Software Assurance Framework for Mitigating the Risks of Malicious Software in Embedded Systems Used in Aircraft

摘要

Malicious software represents a significant and growing threat to Department of Defense systems. Threats to airborne systems in particular can be characterized not by system vulnerability to Internet based exploits but rather by the risk posed by malicious code already present in the system's software. Although there are software techniques to detect and prevent certain types of attacks, a Systems Engineer has access to system level information and system design techniques that can quantify and in many cases mitigate the risks posed by potential malicious code present in the system. These techniques are especially applicable to malicious code in embedded airborne system although they can be applied to other systems that share certain traits. This thesis provides an overview of the types of threat involved; techniques that can be used to detect malicious code in individual aircraft Weapons Replaceable Assemblies (WRAs); risks and mitigation strategies related to a generic aircraft software development process; system level techniques to prevent embedded malicious software from causing harm in aircraft; and a technique for documenting Software Assurance (SwA) arguments being made about the system and the individual WRAs.