The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
A security testing method and a supporting toolset were developed to evaluate the robustness of communication protocols, application end-points and other system components. Using a packet injection and manipulation test case it was demonstrated that, due to weaknesses in authentication mechanisms, the CPDLC protocol is subject to threats affecting data integrity. In order to mitigate the risks, recommendations...
The future ATM system must evolve to meet demanding performance targets. This transition will potentially introduce new vulnerabilities into the system. To address this issue, the SESAR programme has developed a comprehensive set of methods, tools and guidance material to support the concept of "designing-in" security from the beginning of the development life-cycle. This paper summarises...
To support the approach of 'design-in security' taken by the SESAR Programme, the authors have iteratively developed a support tool, known as 'CTRL_S' that guides users through the security risk assessment process. Whilst these risks are mostly generic, based on prototype system architectures or extrapolations from current systems, the approach supports the development of security controls through...
Under the SESAR Programme, the European Air Traffic Management (ATM) industry has adopted an approach of 'design-in security' by applying security assessment from the beginning of the development lifecycle. This has necessitated a convergence of different approaches to security assessment from the different partners. A number of challenges have been apparent in developing both the method to be used...
In 2008 EUROCONTROL published Information and Communications Technology (ICT) Security Guidance to Air Navigation Service Providers (ANSPs), to assist them in complying with regulatory security requirements. The validation of that guidance included surveys which were conducted to contrast current practice in European ANSPs with a baseline control set based on ISO/IEC 27001:2005. The surveys are confidential...
This paper addresses the potential of mathematical modeling in support of the current security risk management approach in SESAR. One of the key challenges in large-scale system engineering for security is to provide support for system-wide implementation of security controls with limited resources. For this purpose resource-intensive security risk assessment shall only be applied to top priority...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.