Visible to the public Safe and Secure Data Fusion — Use of MILS Multicore Architecture to Reduce Cyber Threats

TitleSafe and Secure Data Fusion — Use of MILS Multicore Architecture to Reduce Cyber Threats
Publication TypeConference Paper
Year of Publication2019
AuthorsHuyck, P.
Conference Name2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC)
Date Publishedsep
Keywordsaerospace computing, air traffic safety, architecture configurations, civil aircraft systems safety, covert channel prevention, cyber threats reduction, cyber-attack space, data flows, data fusion-based systems, flexible software architectures, functional assurance capabilities, High Robustness, high-robustness separation kernel certification, INTEGRITY-178 tuMP, MILS, MILS multicore architecture, multicore, multicore processor, multicore-based real-time operating system, multiple independent levels, multiprocessing systems, operating systems (computers), pubcrawl, Resiliency, Resilient Security Architectures, restricted hardware access, RTOS, safety-critical software, scheduling, security risks, sensor fusion, Separation Kernel, single-core processors, software architecture, system providers, system security architecture, telecommunication security
AbstractData fusion, as a means to improve aircraft and air traffic safety, is a recent focus of some researchers and system developers. Increases in data volume and processing needs necessitate more powerful hardware and more flexible software architectures to satisfy these needs. Such improvements in processed data also mean the overall system becomes more complex and correspondingly, resulting in a potentially significantly larger cyber-attack space. Today's multicore processors are one means of satisfying the increased computational needs of data fusion-based systems. When coupled with a real-time operating system (RTOS) capable of flexible core and application scheduling, large cabinets of (power hungry) single-core processors may be avoided. The functional and assurance capabilities of such an RTOS can be critical elements in providing application isolation, constrained data flows, and restricted hardware access (including covert channel prevention) necessary to reduce the overall cyber-attack space. This paper examines fundamental considerations of a multiple independent levels of security (MILS) architecture when supported by a multicore-based real-time operating system. The paper draws upon assurance activities and functional properties associated with a previous Common Criteria evaluation assurance level (EAL) 6+ / High-Robustness Separation Kernel certification effort and contrast those with activities performed as part of a MILS multicore related project. The paper discusses key characteristics and functional capabilities necessary to achieve overall system security and safety. The paper defines architectural considerations essential for scheduling applications on a multicore processor to reduce security risks. For civil aircraft systems, the paper discusses the applicability of the security assurance and architecture configurations to system providers looking to increase their resilience to cyber threats.
Citation Keyhuyck_safe_2019