Journal of the Korean Society for Aeronautical & Space Sciences (한국항공우주학회지)

The Korean Society for Aeronautical and Space Sciences (한국항공우주학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Integrated Airworthiness Certification Criteria for Avionics Software Safety and Security

항공소프트웨어 안전과 보안을 위한 통합 감항 인증기준 개발 연구

  • Han, Man-Goon (Department of Aerospace Software Engineering, Hanseo University) ;
  • Park, Tae-Kyou (Department of Aerospace Software Engineering, Hanseo University)
  • Received : 2017.09.27
  • Accepted : 2017.12.04
  • Published : 2018.01.01
Download PDF
⟨ Previous Next ⟩

Abstract

As the use of software is increasing in aircraft system, an exposure to the threat of safety and security also continues to grow. Although certification criteria for software safety such as DO-178C have already been established, specific certification criteria for software security have not yet been included. Recently DO-326A, DO-356 and DO-355 have been published separately for aircraft and system airworthiness security certification criteria. However, to comply individual certification criteria and procedures, it requires the additional cost and effort. Therefore, this paper proposes the efficient integrated certification criteria saving cost, effort and time by combining the certification criteria for software safety and security.

항공기 시스템에서 소프트웨어의 사용이 증가 추세에 있어 안전 및 보안 위협에 대한 노출이 점차 증대되고 있다. 소프트웨어 안전에 관한 인증기준은 DO-178C가 발표되었으나, 소프트웨어 보안을 위한 인증기준은 포함되어 있지 않다. 한편 최근 항공기 및 시스템 감항 보안 인증기준으로 DO-326A, DO-356 및 DO-355가 별도로 발표되었다. 그러나 안전과 보안의 인증을 위해 각각의 기준과 절차를 준수함으로써 별도의 비용과 노력이 요구되는 실정이다. 따라서 본 논문에서는 안전과 보안을 위한 각각의 인증기준을 하나로 통합하여 비용, 노력 및 시간 등을 감소시킬 수 있는 효율적인 통합인증 방안을 제시하고자 한다.

Keywords

References

  1. Paul Skentzos, DornerWorks, Ltd., "Software safety and security best practices : a case study from aerospace," 2014 NDIA Ground Vehicle Systems Engineering and Technology Symposium, August 12-14, 2014.
  2. Thompson Aerospace, "Aircraft Information Technology made Straightforward and Secure," Thompson Aerospace, 2017.
  3. Laurent Fabre and Jeff Joyce, Critical Systems Labs, "Integration of Security and Airworthiness in the Context of Certification and Standardization," SafeComp 2014-ISSE workshop, Sep. 8, 2014.
  4. Youssef Laarouchi, Yves Deswarte, David Powell, Jean Arlat, Eric De Nadai, "Ensuring safety and security for avionics: a case study," DASIA 2009 Conference, Data Systems in Aerospace, May 26-29, 2009, pp.1.
  5. Unite States Airforce Scientific Board, "Report on sustaining air force aging aircraft into the 21st century," 2011.
  6. Johnson, L. A. "DO-178B, Software considerations in airborne systems and equipment certification," 1998,
  7. RTCA. DO-178B, Software Considerations in Airborne Systems and Equipment Certification, RTCA, 1992.
  8. RTCA. DO-178C, Software Considerations in Airborne Systems and Equipment Certification, RTCA, 2011.
  9. Youn, Won-Keun, Yi, Baek-Jun, "Development trend of software certification technology for the safety of avionic system", Current Industrial and Technological Trends in Aerospace, Vol. 11, 2013, pp.192-193.
  10. RTCA, DO-326A, Airworthiness Security Process Specification, Aug. 6, 2014, pp.35-36.
  11. Troy, E. F., "Common Criteria: Launching the International Standards," NIST, 1998.
  12. Joe Wlad, LynuxWorks, "DO-178B and the Common Criteria: Future Security Levels," COTS Journal , 2009, pp.4.
  13. NIST, Common Criteria for Information Security Evaluation. Parts 1, 2, 3, NIST, 1999.
  14. NIST, Common Criteria User Guide, NIST, 1999.
  15. Carol Taylor, Jim Alves-Foss, and Bob Rinker, "Merging safety and assurance: the process of dual certification for software," High Integrity Software, 2002, pp.8.
  16. RTCA, DO-356, Airworthiness Security Methods and Considerations, Sep. 23, 2014.
  17. RTCA, DO-355, Information Security Guidance for Continuing Airworthiness, June 17, 2014.
  18. Stephane Paul et al, "Recommendations for security and safety co-engineering(release $n^{\circ}3$)," 2016.