Home' RTCA Documents for Review : DO-356A Contents 171
© RTCA, 2018
protection against eavesdropping attacks but may be easily by-passed in the threat
scenario and therefore would be evaluated with no effectiveness for attacks on the
integrity of the target.
Effectiveness evaluation order
Mind that in this method, the order in which the steps are applied is not relevant for the
overall effectiveness evaluation.
Effectiveness evaluation criteria
The overall effectiveness of protection in a threat scenario is calculated by considering
the effectiveness that individual security measures may have and the evaluation of their
combined effectiveness by considering relations between security measures.
This method will represent the evaluation categories from section 3.6.2 as evaluation
Protection and Exposure reduction are directly shown in the evaluation table,
because they can be represented through the evaluation of security measures.
Attack attempt is applied as another reduction to the overall Level of Threat after all
security measures have been evaluated. If used at all, the attack attempt effect should
not contribute more than 6 points to the overall evaluation.
The effectiveness of each security measure protecting against an attack in the specific
threat scenario is determined by three evaluation criteria:
Window of Opportunity
These criteria are based on the factors given in CEM  section B.4.2.2 to support
comparability with Common Criteria Methodology where needed. CEM distinguishes
the factors ““Elapsed Time”, “Specialist Expertise”, “Knowledge of the Target of
Evaluation”, Window of opportunity” and “Equipment”, but cautions that these factors
are not independent from each other. The three effectiveness evaluation criteria
increase the evaluation reliability by combining dependent CEM factors into clearly
distinct considerations for the same evaluation criteria (for example the expertise to
prepare an attack and the expertise to execute an attack). The separation of attack
preparation and attack execution allows for a more accurate evaluation of threat
scenarios in which attack preparation and attack execution are separated by distinct
roles and persons or a significant amount of time. This is an adaptation to account for
the longer development cycles in the aviation industry
The Preparation phase includes all activities needed to enable the execution of an
attack. It can include technical activities (creation of attack tools, availability of
equipment, etc.), intelligence activities (target identification, knowledge acquirement,
etc.) and others. Preparation activities have in common that they can be completed in
time before an actual attack is executed. Preparation activities do not need to be
independent time-wise from the attack execution but are only loosely coupled, so that
attack preparation can make use of other resources than available for attack execution.
Preparation activities only need to be done once and can often be re-used for multiple
attacks on the same or different targets.
Evaluation criteria that consider (protection against) such activities should be
associated with the preparation phase. Preparation evaluation criteria are typically
assigned to the Protection category.
The Window of opportunity phase includes all activities that enable or limit access to a
target for the execution of an attack. Targets are considered completely accessible by
default, so that only limitations are considered in the window of opportunity. Typical
limitations reduce the possibility for an attack to certain times and physical locations (for
example as given by flight phases) or exclude certain trust relationships.
Evaluation criteria that consider such limitations should be associated with the window
of opportunity phase. This phase closely corresponds to the Exposure reduction
category but evaluation criteria may also be assigned to the Attack attempt category.
Links Archive Navigation Previous Page Next Page