Abstract
Due to increasing functionality associated with rising complexity of aircraft cabin systems which are used by cabin crew, passengers, maintenance staff and other stakeholders, security engineering has to become an integral part of the system engineering process in aviation industry. This paper deals with a security engineering process approach for the development of complex aircraft systems, which is fully integrated into the development process. As an appropriate process model we introduce the so called three-V-model, which represents the governing system engineering process (SEP) associated with the safety engineering process (SafEP) and the security engineering process (SecEP). All three processes are pursued concurrently and are interacting reciprocally on each development level with the predominant SEP. We describe in detail involved security engineering activities and finally demonstrate how the interaction between the SEP and the SecEP is improved and optimized by the use of so called security context parameters (SCPs).
Chapter PDF
Similar content being viewed by others
Keywords
References
EUROCAE / SAE: Certification considerations for highly-integrated or complex aircraft systems. EUROCAE ED-79 / SAE ARP-4754 (1996)
EUROCAE / SAE: Guidelines and methods for conducting the safety assessment process on civil airborne systems. EUROCAE ED-135 / SAE ARP-4761 (1996)
Benz, S.: Eine Entwicklungsmethodik für sicherheitsrelevante Elektroniksysteme im Automobil. PhD thesis, Universität Karlsruhe, Karlsruhe (2004)
EUROCAE / RTCA: Airworthiness security process specification. EUROCAE ED-202 / RTCA DO-326 (2010)
Hintze, H., Tolksdorf, A., God, R.: Cabin core system - A next generation platform for combined electrical power and data services. In: Proceedings of 3rd International Workshop on Aircraft System Technologies, AST 2011, Hamburg, 221-231 (2011)
Rosenberg, B.: Cabin Management Systems. Avionics Magazine, 26–30 (2010)
Ebert, C.: Systematisches Requirements Engineering, 3rd edn. dpunkt.verlag, Heidelberg (2010)
EASA / FAA: Equipment, systems, and installations. EASA Certification Standards 25.1309 / FAA Federal Aviation Regulations 25.1309
ARINC: Network domain characteristics and interconnection. ARINC 664P5 – Aircraft data network part 5 (2005)
ARINC: Commercial aircraft information security concepts of operation and process framework. ARINC Report 811 (2005)
Air Transport Association: Information Standards for Aviation Maintenance. ATA Spec 2200 (2010)
ISO/IEC: Information technology – Security techniques – Information security risk management. ISO/IEC 27005:2008 (2008)
Blanquart, J.-P., Bieber, P., Descargues, G., Hazane, E., Julien, M., Léonardon, L.: Similarities and dissimilarities between safety levels and security levels. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-2.pdf
Nahorney, B.: The Downadup Codex - A comprehensive guide to the threat’s mechanics. In: Symantec - Security Response (2009), http://www.whitepapersdb.com/whitepapers/download/1207
Falliere, N., OMurchu, L., Chien, E.: W32.Stuxnet Dossier. In: Symantec - Security Response (2011), http://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf
Bieber, P., Blanquart, J.-P., Descargues, G., Dulucq, M., Fourastier, Y., Hazane, E., Julien, M., Léonardon, L.: Security and Safety Assurance for Aerospace Embedded Systems. In: Embedded Real Time Software and Systems, ERTS 2012 (2012), http://www.erts2012.org/site/0P2RUC89/8A-1.pdf
Hintze, H., God, R.: A model-based security engineering process approach for the development of next generation cabin management systems (2013) (unpublished results)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hintze, H., Wiegraefe, B., God, R. (2013). A Security Engineering Process Approach for the Future Development of Complex Aircraft Cabin Systems. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds) Security and Privacy Protection in Information Processing Systems. SEC 2013. IFIP Advances in Information and Communication Technology, vol 405. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39218-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-39218-4_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39217-7
Online ISBN: 978-3-642-39218-4
eBook Packages: Computer ScienceComputer Science (R0)