Time and space partitioning security components for spacecraft flight software

Abstract

This paper presents research funded by European Space Agency (ESA) / European Space Research and Technology Engineering Centre (ESTEC) into the development of technology to incorporate security functions into spacecraft flight software. The security functions are derived from the time and space partitioning mechanism within the Integrated Modular Avionics (IMA) concept. ESA is establishing a software reference architecture for future avionics that consists of a layered architecture with defined interfaces and functionality, and abstraction levels per layer. The lower level layers handle the computer issues and each progressively higher layer adds increasing functionality and services up to the implementation of the flight software applications. This approach is complementary to the Multiple Independent Levels of Security (MILS) concept. The security components are added at the lowest layer in the form of a separation kernel which is responsible for enforcing the time and space partitioning of the flight software. The security components complement the safely critical elements of a separation kernel with measures to enforce the confidentiality, integrity and availability of data. The research study used the EBIOS method to establish a set of security objectives and functional requirements for flight software. Two separation kernels were selected, one commercial and the other open-source, and successfully ported to the LEON3 spacecraft processor. An attempt was then made to verify the kernels against the security functional requirements. The verification was incomplete because the kernels did not support all of the security mechanisms specified in the requirements. However the technology has been established and can be upgraded to fully provide the security functions for future flight software.