EFB RISK ASSESSMENT
-
Upload
bouchaibdolla4233 -
Category
Documents
-
view
182 -
download
2
Transcript of EFB RISK ASSESSMENT
Photos: C
orel, Photodisk; P
hotodisk; Photodisk; C
omstock; D
OT
Electronic Flight Bag Security Use Case and Aircraft Security SimulatorPresented by: Chris Riley, CISSP (DOT/Volpe)
1
Identify Security Threats to the EFB Environment using classic software techniques and tools
Define a repeatable process to associate security architectures within a system’s functional model
Produce security related requirements from identified threats
Produce commonly understood artifactso Information Asset Characterization (FIPS 199)oUse Case and Mis-Use Case (UML2)oRisk Assessment (NIST 800-30)
Volpe/UK Communications and Electronics Security Group (CESG) EFB Project Objectives
3
Develop an EFB Reference Implementation as a basis of Threat Assessment
Hold SME Workshops to:o Identify Function Thread of Interest (Performance
Calculation)o Identify Functional Requirements of the thread within the
context of the reference implementation.o Identify Information Assets for Functional Thread
Develop a Threat Assessment Approach leveraging UML Tools
Analysis Approach
4
Use case is designed as a simple method to identify functional requirements. Security controls overly complicates the diagrams
Security controls introduce technology into a functional model clouding functional objectives
System decomposition requires a Domain Specific Language for Security to communicate requirements throughout the model
Model must be easily understood by functional SME’s while containing enough detail for security experts to assess threats
Applying Security Controls to UML Use Case Modeling
5
Description Example Mitigations
Information Integrity and Authenticity - Third party information providers should provide different strength of controls based on the criticality of information to EFB Operations and timeliness of delivery
Digital Signatures, Virus Scanning, Transfer over authenticated/encrypted channels, Media Handling and Authenticity Procedures such as signature verification and media destruction
COTS Security Baseline Configuration and Management- Several paths to the EFB could make the Windows Environment un-reliable. Adopt Security Baselines, integrity tools (e.g. virus scan) and patch management to ensure reliability.
Center for Internet Security COTS Baselines, NIST Security Configuration Checklists Repository; Standardized Provisioning and Patch Management.
Device Authentication / Trust Paths - Operations such as Data Load have specific trust relationships with EFB. Additional controls should augment ARINC 615a to ensure software or data is not loaded from an un-authorized device
Transfer software and data via a digital authenticated point to point channel such as a VPN, Consider host-based firewalls
Platform Integrity / Application Authorization - Checksum technology verifies integrity of a source, it does not imply the application is authorized.
AntiVirus and Integrity Checkers can verify the integrity of the platform. Signed Applications can ensure applications are authorized to operate on the platform.
EFB Risk AssessmentFindings Summary
6
Phase 2: Airborne Network Security Simulator (ANSS) Goals
• Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems.
• Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value.
• Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community.
• Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies.
• Influence industry bodies on cyber security best practice with respect to specifications, procedures, and recommendations used by the industry.
8
Current Situation
CLOSED
PRIVATE
PUBLIC
Control the Aircraft
Operate the Aircraft
Passenger Use
Controlled
Relatively Uncontrolled
Passenger-Owned Devices
Aircraft Control Domain
Airline Info Services Domain
Passenger Info & Entertainment Services Domain
VHF / HF / SatComVHF / HF / SatCom
Wireless LANWireless LAN
Broadband / CellularBroadband / Cellular
AirlineAirlineAir Traffic
Service Providers
Air Traffic Service
Providers
Passenger-Accessed 3rd
Party Providers
Passenger-Accessed 3rd
Party Providers
Airline 3rd Party
Providers
Airline 3rd Party
Providers
Air/Ground Broadband
Network (e.g.
INMARSAT)
Air/Ground Broadband
Network (e.g.
INMARSAT)
Airport Network
(e.g. Gatelink)
Airport Network
(e.g. Gatelink)
Air/Ground Datalink Service
(e.g. ACARS)
Air/Ground Datalink Service
(e.g. ACARS)
Mission-critical aircraft systems have increased in complexity & bandwidth requirements, in some cases accessing the InternetMission-critical aircraft systems have increased in complexity & bandwidth requirements, in some cases accessing the Internet
9
ANSS Functional Components
• Class 3 Electronic Flight Bag – Used as an Application Platform for realistic capability
• Gatelink – Realistic Aircraft to Gate Connectivity
• OPNet – Synthetic component development platform
• AviationSimNet – Standards based approach to real-time linkage of external simulators
10
Interfacing Standards - AviationSimNet
• AviationSimNet is a distributed simulation bridging environment in that it allows dissimilar simulation environments to operate together in a single simulation domain. To accomplish this, AviationSimNet hosts voice and data communications that allow facilities to interoperate within the same domain.
• AviationSimNet is focused towards supporting real-time human-in-the-loop Air Traffic Management simulations which can include a wide range of simulation components.
11
Demonstration Scenario; Airline AOC to AircraftAviationSimNet
ViaInternet
AviationSimNetVia
Internet
External Training
Simulator
OperationsSim
Flight Mngt
SystemSim
ANSS at WSU
ANSS Operational
Enclave
Gatelink
OPSController
Firewall
Aircraft Network
Control Domain
Information Domain
Passenger Domain
TWLU EFB
Load & Balance
Data
PerformanceCalculation
PerformanceCalculation
12
Demonstration Scenario
Final Pre-Flight Data
Man-in-the-Middle device captures data and sends it to
the Internet
Man-in-the-Middle device captures data and sends it to
the Internet Modified Pre-Flight Data
Hacker
13
• Kevin Harnett, Volpe Center Cyber Security Program Manger– Email: [email protected]– Email: Phone: 617-699-7086
• Chris Riley, Volpe Center Cyber Security Researcher– Email: [email protected]– Email: Phone: 508-672-6032
Contact Information
14