Fuzzing for Airworthiness Security

Paul Butcher

Senior Software Engineer, AdaCore

For obvious reasons civilian aerospace is steeped in safety regulation. Long standing international governing bodies mandate and oversee the specification, design and implementation of civil avionics such that failure conditions, that could lead to safety hazards, are identifiable, assessed and mitigated. This talk will discuss considerations over why international aerospace regulatory bodies felt additional guidelines, that combine aviation safety and security, were needed in the form of a "Airworthiness Security Process Specification".

Through the HICLASS UK research group AdaCore has been developing security focused software development tools that are aligned with the objectives stated within the avionics security standards. One such capability combines a well known fuzz testing engine with the latest compiler technology to allow the automated security testing of Ada applications. In addition we have been developing further guidelines that describe how vulnerability identification and security measure quality assessment activities can be described within a Plan for Security Aspects of Certification.

About Paul Butcher

Paul is a Senior Software Engineer and AdaCore’s Lead Engineer in the UK for the HICLASS research programme to enable the development of complex and secure aerospace systems. His role is to facilitate the delivery of research, design and implementation for the UK aerospace sector. Prior to joining AdaCore, Paul was a consultant software engineer for 10 years working for UK aerospace companies such as Leonardo Helicopters, BAE Systems, Thales UK and QinetiQ. Before becoming a consultant, Paul worked on the Typhoon platform and safety-critical software developments in the rail sector for BAE Systems and military UAVs for Thales UK. Paul graduated from the University of Portsmouth with a Bachelor's Degree with Honours in Computer Science.

Sponsored by