By Darren Cummings, DoD/Cyber Leader
Modern aviation platforms have a staggering array of individual systems that perform every function from flight control and safety to communication, performance management, passenger comfort, and even entertainment. These systems, which often each contain millions or tens of millions of lines of code, work together to form a “system-of-systems” that provides the full range of capabilities for the platform’s stakeholders. System-of-systems security testing, which is essential in today’s landscape of increased threats, differs from the validation of individual components and is challenging in a number of ways. Aviation manufacturers and integrators need to adopt system-of-system methodologies including a focus on security testing technologies, like Performance Software’s JETS Defense, that can accommodate full system-of-systems security testing to validate their security-by-design engineering practices.
One challenge in system-of-systems testing is the diversity of hardware and software platforms involved as well as the respective supply chains involved. While individual systems, including virtualization techniques, are often developed using a monolithic set of processors, operating systems and programming languages suitable to the relevant system domain, system-of-systems integrate an assortment of different special-purpose technologies. For example, an aircraft’s flight control and avionics systems may require specialized real-time processors and software; in less life-and-safety critical applications, COTS technologies are often deployed to improve maintainability and reduce cost. As a consequence, point solutions for security testing of specific computing platforms and operating systems cannot fully accomplish system-of-systems security testing. Hackers and other adversaries employ methods much like in the world of IT systems to use weak links to ultimately compromise their intended target. Virtualization solutions, capable of emulating a wide variety of processor and OS configurations, can help to bridge this gap.
Stakeholder concerns can also come into competition in a system-of-systems. A modern aviation platform has many categories of stakeholders, including manufacturer/integrators, flight and maintenance crews, airline operations, revenue and marketing departments, regulatory bodies and the flying public. Often, these tensions translate into security concerns, including whether systems should be integrated or independent, whether data should be shared or isolated, and how critical components can be protected from the ever-increasing number of external data sources and communications channels. As a result, a multitude of design and implementation tradeoffs are made in developing a system. Developers need a system that can inject faults at the various system boundaries and observe and measure the effect they have on the overall system-of-systems. Making use of partially or fully-virtualized system-of-systems adds needed visibility in order to effectively evaluate competing functionality and security concerns. Much like in the world of IT, more of a threat-hunting mindset needs to be applied to these system-of-system embedded platforms.
Finally, system integration itself can present new security challenges. Often, loosely coupled systems communicate through formally specified interfaces such as ICDs. Different developer teams and, in some cases, different vendors, are responsible for meeting a common communication and data standard. As we have learned painfully through decades in the web and networking world, protocols and formats can have a variety of interpretations, and where implementations differ, security concerns often arise. System-of-systems boundaries are particularly vulnerable to input validation attacks like buffer overflows, but a lack of cross-platform testing technologies often limits the search for these kinds of vulnerabilities. Techniques like fault-injection significantly improve our chances of discovering them, so integrators need tools capable of both monitoring and modifying communications on system boundaries.
JETS Defense offers each of these capabilities to aviation integrators looking to add system-of-systems security testing to their development processes. Supporting both full and partial virtualization of a wide variety of aircraft systems, JETS Defense can serve as a “System of Systems Test Bench,” gaining increased visibility into existing testing through greater instrumentation, and injecting potential security flaws at internal or external system boundaries. With the power of virtualization, JETS Defense users will be able to carry out testing across the whole cyber kill chain, effectively simulating, and thwarting external attackers. To learn more about Performance Software’s JETS Defense, contact us today.