Cyber Security Concerns Regarding Federated, Partly IMA and Full IMA Implementations

2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC) Pub Date : 2019-09-01 DOI:10.1109/DASC43569.2019.9081614

Arman Uncu, Serdar Üzümcü, A. A. Mert

{"title":"Cyber Security Concerns Regarding Federated, Partly IMA and Full IMA Implementations","authors":"Arman Uncu, Serdar Üzümcü, A. A. Mert","doi":"10.1109/DASC43569.2019.9081614","DOIUrl":null,"url":null,"abstract":"Integrated Modular Avionics implementations are increasing in modern aircraft systems against the usage of federated architecture. The reduction of amount of LRU's (Line Replace Units) in the aircraft platform system gives the advantage of reduced recurring costs, reduced logistic and maintenance cost. Reduced number of equipment has also weight and size saving which is very important for avionic developments. On the other hand the IMA implementation cause to an increased complexity with higher level of integration and more abstraction of the functions. In federated architecture implementation each function is deployed on its own computer. The integration of functions on dedicated boards within one equipment, called here as partly IMA implementation, has the advantage of a very good functional segregation, but some overall concepts needs to be clarified such as equipment power reset which will be more complex than the federated architecture. It has also the advantage that on each board the RTOS can be selected indepently. On the standard IMA execution, called here as full IMA implementation each function is deployed on its own partition, but the usage of share resources have to be clarified. Due to the IMA standard time and space segregation is guaranteed from other functions of the core. Cyber attacks can target any subsystem in the aircraft which includes software and could lead to catastrophic failures. Examples of functions enabled by software include powering a system on and off, maintaining cabin pressure level, or controlling attitude. An attacker could potentially manipulate data in these systems. The cyber-attack potentials for different architectures as federated, partly and full IMA systems differs as well as the countermeasure mechanism. For federated architecture systems the manipulation of transmitted data over the data busses could lead to a malfunction in the system. To prevent such manipulation different sensor information from different sources and data busses could be used, but this will increase LRU amount and cabling weight. A denial of service attack could prevent use of information of the network data. The partly IMA concept is more robust regarding the manipulation of transmitted data. Due to the availability of selection of RTOS possible a higher number of different OS could be used, which increase the number of exploits and possible attacks. Within the full IMA concept, where third party applications are used, the injection of malware which leads to manipulation of the scheduling mechanism could effect the whole system operation. A common way to detect such an attack is to review logs of system activity looking for unusual occurrences.","PeriodicalId":129864,"journal":{"name":"2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DASC43569.2019.9081614","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Integrated Modular Avionics implementations are increasing in modern aircraft systems against the usage of federated architecture. The reduction of amount of LRU's (Line Replace Units) in the aircraft platform system gives the advantage of reduced recurring costs, reduced logistic and maintenance cost. Reduced number of equipment has also weight and size saving which is very important for avionic developments. On the other hand the IMA implementation cause to an increased complexity with higher level of integration and more abstraction of the functions. In federated architecture implementation each function is deployed on its own computer. The integration of functions on dedicated boards within one equipment, called here as partly IMA implementation, has the advantage of a very good functional segregation, but some overall concepts needs to be clarified such as equipment power reset which will be more complex than the federated architecture. It has also the advantage that on each board the RTOS can be selected indepently. On the standard IMA execution, called here as full IMA implementation each function is deployed on its own partition, but the usage of share resources have to be clarified. Due to the IMA standard time and space segregation is guaranteed from other functions of the core. Cyber attacks can target any subsystem in the aircraft which includes software and could lead to catastrophic failures. Examples of functions enabled by software include powering a system on and off, maintaining cabin pressure level, or controlling attitude. An attacker could potentially manipulate data in these systems. The cyber-attack potentials for different architectures as federated, partly and full IMA systems differs as well as the countermeasure mechanism. For federated architecture systems the manipulation of transmitted data over the data busses could lead to a malfunction in the system. To prevent such manipulation different sensor information from different sources and data busses could be used, but this will increase LRU amount and cabling weight. A denial of service attack could prevent use of information of the network data. The partly IMA concept is more robust regarding the manipulation of transmitted data. Due to the availability of selection of RTOS possible a higher number of different OS could be used, which increase the number of exploits and possible attacks. Within the full IMA concept, where third party applications are used, the injection of malware which leads to manipulation of the scheduling mechanism could effect the whole system operation. A common way to detect such an attack is to review logs of system activity looking for unusual occurrences.

查看原文本刊更多论文

关于联邦、部分IMA和完全IMA实现的网络安全问题

在现代飞机系统中，集成模块化航空电子设备的实现越来越多，而不是使用联邦架构。飞机平台系统中LRU(线路替换单元)数量的减少带来了减少经常性成本、减少后勤和维护成本的优势。设备数量的减少也节省了重量和尺寸，这对航空电子技术的发展非常重要。另一方面，IMA实现由于更高的集成级别和更抽象的功能而增加了复杂性。在联邦体系结构实现中，每个功能都部署在自己的计算机上。在一个设备内的专用电路板上集成功能，这里称为部分IMA实现，具有非常好的功能隔离的优势，但需要澄清一些整体概念，例如设备电源复位，这将比联邦架构更复杂。它还具有在每块板上可以独立选择RTOS的优点。在标准IMA执行(这里称为完整IMA实现)中，每个功能都部署在自己的分区上，但是必须澄清共享资源的使用情况。由于IMA标准，保证了时间和空间与核心的其他功能的隔离。网络攻击可以针对飞机上包括软件在内的任何子系统，并可能导致灾难性故障。软件实现的功能包括打开和关闭系统，保持座舱压力水平或控制姿态。攻击者可能会操纵这些系统中的数据。不同架构的联合式、部分式和完全式IMA系统的网络攻击潜力不同，应对机制也不同。对于联邦体系结构系统，通过数据总线操作传输的数据可能导致系统故障。为了防止这种操作，可以使用来自不同来源和数据总线的不同传感器信息，但这会增加LRU数量和布线重量。拒绝服务攻击可以阻止对网络数据信息的使用。部分IMA概念在处理传输数据方面更加健壮。由于RTOS的可用性，可以使用更多不同的操作系统，这增加了利用和可能的攻击的数量。在使用第三方应用程序的完整IMA概念中，恶意软件的注入会导致对调度机制的操纵，从而影响整个系统的操作。检测此类攻击的一种常用方法是查看系统活动日志，查找异常情况。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC)

自引率

0.00%

发文量