Aerospace & Defense Technology - December 2022 - 14

Test and Measurement
transformation is DoD-wide.
The U.S. Air Force has implemented
a number of " Software
Factories " as part of
their implementation plan.
While the exact structure of
these is somewhat unclear at
the time of this writing, the
results of one, Kessel Run, for
2020, show that there are
benefits to be had.
One of the key challenges
associated with mission critical
platforms (aircraft, automotive,
healthcare, critical
infrastructure) that needs to
be considered though, is that
the software technology is
required to undergo safety
certification before the systems can be
deployed. The challenge is that any
change in software, in most cases, leads
to the need for re-certification. Typically,
certification efforts are a significant factor
in the timeline and cost of the programs.
Integration issues for large programs,
that have multiple software teams
working on different aspects of the infrastructure
and applications, cause delays
in delivery timelines and cost overruns.
These issues become particularly exacerbated
if the system-level testing and integration
is not started early in the program
lifecycle.
Project
Definition
Detailed Design
Integration, Test,
and Verification
Implementation
Time
V-Model
Many Agile methods and DevSecOps
processes and techniques aren't defined
in detail; engineering teams are effectively
empowered to embrace the details
they see relevant to themselves. This is
counter to industries' safety and security
standards that require a rigorous, well-defined
process. This means that software
teams must define and document their
DevOps tools, processes and techniques.
An important example of this is traceability.
Proving requirements are satisfied
with validation evidence is important
for demonstrating system
functionality and airworthiness. Therefore,
any DevSecOps process must manage
traceability precisely.
DevSecOps and DO-326A/DO-356
An interesting approach that has come
out of the DevSecOps practice is the concept
of treating security requirements in
the same ways as safety and functional
14
requirements. Guided by the outcome of
detailed threat analysis and the implementation
of security controls, then to
validation through testing, and of course
documentation. This is the key to integrate
security into DevOps and a good
way to build security into the development
culture and have software teams
communicate using a familiar language.
DO-326A defines an airworthiness
security process (AWSP) which, at the
thirty thousand feet level, defines certification,
security risk assessment and
security development activities. Security
risks that are identified during the
assessment require development activities
to mitigate the risk to the aircraft.
These activities are meant to be integrated
into the safety processes required for
the software. DO-356 is a companion
document to DO-326A that proves compliance
with airworthiness security
requirements throughout the stages of
development. The provisions in these
documents are not yet mandatory and
therefore, merely serve as guidelines. It
is also noteworthy that they focus on
intentional unauthorized electronic
interaction including instances of malware
installation and system manipulation,
as opposed to offering guidance on
physical attacks.
Good engineering practices dictate
adoption of coding guidelines or standards
such as MISRA, or SEI CERT guidelines.
This approach assures newly developed
code follows industry best practices.
However, a coding standard by itself
mobilityengineeringtech.com
Concepts of
Operations
Verification
and Validation
Requirements and
Architecture
Operations and
Maintenance
System Verification
and Validation
Project Test
and Integration
does not prevent all complex
security vulnerabilities. Additionally,
it isn't practical to
implement coding standards
on existing code.
In practice, many avionics
systems have requirements
defined up front as part of the
request for proposal (RFP) process
during vendor selection.
It is also probable that milestones
are established as part
of large-scale airframe projects
where deliverables are well
outlined. In such cases, planning
around these requirements
and milestones is necessary
as they feed the design
and implementation phases
that can still be iterative, Agile processes.
Today most system development of
safety critical platforms follows a V-Model
where equal weight is given to coding
and testing. V shape shows the relationship
between each phase of the development/design
and the corresponding testing
phase. Testing (right side of the V) is
performed for verification and the left
side is used for validation.
The software development method
chosen during the design, implementation
and testing of code is left up to the
manufacturer as long as it meets the
basic criteria of good engineering practices
with traceability, safe and secure
practices, and reporting and documentation
evidence for results. Agile and iterative
methods can work well in this phase
despite the entire lifecycle not necessarily
working within the Agile framework.
In fact, the approach leads to better
results by shifting many important parts
of development earlier such as testing.
Categories of Software Tools Used
During DevSecOps Development
Our experiences of engaging with customers
that are implementing DevSecOps
for the Mission Critical Edge indicate
the use of the following application
security testing (AST) tools during the
CI/CD process:
* Static application security testing
(SAST): These tools scan proprietary or
custom code for coding errors and
design flaws that could lead to exploitable
weaknesses.
Aerospace & Defense Technology, December 2022
http://www.mobilityengineeringtech.com
Aerospace & Defense Technology - December 2022

Table of Contents for the Digital Edition of Aerospace & Defense Technology - December 2022
