More Related Content
Similar to Introducing the HICLASS Research Programme - Enabling Development of Complex and Secure Aerospace Systems (20)
Introducing the HICLASS Research Programme - Enabling Development of Complex and Secure Aerospace Systems
- 1. © 2019 Rolls-Royce and Other HICLASS Partners.
© 2019 Rolls-Royce and HICLASS Partners
The information in this document is the property of Rolls-Royce and other HICLASS partners. This information is given in good faith based upon the latest information available to the HICLASS partners, no warranty or representation is given
concerning such information, which must not be taken as establishing any contractual or other commitment binding upon the HICLASS partners.
The information contained in this document is submitted in confidence and is of the kind contemplated by Section[s] [41 and 43] of the Freedom of Information Act 2000. No UK security
classification is applicable to this document. The information contained in this document is not controlled and no export license is required.
1
The HICLASS Research Programme
Enabling Development of Complex and Secure Aerospace Systems
Mike Bennett, Rolls-Royce Control Systems
on behalf of the HICLASS consortium
This work was supported by the HICLASS project,
funded by the Aerospace Technology Institute
and Innovate UK, as project number 113213.
- 2. © 2019 Rolls-Royce and Other HICLASS Partners.
2
HICLASS will enable UK
industry to build and
support the most
complex, connected,
cyber-secure avionic
systems in the world
• £32M project over 4 years
• Started July 2019
• Led by Rolls-Royce
• 16 funded partners
• 2 unfunded partners
• Engagement with DSTL
Project Overview
Systems developers, tool suppliers and academics
working together to develop integrated solutions
- 3. © 2019 Rolls-Royce and Other HICLASS Partners.
Opportunity
3. Position for
New Markets
4. Ongoing Cost Avoidance
1. Exploit Existing
Markets
Lower-cost assured software and
electronics are key enablers
Aerospace
High-Integrity Tools and Services
2. Secure Existing
Markets
Adjacent Markets
- 4. © 2019 Rolls-Royce and Other HICLASS Partners.
0
1
2
3
4
5
6
7
8
9
Integrity
Complexity
Digital Dependence
Connectivity
Security
Safety
4
Increasing Scale and Complexity
The systems we can
practically build today
The systems we’d like to
be able to build
- 5. © 2019 Rolls-Royce and Other HICLASS Partners.
5
Continuing the journey….
• Model-Based Development
• Open Toolchains
• Improved Architectures
• Improved / Automated / Formal
Verification
• Pooling niche skills and
build community
• Enhance understanding of
shared problems
• Multi-core
• Security
• Electronic platform
technologies
Technologies
Matured and Expanded
ASSET
- 6. © 2019 Rolls-Royce and Other HICLASS Partners.
6
Work Package Overview
WP4
Integration &
Embedding
Integrated
product
demonstrators
WP3
Advanced Verification
Timing Analysis for
complex systems eg.
multi-core and
distributed
Automated,
scalable and model-
based
Early and virtual
integration
WP2
Future Platforms and
Development
Integrated Model-
Based Engineering
Reusable
Components and
Product Lines
Cyber-secure
architectures and
mechanisms
High-Integrity
connectivity, networks
and data distribution
WP1
Domain Exploitation for
HICLASS Systems
Product opportunities
and exploitation for
HICLASS systems
Develop a cross-
industry cyber-
security approach for
avionics and drive
regulation
Themes
Scope requirements, refine
exploitation opportunities and
develop cross-industry security
approach Develop 34 advanced
technologies in 14
complementary work packages
Systems developers
integrate technologies
Advanced hardware
platforms and smart
sensors
Security
Verification
Technologies
- 7. © 2019 Rolls-Royce and Other HICLASS Partners.
7
Technologies
Model Based
System
Engineering
Model-Based
Software
Development
Automated
Verification for
Certification
Secure Formal
Code
Executable
Models
Rapid
Integration of
Complex Systems
Next Generation Platform
9 electronic and
software platform
technologies
11 Security
Technologies
4 specification
and modelling
technologies
7 verification and
test technologies
Multi-Core Processing
3 Multi-Core
Technologies
Agile
Find and Fix
- 8. © 2019 Rolls-Royce and Other HICLASS Partners.
8
New Areas - Multi-Core Timing Verification
• Online monitoring limits
contention and interference
within predetermined
bounds
• Robust allocation &
scheduling restricts
contention for shared
resources and supports
graceful degradation
• Processor & resource
demands obtained via
measurement-based
analysis
• Micro-benchmarks
quantify sensitivity to
different levels of
interference
• Multi-cores contain HW resources that are shared
between cores causing timing unpredictability
• Regulator provides objectives that must be met for
certification
• How to meet those objectives?
1. Mechanisms
2. Testing and
Analysis
3. Building
Argument
4. Improving Regulation
• FAA/EASA Feedback
- 9. © 2019 Rolls-Royce and Other HICLASS Partners.
• Current Status:
- Safety: many years industry experience.
- Security
• Many security process standards.
