1 / 14

Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT

Electronic Flight Bag Security Use Case and Aircraft Security Simulator Presented by: Chris Riley, CISSP (DOT/Volpe). Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT. Electronic Flight Bag Threat Assessment.

jock
Download Presentation

Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Flight Bag Security Use Case and Aircraft Security Simulator • Presented by: Chris Riley, CISSP (DOT/Volpe) Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT

  2. Electronic Flight BagThreat Assessment

  3. Volpe/UK Communications and Electronics Security Group (CESG) EFB Project Objectives • Identify Security Threats to the EFB Environment using classic software techniques and tools • Define a repeatable process to associate security architectures within a system’s functional model • Produce security related requirements from identified threats • Produce commonly understood artifacts • Information Asset Characterization (FIPS 199) • Use Case and Mis-Use Case (UML2) • Risk Assessment (NIST 800-30)

  4. Analysis Approach • Develop an EFB Reference Implementation as a basis of Threat Assessment • Hold SME Workshops to: • Identify Function Thread of Interest (Performance Calculation) • Identify Functional Requirements of the thread within the context of the reference implementation. • Identify Information Assets for Functional Thread • Develop a Threat Assessment Approach leveraging UML Tools

  5. Applying Security Controls to UML Use Case Modeling • Use case is designed as a simple method to identify functional requirements. Security controls overly complicates the diagrams • Security controls introduce technology into a functional model clouding functional objectives • System decomposition requires a Domain Specific Language for Security to communicate requirements throughout the model • Model must be easily understood by functional SME’s while containing enough detail for security experts to assess threats

  6. EFB Risk Assessment Findings Summary

  7. Airborne Network Security Simulator (ANSS)

  8. Phase 2: Airborne Network Security Simulator (ANSS) Goals • Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems. • Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value. • Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community. • Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies. • Influence industry bodies on cyber security best practice with respect to specifications, procedures, and recommendations used by the industry.

  9. Air Traffic Service Providers Airline Airline 3rd Party Providers Passenger-Accessed 3rd Party Providers Current Situation CLOSED Aircraft Control Domain Air/Ground Datalink Service (e.g. ACARS) Control the Aircraft VHF / HF / SatCom Airline Info Services Domain Controlled Airport Network (e.g. Gatelink) PRIVATE Operate the Aircraft Wireless LAN Passenger Info & Entertainment Services Domain Air/Ground Broadband Network (e.g. INMARSAT) Relatively Uncontrolled Broadband / Cellular PUBLIC Passenger-Owned Devices Passenger Use Mission-critical aircraft systems have increased in complexity & bandwidth requirements, in some cases accessing the Internet

  10. ANSS Functional Components • Class 3 Electronic Flight Bag – Used as an Application Platform for realistic capability • Gatelink – Realistic Aircraft to Gate Connectivity • OPNet – Synthetic component development platform • AviationSimNet – Standards based approach to real-time linkage of external simulators

  11. Interfacing Standards - AviationSimNet • AviationSimNet is a distributed simulation bridging environment in that it allows dissimilar simulation environments to operate together in a single simulation domain. To accomplish this, AviationSimNet hosts voice and data communications that allow facilities to interoperate within the same domain. • AviationSimNet is focused towards supporting real-time human-in-the-loop Air Traffic Management simulations which can include a wide range of simulation components.

  12. Demonstration Scenario; Airline AOC to Aircraft AviationSimNet Via Internet Performance Calculation Performance Calculation Load & Balance Data Firewall Flight Mngt SystemSim Control Domain OPS Controller Operations Sim Information Domain External Training Simulator EFB Gatelink TWLU Passenger Domain ANSS Operational Enclave Aircraft Network ANSS at WSU

  13. Demonstration Scenario Hacker Final Pre-Flight Data Man-in-the-Middle device captures data and sends it to the Internet Modified Pre-Flight Data

  14. Kevin Harnett, Volpe Center Cyber Security Program Manger Email: kevin.harnett@dot.gov Email: Phone: 617-699-7086 Chris Riley, Volpe Center Cyber Security Researcher Email: riley@info-tools.com Email: Phone: 508-672-6032 Contact Information

More Related