Airworthiness Security Methods: Modeling and Highlighting Attack Paths in System and Software Architectures for Threat Scenario-Driven Security Analysis

Citation
43rd AIAA DATC/IEEE Digital Avionics Systems Conference, DASC 2024
Contribution to Conference
43rd AIAA DATC/IEEE Digital Avionics Systems Conference, DASC 2024  
Publisher DOI
10.1109/DASC62030.2024.10749693
Scopus ID
2-s2.0-85211244318
Publisher
IEEE
ISBN
9798350349610
The digitalization and increased connectivity of aircraft systems not only offer opportunities, such as optimizing business and operational processes as well as the introduction of novel services for passengers, but also pose new security-related risks to the system. As part of the security risks analysis which became mandatory for airworthiness security since the publication of the new certification specification CS-25.1319, threat scenarios and attack paths are defined to enable a more structured identification and assessment of security risks. In order to identify potential attack paths, it is necessary to examine the architectures that were created during the development of the system or the software. These architectures establish the prescribed pathways that an attacker is able to take due to the connection of the architectural elements. However, none of the available approaches for modeling attack paths link the attack paths to the architecture model. In this paper a novel approach for modeling attack paths and linking attack paths to the architecture model is presented. The Systems Modeling Language (SysML)-based approach extends the Risk Analysis and Assessment Modeling Language (RAAML) and introduces elements for modeling attack paths made of various attack actions and vulnerabilities as well as the asset under consideration. Furthermore, relationships are defined to link these attack path elements to the architecture and path segments encompassing the architectural elements. Moreover, the linkage between attack paths and the architectural elements is used to highlight the attack paths in the architectures by using tool-specific capabilities of Cameo Systems Modeler. The approach is exemplarily illustrated taking the example of a seat controller that is connected to the In-Flight Entertainment (IFE) system enabling the adjustment of the seat.
DDC Class
629.13: Aviation Engineering
005: Computer Programming, Programs, Data and Security