Cyber Security

Complex Systems Assurance

D-RisQ is researching various techniques for cyber security. These are largely focused on meeting airworthiness standards such as DO-326A/ED-202A, DO-355/ED-204 and DO-356A/ED-203A.

The first aim is to understand how to schedule security activities such as security analysis and security development, such that they can efficiently interact with aircraft and systems development and safety processes. There are a number of feedback and feed forward interactions between all these activities with the potential to seriously disrupt development. If the development of security, safety and systems are not well managed, the potential for cost overruns is significant, especially as this is a regulated environment.

The development processes also need to ensure that they can be reactive to events. As threats evolve, changes to architecture will be expensive to incorporate. Designs therefore need to be flexible. D-RisQ has been developing techniques to aid compliance with these standards.

WATCH OUR latest Digital Security video

As part of the Digital Security by Design project run by D-Risq called CHERI Stone, we were interviewed on our thoughts on the CHERI/Morello programme. The Capability Hardware Enhanced Risk Instruction set architecture (CHERI) project had produced an Instruction Set Architecture which provides a means for managing memory safety through the introduction of ‘capabilities’. The Morello programme run by Arm is producing an example prototype hardware board with a firmware stack to enable use of the hardware.

This firmware will need to be assessed as part of any use in a regulated industry. As the clearest and most mature set of standards are in aerospace and support airworthiness certification, it was decided to use these as the basis for assessment of the Morello software in regard to both safety and security. Since 1992, the air worthiness of software has been focused on safety using RTCA/DO178B/C but increasingly the security aspects of airworthiness has been more of a concern and RTCA/DO-326A and related documents often have to be met.

The project could not assess every aspect of the available firmware. The two sets of Morello software selected for assessment and using standard aerospace practices were Trusted Firmware-A and SCP. The approach has been to use the Federal Aviation Agency (FAA) Job Aid for assessment if the software against DO-178C. There is no equivalent for DO-326A, so an informal compliance assessment will be undertaken. An open paper is available from D-RisQ on application.