UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation...
Transcript of UCAAT2013 presentation - MBT for ADS-B attack scenario ... for... · Google Earth SBS-3 BaseStation...
Model-‐based test genera/on of aircra3 traffic a5ack scenarios using ADS-‐B standard signals
1
Julien Botella (Smartes2ng) Phong Cao (THALES) Cédric Civeit (Thales Raytheon Systems) Daniel Gidoin (THALES) Fabien Peureux (FEMTO-‐ST /CNRS; Smartes2ng)
UCAAT 2013 22 – 24 October -‐ Paris
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
Automa/c dependent surveillance-‐broadcast – ADS-‐B
• Context – To test air ADS-‐based Air Traffic Management systems
using ADS-‐B Protocol – Radar control security tes2ng:
• ADS-‐B radio protocol • Flight informa2on sent from plane to control tower
• Mo/va/ons – To address applica2on security vulnerabili2es that cannot be detected by the
sta2c tests – To reduce cost of tes2ng and the 2me taken for industrializa2on – To be able to demonstrate the resilience of Air Traffic Management systems – To absorb the growth in air traffic and improve the security
• Objec/ves – Live traffic capture with SBS-‐3 sta2on – Malicious scenario genera2on to check the detec2on efficiency from the
control tower (logical anomalies) • Wrong coordinates • Fake planes • …
• SBS-‐3 sta/on descrip/on hPp://www.homepages.mcb.net/bones/SBS/Ar2cle/Barebones42_Socket_Data.htm 4
SBS Specifica2on extracts
5
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example
• Conclusion and future work
MBT for func2onal tes2ng
7
Smartesting CertifyIt
Model (Behavioral /
environmental )
Requirement Management
Requirements
or
Iterative Process
Test scripts
Adapta/on layer
Requirement links
8
Test Purposes
Smartesting CertifyIt
Model (Behavioral /
environmental )
Security Test Patterns
SBS-3 BaseStation
Specs
Real Traffic recording (SBS-3)
DAST SBS-3 importer
Malicious Scenarios
SBS-‐3 Simulator
Google Earth
KML Publisher for Google Earth
SBS-3 BaseStation
logs publisher
MBT process for ADS-‐B
Test genera2on for ADS-‐B traces
• APack scenarios are generated using real traces and aPack paPerns
• APack paPerns capture the know-‐how of security engineers
Generated model
A5ack pa5ern
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example (demo)
• Conclusion and future work
• Goals – To measure the resilience of Air Traffic Management Systems of against
aPacks using ADS_B protocol – The training of air traffic controllers in cri2cal situa2ons (i.e. ar2ficial air
space satura2on)
• Process – Automated real traffic acquisi2on (model elements genera2on) – Automa2c malicious scenarios genera2on from test paPerns
– First paPern : DAST trajectory
– Scenarios export (altered traffic) – KML forGoogle earth – SBS-‐3 formaPed logs
• Live Demo
Project results
11
Simula2ng aPack scenarios in Google Earth
Agenda
• Context, mo2va2on and key challenges • MBT to generate aPack scenarios for ADS-‐B • Illustra2on of the end-‐to-‐end process on a simple example (demo)
• Conclusion and future work
Future work • Check injected data consistency • Anomalie defini2ons to create new malicious scenarios
– Vulnerability paPerns (Q4 2013) • Fighter ac2ng as an airliner • 4 grouped fighters, ac2ng as an airliner then spliing • Helicopter, drone • Duplicate an airliner and make it diverge from its original trajectory • …
• KML/SBS exports improvements • Improving tool integra2on (from generated aPack
scenarios to test execu2on, verdict and repor2ng)
14
14