Home' RTCA Documents for Review : DO-356A Contents 78
© RTCA, 2018
to each other, and to the security environment, and the principles guiding its
design and evolution.
Security Implementation Architecture: A mapping between the Security
Architecture and those requirements of the aircraft/system architecture which are
concerned with the concepts and basic methods for satisfying the airworthiness
security requirements and guidelines. The implementation view of the security
architecture defines architectural elements, together with their roles,
responsibilities, and interrelationships that will support the airworthiness security
requirements and guidelines.
System: A conceptual entity defined by its boundaries. Combination of interacting
elements organized to achieve one or more stated purposes. A system can be
Multi-System: A system made up of multiple systems and LRUs. A network
together with its hosts and gateways would be an example of a big multi-
Basic-System: A system is a construct or collection of different items that
together produce results not obtainable by the items alone.
Sub-System: A system that is part of a larger system.
Item: A hardware or software element having bounded and well-defined
interfaces (as defined by ARP 4754A / ED-79A).
Multi-Item: An item that includes more than one item (e.g. a software /
hardware package which includes multiple software / hardware
components with potentially differing assurance levels)
Sub-Item: A hardware or software element that has a different security
assurance level assigned than other hardware or software elements of the
same item. Different security assurance levels can only be assigned within
an item if independence and isolation between sub-items is established. A
security measure implementation can not have a different security
assurance level than its dependencies.
Security Measure: Operational (procedural) or technical measures that are used
to mitigate risks. The technical measures are normally implemented in systems
and are described in technical specifications. Operational requirements are
derived from the manuals (e.g. AMM, FCOM, and CCOM) or can be pushed to
Airlines as requirement or recommendation using the Airplane Security Operator
Security Barrier: Combination of several Security Measures that add up at macro
level. It is not necessarily limited to one system as another system’s Security
Measures might contribute. The Security Measures that add up to a Security
Barrier are usually dependent with regards to their protection. They need to
function all together to be effective.
Attack Path Refinement: Activity to refine the generic Attack Paths (at macro
level) to detailed Attack Paths (at lower level). This activity is in each refinement
step. Aircraft Attack Paths are to be refined to (Multi-) System Attack Paths.
System Attack Paths need to be refined to Item Attack Paths.
The basic characteristics of sound security architecture are:
Non-bypass: The architecture does not allow its security measures to be
bypassed, and the measures will always be invoked when they are intended to
Protection: The architecture does not allow the security measures or assets to be
Detection and Restoration: The architecture provides means for detecting threat
conditions, and provides restorative means for establishing (or re-establishing)
the correct configuration of the architecture in the event that security measures
fail or are defeated.
See section 3.5 “Security Measure characterization” for additional information.
Links Archive Navigation Previous Page Next Page