Home' RTCA Documents for Review : DO-356A Contents 275
© RTCA, 2018
parts. However, only state-sponsored or terrorist organizations have the cumulative
capability (motivation, time, money, and extensive resources) necessary to gain access
to detailed knowledge of aviation specific protocols, flight critical functions, operational
procedures, and hardware/software implementations to build an attack test capability
(i.e. lab or test bench) and then successfully plan, synchronize, and execute an attack
on an airplane system. While there is a path, there are the appropriate technical and
procedural security measures in place where it would be Implausible even for an
attacker with special tools and/or skills.
Create GPWS Injectable Malware: Creating the code itself is not difficult for a skilled
attacker. However, it becomes more difficult if the code is based on proprietary
operating systems, software development language, and/or tools, in which case
additional knowledge and/or experience is required. It is assumed that the tools and/or
skills required to carry out such an attack are similar to those required for an attack on
a well-defended corporate network which also has proprietary software. This step is
Compromise NGD: The NGD is a potential platform for an attack against any
connected device, in the ACD or otherwise. This potential is only realizable if the device
itself has been successfully attacked and compromised. The design reduces the
potential of a successful attack by various design considerations. In this example, all
interfaces restrict data using firewalls. The operating system kernel has been hardened
to only contain features necessary for operation. Applications and services are disabled
or removed if they are not required for operation. While there is a path, there are the
appropriate technical and procedural security measures in place where it would be
Implausible even for an attacker with special tools and/or skills.
Compromise USB or Ethernet port: Obtain access and add the malware. Ease-of-
execution is dependent on level of control and isolation maintained by airline. It is
assumed that the tools and/or skills required to carry out such an attack are similar to
those required for an attack on a well-defended corporate network. There are further
constraints on the attacker such as accessibility and procedures. For these reasons,
this step is considered Non-Trivial.
Create and Execute GPWS Exploit: The attacker executes an exploit against an
Ethernet interface in order to inject malicious code into the target device. An Ethernet
exploit depends on the services and protocols available on the interface being exploited.
GPWS has a hardcoded Ethernet stack that only allows a specific IP address and limited
ports and protocols. GPWS also validates all the data immediately after it is received
from the stack. The communication exchange is very deterministic. For these reasons,
this step is considered Challenging. The USB port is not restricted as it is with Ethernet.
However the input data is still validated, and there are physical access restrictions.
Design Knowledge of
AND Create Attack Test
AND Create GPWS
AND Create and Execute
Links Archive Navigation Previous Page Next Page