UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation...

Model-‐based test genera/on of aircra3 traffic a5ack scenarios using ADS-‐B standard signals

1

Julien Botella (Smartes2ng) Phong Cao (THALES) Cédric Civeit (Thales Raytheon Systems) Daniel Gidoin (THALES) Fabien Peureux (FEMTO-‐ST /CNRS; Smartes2ng)

UCAAT 2013 22 – 24 October -‐ Paris

Agenda

•  Context, mo2va2on and key challenges •  MBT to generate aPack scenarios for ADS-‐B •  Illustra2on of the end-‐to-‐end process on a simple example

•  Conclusion and future work

Automa/c dependent surveillance-‐broadcast – ADS-‐B

•  Context –  To test air ADS-‐based Air Traffic Management systems

using ADS-‐B Protocol –  Radar control security tes2ng:

•  ADS-‐B radio protocol •  Flight informa2on sent from plane to control tower

•  Mo/va/ons –  To address applica2on security vulnerabili2es that cannot be detected by the

sta2c tests –  To reduce cost of tes2ng and the 2me taken for industrializa2on –  To be able to demonstrate the resilience of Air Traffic Management systems –  To absorb the growth in air traffic and improve the security

•  Objec/ves –  Live traffic capture with SBS-‐3 sta2on –  Malicious scenario genera2on to check the detec2on efficiency from the

control tower (logical anomalies) •  Wrong coordinates •  Fake planes •  …

•  SBS-‐3 sta/on descrip/on hPp://www.homepages.mcb.net/bones/SBS/Ar2cle/Barebones42_Socket_Data.htm 4

SBS Specifica2on extracts

5

Agenda

•  Context, mo2va2on and key challenges •  MBT to generate aPack scenarios for ADS-‐B •  Illustra2on of the end-‐to-‐end process on a simple example


MBT for func2onal tes2ng

7

Smartesting CertifyIt

Model (Behavioral /

environmental )

Requirement Management

Requirements

or

Iterative Process

Test scripts

Adapta/on layer

Requirement links

8

Test Purposes

Smartesting CertifyIt

Model (Behavioral /

environmental )

Security Test Patterns

SBS-3 BaseStation

Specs

Real Traffic recording (SBS-3)

DAST SBS-3 importer

Malicious Scenarios

SBS-‐3 Simulator

Google Earth

KML Publisher for Google Earth

SBS-3 BaseStation

logs publisher

MBT process for ADS-‐B

Test genera2on for ADS-‐B traces

•  APack scenarios are generated using real traces and aPack paPerns

•  APack paPerns capture the know-‐how of security engineers

Generated model

A5ack pa5ern

Agenda

•  Context, mo2va2on and key challenges •  MBT to generate aPack scenarios for ADS-‐B •  Illustra2on of the end-‐to-‐end process on a simple example (demo)


•  Goals –  To measure the resilience of Air Traffic Management Systems of against

aPacks using ADS_B protocol –  The training of air traffic controllers in cri2cal situa2ons (i.e. ar2ficial air

space satura2on)

•  Process –  Automated real traffic acquisi2on (model elements genera2on) –  Automa2c malicious scenarios genera2on from test paPerns

–  First paPern : DAST trajectory

–  Scenarios export (altered traffic) –  KML forGoogle earth –  SBS-‐3 formaPed logs

•  Live Demo

Project results

11

Simula2ng aPack scenarios in Google Earth

Agenda

•  Context, mo2va2on and key challenges •  MBT to generate aPack scenarios for ADS-‐B •  Illustra2on of the end-‐to-‐end process on a simple example (demo)


Future work •  Check injected data consistency •  Anomalie defini2ons to create new malicious scenarios

–  Vulnerability paPerns (Q4 2013) •  Fighter ac2ng as an airliner •  4 grouped fighters, ac2ng as an airliner then spliing •  Helicopter, drone •  Duplicate an airliner and make it diverge from its original trajectory •  …

•  KML/SBS exports improvements •  Improving tool integra2on (from generated aPack

scenarios to test execu2on, verdict and repor2ng)

14

14

UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation...

Documents

Transcript of UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation...