To main content

Safety Critical Software and Security - How Low Can You Go?

Safety Critical Software and Security - How Low Can You Go?

Category
Part of a book/report
Abstract
The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The Building Security In Maturity Model (BSIMM) comprises a software security framework with 113 software security activities. This model is often used for measuring the maturity of an organization's software security lifecycle. In this paper we evaluate the ability of DO-178C to ensure also software security, by demonstrating how few BSIMM activities you can get away with performing, while remaining compliant with the different DO-178C assurance levels. The results indicate that organizations with very low software security maturity can still be able to perform well in accordance to DO-178C. Based on the results, we propose concrete activities that could be integrated into the DO-178C development process, to strengthen the security of the developed software
Client
  • Norges forskningsråd / 247678
Language
English
Affiliation
  • SINTEF Digital / Software Engineering, Safety and Security
Year
2018
Published in
AIAA/IEEE Digital Avionics Systems Conference - Proceedings
ISSN
2155-7195
Publisher
IEEE
Book
2018 IEEE AIAA 37th Digital Avionics Systems Conference (DASC) Proceedings
Booklet
.
ISBN
978-1-5386-4112-5
Page(s)
210 - 215