By Darren Cummings, DoD/Cyber Leader
In the last several decades, the avionics industry, like the electronics industry, has undergone a transformation from vertically integrated platforms to a truly global supply chain based on commodity components and just-in-time manufacturing. This transformation has dramatically reduced the cost and increased the capability of systems, but international sourcing presents avionics security challenges, especially in high-integrity and mission-critical systems. Foreign manufactured components, especially from low-cost, high-risk source countries, may not meet specifications for performance or reliability. In some instances, parts may even be counterfeit or recycled from electronic waste. Worse still, they may contain intentionally inserted vulnerabilities, particularly when it is known they will make their way into defense, surveillance, or commercial aviation platforms. High-profile systems, including the Traffic Alert and Collision Avoidance Systems (TCAS) for Global Hawk drones, Excalibur (an extended range artillery projectile), the Navy Integrated Submarine Imaging System, and the Army Stryker Mobile Gun, have already been victims of supply-chain attacks.
In order to protect against this category of attacks, it is critical that avionics manufacturers and defense system integrators adopt modern, security-sensitive development practices to detect malicious components before they are integrated into operational systems. One strategy that is particularly effective in detecting malicious component behavior is vulnerability assessment using virtualization. Virtualization and DevOps practices are already revolutionizing development and maintenance of systems in the cloud software and enterprise IT marketplaces due to their easy adoption, support for secure development practices, and higher overall quality. Comprehensive virtualization for embedded aviation and real-time processing has only recently become available.
Virtualization helps integrators develop secure systems using a global supply chain in a number of ways. First, suspicious components can be isolated and their behavior can be tested and observed for poor quality, intermittent failures, or malicious behaviors. That’s because virtual machines allow for increased introspection on the component boundary, including step-by-step instruction and message verification if necessary. Some virtualization platforms even allow for synchronization of “real-time” events in the virtual environment. Virtualization can also be used to perform scalable testing of a component’s interfaces. Replicating virtual machines is easier and more cost-effective than real hardware, and virtual machines can be easily reset to a known good state. When combined with high-coverage strategies like fault injection and fuzz testing, intermittent failures and latent security defects are more easily discovered.
Finally, virtualization can become a key part of a high assurance environment. Since virtualization allows for full isolation between components, high-risk systems or the interfaces to them can be partially emulated. This can be performed both for modules sourced from high-risk suppliers or countries, and for items that have a different operational security profile, including sensors and communications systems that take data from external sources. Virtualization can be used to limit the access data flows from these components to mission-critical systems such as flight control, navigation, and weapons management. Side-channel attacks that leak critical data can be detected, and interfaces can be monitored invisibly by the virtual environment. As systems become increasingly net-centric and always online, virtualization can provide an added layer of assurance to keep operational systems safe and mission-effective throughout their lifecycle.
Ready to learn more about virtualization and avionics security? Contact Performance Software to speak with one of our experts.