic failures caused by environmental and cyber threats, due to expanding number of security vulnerabilities in complex and increasingly open systems. State-of-art safety/security processes for integrated systems in cross-industry environments are considered and similarities examined, for different types of integrated architectures.
In integrated systems and IMA which share common resources, multi-level secure systems and composable modular architectures such as MILS based on separation kernels and ARINC653 API are gaining importance for design of safe and secure distributed applications with real-time performance requirements. Network security is a core component of the overall cyber-security and defense-in-depth capability for distributed architectures. Protection mechanism for information, interface and system integrity, communication availability, and data confidentiality are required for design of safe and secure integrated embedded infrastructure. In deterministic Ethernet networks with Time-Triggered Ethernet (SAE AS6802) and ARINC664 services can actively support security measures for mixed-criticality applications.
The network partitioning, dataflow isolation, configuration protection, per-flow traffic policing, link and end-to-end encryptions or authentication, and internal network device partitioned architecture can be useful for design of open networked systems which can also accept previously unknown soft-time or bursty traffic, while hosting highly critical functions with temporal boundaries.
After an overview of security issues in networks within integrated architectures, this paper continues with discussion of MACsec and IPsec mechanisms, packet firewalls, secure shells and Denial-Of-Service (DoS) protection mechanisms for secure and deterministic L2/L3 networking.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 18% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Cyberattacks and Countermeasures for Intelligent and Connected Vehicles


View Details


The New Era of Infotainment Systems


View Details


Cyber Security in the Automotive Domain – An Overview


View Details