Search Results

We describe how we apply the SAE AS 5506 Architecture and Analysis Design Language (AADL) [4] to reason about contextual and architectural concerns for cyber security. A system’s cyber security certification requires verification that the system’s cyber security mechanisms are correct, non-bypassable, and tamper-resistant. We can verify correctness by examining the mechanism itself, but verifying the other qualities requires us to examine the context in which that mechanism resides. Understanding that context and validating the system’s evolving design against that context is an objective for the Architecture Centric Virtual Integration Process (ACVIP), an AADL-based approach to model and detect system design defects before they become too costly to fix. We describe our work to apply AADL to assess non-bypassability and tamper-resistance. The results of our research - tool plugins for cyber security architectural validation - support system developers today in their ACVIP activities.

Abstract Despite more and more rigorous defense mechanisms in place for cyber-physical systems, cybercriminals are increasingly attacking systems for benefits using a variety of means including malware, phishing, ransomware, and denial of service. Cyberattacks could not only cause significant economic loss but also disastrous consequences for individuals and organizations. Therefore, it is advantageous to detect and fix potential cyber vulnerabilities before the system is fielded. To this end, this article presents a language, VERDICT, and a novel framework, Cyber Vulnerability Analysis Framework (CyVAF) to (i) define cyber threats and mitigation defenses based on system properties, (ii) detect cyber vulnerabilities of system architecture automatically, and also (iii) suggest mitigation defenses. VERDICT is developed as an annex to the Architecture Analysis and Design Language (AADL) but can also be used independently.

This document defines a standard implementation for strong client authentication and encryption of Wi-Fi-based client connections to onboard Wireless LAN (WLAN) networks. WLAN networks may consist of multi-purpose inflight entertainment system networks operating in the Passenger Information and Entertainment System (PIES) domain, dedicated aircraft cabin wireless networks or localized Aircraft Integrated Data (AID) devices operating in the Aircraft Information Services (AIS) domain. The purpose of this document is to focus on the client devices requiring connections to these networks such as electronic flight bags, flight attendant mobile devices, onboard Internet of Things (IoT) devices, AID devices (acting as clients) and mobile maintenance devices. Passenger devices are not within the focus of this document.

Cyber security in the aviation industry, especially in relation to onboard aircraft systems, presents unique challenges in its implementation and management. The cyber threat model is constantly evolving and will continually present new and different challenges to the aircraft operator in responding to new cyber threats without either invoking a lengthy software update and re-certification process or limiting aircraft-to-ground communications to the threatened system or systems. This presentation discusses a number of system architectural options and developing technologies that could be considered to enhance the aircraft cyber protection and defensive capabilities of onboard systems as well as to minimize the effort associated with certification/re-certification. Some of these limit the aircraft?s vulnerabilities or in cyber terms, its ?threat surface?.

The aircraft lifecycle involves thousands of transactions and an enormous amount of data being exchanged across the stakeholders in the aircraft ecosystem. This data pertains to various aircraft life cycle stages such as design, manufacturing, certification, operations, maintenance, and disposal of the aircraft. All participants in the aerospace ecosystem want to leverage the data to deliver insight and add value to their customers through existing and new services while protecting their own intellectual property. The exchange of data between stakeholders in the ecosystem is involved and growing exponentially. This necessitates the need for standards on data interoperability to support efficient maintenance, logistics, operations, and design improvements for both commercial and military aircraft ecosystems. A digital thread defines an approach and a system which connects the data flows and represents a holistic view of an asset data across its lifecycle.

This brief User Guide recaps the content of the AS6518B UCS Architectural Model. The purpose of the UCS Architecture Model is to provide the authoritative source for other models and products within the UCS Architecture as shown in the AS6512B UCS Architecture: Architecture Description.

This specification establishes process controls for the repeatable production of aerospace parts by Electron Beam Powder Bed Fusion (EB-PBF). It is intended to be used for aerospace parts manufactured using additive manufacturing (AM) metal alloys, but usage is not limited to such applications.

This SAE Aerospace Recommended Practice (ARP) provides insights on how to perform a Cost Benefit Analysis (CBA) to determine the Return on Investment (ROI) that would result from implementing a blockchain solution to a new or an existing business process. The word “blockchain” refers to a method of documenting when data transactions occur using a distributed ledger with desired immutable qualities. The scope of the current document is on enterprise blockchain which gives the benefit of standardized cryptography, legal enforceability and regulatory compliance. The document analyzes the complexity involved with this technology, lists some of the different approaches that can be used for conducting a CBA, and differentiates its analysis depending on whether the application uses a public or a private distributed network.

