Safety And Security Analysis Of Airborne Embedded System

As countries attach more importance to air supremacy,the mission of military aircraft is becoming more and more complex and the sailing time is getting longer and longer.For safety-critical airborne embedded systems,components,embedded programs,and control instructions in the system have high reliability and high integrity requirements.To circumvent the serious consequences of failures or attacks,it is of great significance to quantify the risks and threats it faces while designing a system.System reliability requires the system should not fail during a long-time mission.Due to the usage of the redundancy,there are some repairable components in the system,these components are still considered normal and do not have a greater impact if they are repaired in a short time even if they fail.The current analysis methods using dynamic fault tree cannot model such events.As a new extension of dynamic fault trees,time delay gate was proposed.This new mechanism can be used to model the time delay on the fault propagation from the lower level subsystems to the higher level system.This enables accurate modeling and analysis of systems that include repairable components with specific repair time constraints.Also,the dynamic bayesian networks was extended to solve the dynamic fault trees containing time delay gates.The traditional information flow integrity analysis method lacks the consideration of the specific system structure and the associated attack events.An integral threat tree is proposed to quantitatively analyze the integrity of the system information flow,and it uses conditional trigger gate to model the associated attack events.The attack cost is used to quantify the difficulty of attacking each channel.Based on the architecture-related integrity threat tree,the system integrity threat is quantified.In the process of analyzing complex systems based on dynamic fault tree and integrity threat tree,the existing solving methods cannot be applied to the solution of the system’s optimal failure rate in the case that the basic component or the probability of the event is uncertain,and the minimum cost was required to attack the system when there are multiple attack modes to choose from.An algorithm based on SMT to support the optimized failure distribution under the nondeterministic range constraint of basic events and the minimum attack cost required to reach the attack target was also proposed.