Fuzzing for Airworthiness Security
Senior Software Engineer, AdaCore
For obvious reasons civilian aerospace is steeped in safety regulation. Long standing international governing bodies mandate and oversee the specification, design and implementation of civil avionics such that failure conditions, that could lead to safety hazards, are identifiable, assessed and mitigated. This talk will discuss considerations over why international aerospace regulatory bodies felt additional guidelines, that combine aviation safety and security, were needed in the form of a "Airworthiness Security Process Specification".
Through the HICLASS UK research group AdaCore has been developing security focused software development tools that are aligned with the objectives stated within the avionics security standards. One such capability combines a well known fuzz testing engine with the latest compiler technology to allow the automated security testing of Ada applications. In addition we have been developing further guidelines that describe how vulnerability identification and security measure quality assessment activities can be described within a Plan for Security Aspects of Certification.