Abstract Threat identification and security analysis have become mandatory steps in the engineering design process of high-assurance systems, where successful cyberattacks can lead to hazardous property damage or loss of lives. This article describes a novel approach to perform security analysis on embedded systems modeled at the architectural level. The tool, called Security Threat Evaluation and Mitigation (STEM), associates threats from the Common Attack Pattern Enumeration and Classification (CAPEC) library with components and connections and suggests potential defense patterns from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security standard. This article also provides an illustrative example based on a drone package delivery system modeled in AADL.

Significant growth of Unmanned Aerial Vehicles (UAV) has unlocked many services and applications opportunities in the healthcare sector. Aerial transportation of medical cargo delivery can be an effective and alternative way to ground-based transport systems in times of emergency. To improve the security and the trust of such aerial transportation systems, Blockchain can be used as a potential technology to manage, operate and monitor the entire process. In this paper, we present a blockchain network solution based on Ethereum for the transportation of medical cargo such as blood, medicines, vaccines, etc. The smart contract solution developed in solidity language was tested using the Truffle program. Ganache blockchain test network was employed to host the blockchain network and test the operation of the proposed blockchain model. The suitability of the model is validated in real-time using a UAV and all the flight data are captured and uploaded into the blockchain.

Abstract Identity-Anonymized CAN (IA-CAN) protocol is a secure CAN protocol, which provides the sender authentication by inserting a secret sequence of anonymous IDs (A-IDs) shared among the communication nodes. To prevent malicious attacks from the IA-CAN protocol, a secure and robust system error recovery mechanism is required. This article presents a central management method of IA-CAN, named the IA-CAN with a global A-ID, where a gateway plays a central role in the session initiation and system error recovery. Each ECU self-diagnoses the system errors, and (if an error happens) it automatically resynchronizes its A-ID generation by acquiring the recovery information from the gateway. We prototype both a hardware version of an IA-CAN controller and a system for the IA-CAN with a global A-ID using the controller to verify our concept.

In the past, aircraft network design did not demand for information security considerations. The aircraft systems were simple, obscure, proprietary and, most importantly for security, the systems have been either physically isolated or they have been connected by directed communication links. The union of the aircraft systems thus formed a federated network. These properties are in sharp contrast with today’s system designs, which rest upon platform-based solutions with shared resources being interconnected by a massively meshed and shared communication network. The resulting connectivity and the high number of interfaces require an in-depth security analysis as the systems also provide functions that are required for the safe operation of the aircraft. This network design evolution, however, resulted in an iterative and continuous adaption of existing network solutions as these have not been developed from scratch.

As cyber attacks become more frequent at all levels, the commercial aviation industry is gearing up to respond accordingly. Commercial Aviation and Cyber Security: A Critical Intersection is a timely contribution to those responsible for keeping aircraft and infrastructure safe. It covers areas of vital interest such as aircraft communications, next-gen air transportation systems, the impact of the Internet of Things (IoT), regulations, the efforts being developed by the Federal Aviation Administration (FAA), and other regulatory bodies. The book also collects important information on the best practices already adopted by other industries such as utilities, defense and the National Highway Traffic Safety Administration in the US. It equally addresses risk management, response plans to cyber attacks, managing supply chains and their cyber- security flaws, personnel training, and the sharing of information among industry players.

This document applies to the development of Plans for integrating and managing COTS assemblies in electronic equipment and Systems for the commercial, military, and space markets; as well as other ADHP markets that wish to use this document. For purposes of this document, COTS assemblies are viewed as electronic assemblies such as printed wiring assemblies, relays, disk drives, LCD matrices, VME circuit cards, servers, printers, laptop computers, etc. There are many ways to categorize COTS assemblies1, including the following spectrum: At one end of the spectrum are COTS assemblies whose design, internal parts2, materials, configuration control, traceability, reliability, and qualification methods are at least partially controlled, or influenced, by ADHP customers (either individually or collectively). An example at this end of the spectrum is a VME circuit card assembly.

As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)

This aerospace standard outlines the minimum requirements for the quality assurance program of a distributor of new aircraft or aerospace parts and material. It is designed to aid in the surveillance and accreditation of a distributor who procures new parts and materials and resells these products to customers or other distributors in the aviation or aerospace industry, i.e., a PASS THROUGH distributor. This standard may be used to determine the adequacy and implementation of the distributor’s quality assurance program.

This document is the Architecture Description (AD) for the SAE Unmanned Systems (UxS) Control Segment (UCS) Architecture Library Revision A or, simply, the UCS Architecture. The architecture is expressed by a library of SAE publications as referenced herein. The other publications in the UCS Architecture Library Revision A are: AS6513A, AS6518A, AS6522A, and AS6969A.

This document describes a process for use by ADHP integrators of EEE parts and sub-assemblies (items) that have been targeted for other applications. This document does not describe specific tests to be conducted, sample sizes to be used, nor results to be obtained; instead, it describes a process to define and accomplish application-specific qualification; that provides confidence to both the ADHP integrators, and the integrators’ customers, that the item will performs its function(s) reliably in the ADHP application.