Challenges of meeting software and hardware diversity requirements in aviation security standard ED‑203A/DO‑356A
Adrian Waller
Security Expert, Thales UK and Visiting Professor, University of Surrey
The impact severity of potential safety and security risks in the aviation domain drives the need for high integrity/assurance systems. Whilst standards for safety in the aviation domain are mature and well understood, standards for security are currently being developed and established. Many principles providing safety assurance can also provide security assurance. However, where safety focusses on assurance against unintentionally caused failures, security must also consider deliberate attack. Attacks that could cause common mode failures are a particular concern, where the same vulnerability is exploited within two or more components causing them to fail at the same time.
ED-203A/DO-356A requires that where multiple Security Measures are adopted to defend against a threat, they should be sufficiently diverse to provide resilience against such common mode failures. Indeed, for the highest impact severity of Catastrophic, the standard requires that multiple independent, isolated and diverse Security Measures should be deployed. Unfortunately, little guidance is provided in the standard regarding how to meet this requirement.
This poses challenges to industry, including: how to measure or otherwise quantify diversity, how to introduce diversity where appropriate, and how to ensure that the introduction of diversity does not actually have a negative impact on security or safety through introducing additional complexity.
This talk will describe recent research within the HICLASS project producing guidance for industry on how to tackle this requirement and address these challenges. As part of this, it will consider how software and hardware diversity could be achieved, including methods for software and hardware diversity and architectural patterns to achieve different security objectives (e.g. availability versus integrity). Furthermore, it will highlight issues that may prevent or discourage industry from meeting this diversity requirement, provide examples of how diversity can have a negative impact on safety and/or security, and discuss alternative arguments that could be applied instead of diversity.
About Adrian Waller
Adrian Waller has been a researcher at Thales Research, Technology and Innovation for over 25 years, and is a recognised Thales Expert in Research and Innovation aspects of security. His work has spanned many areas of security, albeit with core interests in cryptography, security architecture and security assurance. He has published many research papers and is the holder of several patents in areas ranging from homomorphic encryption to risk assessment in avionics communications products. Adrian has been actively involved in EUROCAE WG-72 for many years and has contributed to the development of the aviation security standards it has developed, including ED-203A. Adrian is also a Visiting Professor at the Department of Computer Science at the University of Surrey.