• Aerospace security standards (ED-202A/DO-326A) only
recently published about to be adopted as Acceptable
Means of Compliance
- Lack of expertise in certification
• Now expressed as customer requirements
- Key Issues:
• Expertise is theoretical rather practical
• Integration of security and safety
• Cost effectiveness
9
New Areas – Security (1/2)
Security Risk
Assessment
related activities
Airworthiness
acceptability matrix
3 – Security Risk
Assessment (3.2)
2 - Security Scope
Definition (3.1)
Certification related activities
1 - Plan for Security Aspects of
Certification (PSecAC)
7 - Communication of evidences
(PSecAC Summary)
Not
Acceptable
Security
Risk
4 - Are
security risks
acceptable
?
Security Development related activities
5 - Security Development (3.4)6 - Security Effectiveness
Assurance (3.3)
Architecture
Modifications
Architecture
under
consideration
- 10. © 2019 Rolls-Royce and Other HICLASS Partners.
- Share and Develop Best Practice
• Create some common elements e.g. Threat Model
• Stopping criteria
• Advice covering the interaction of security measures with safety,
- e.g. safety impact of security measure failure modes
- Develop Security Technologies
• Binary vulnerability analysis
• Cyber-hardening (eg. compiler)
• Fuzz testing
• On-board Security Information and Event Management (SIEM)
• Secure Data Communications, Loading and Update
- Engagement with industry working groups
10
New Areas – Security (2/2)
One example of some of the
technology interactions
- 11. © 2019 Rolls-Royce and Other HICLASS Partners.
• Dissemination events
• Aerospace Software Systems Engineering & Technology (ASSET) partnership
- Identification of Gaps!
• Work with specific partners on particular topics
- Case studies
- Supply of tools
11
Engaging with HICLASS
- 12. © 2019 Rolls-Royce and Other HICLASS Partners.
• The Aerospace Software Systems Engineering &
Technology (ASSET) partnership.
• ‘Club’ open to all organisations undertaking technical
work in aerospace software and systems engineering
in the UK
- Inc. system suppliers, software houses, tool
suppliers, government agencies, academic
research organisations)
- No NDA / Collaboration Agreement
- Publication under Creative Commons Licence
• Constitution developed during the SECT-AIR project
• Starting small - currently run on a volunteer basis as
a pilot with a proposed small subscription fee from
2020 managed through University of York
• Sharing best practice in industry-led working groups
(eg. Agile and CPD)
12
Offer different
perspectives
ASSET
- 13. © 2019 Rolls-Royce and Other HICLASS Partners.
• Rolls Royce in on a software transformation journey
• More products, projects and software
• Current approach is difficult to sustain
13
Rolls-Royce Exploitation
- 14. © 2019 Rolls-Royce and Other HICLASS Partners.
• HICLASS is key enabler to the UK to build cyber-secure systems of the future
• Important part of enhancing the UK capability in high-integrity systems and
software engineering
• Highly collaborative with an array of technologies being developed
• Main focus in civil aerospace but cross-sector exploitation is expected
• Come and talk to us to find out more!
14
Summary and Conclusions
- 15. © 2019 Rolls-Royce and Other HICLASS Partners.
15
Partner leads
Organisation Lead Contact
Rolls-Royce Mike Bennett
Adacore Paul Butcher
Altran Katie Smith
BAE Systems Malcolm Earl
Callen-Lenz Martin Ward
Cobham Paul Moses
Cocotec Philippa Hopcroft
D-RisQ Nick Tudor
GDUK Matt Saint-Gregory
GE Aviation Kevin Grover
Leonardo Donald Taylor
MBDA Lee Jacques
Oxford Daniel Kroening
Rapita Systems Adam Barker
Southampton Colin Snook
Thales Peter Bland
Ultra Aleem Saleh
York Iain Bate
- 16. © 2019 Rolls-Royce and Other HICLASS Partners.
16
WP Breakdown
WP1
WP1.1 Future
Products and Impact
(Rolls-Royce)
WP 1.2 Embedded
Cyber-Security
Standards,
Approach and
Process (Thales)
WP2
WP2.1 Ensuring Data Communication
Integrity (Thales)
WP2.2 Technologies for Cyber Hardening
(GDUK)
WP2.3 Full-lifecycle Model-Based
Development Environment (Altran)
WP2.4 Specification Environment for
Complex Systems (Altran)
WP2.5 Flexible, Secure and Segregated
Software Architecture Frameworks
(Rolls-Royce)
WP2.6 Enhanced Software Update and
Maintenance Capability (Rolls-Royce)
WP2.7 Future complex, safety-critical and
modular hardware platform (Rolls-Royce)
WP3
WP3.1 Automatic formal
verification (D-RisQ)
WP3.2 Semi-automatic formal
verification (DRisQ)
WP3.3 Automated Low Level
Verification (Rapita)
WP3.4 Automated verification
tools for event-driven software
(Cocotec)
WP3.5 SPARK for HICLASS
(Adacore)
WP3.6 Integrated Framework for
Managing the Timing of New
Complex Architectures (York)
WP3.7 Automated System-Level
Testing (Altran)
WP4
WP4.1 Future Engine
Controls and Monitoring
Computing Platform (Rolls-
Royce)
WP4.2 Innovative Flight
Control System (Callen-Lenz)
WP4.3 Next Generation
Control System (Rapita)
WP4.4 Safe & Secure
Processing Reference Design
(GDUK)
WP4.5 Future Power Systems
(GE)