A comprehensive approach for validation of air traffic management security prototypes: A case study

Security in air traffic management is still a rather new challenge and receives increased interest during recent years. This implies that new security concepts and systems are developed. Usually all systems have to go through several validation cycles to reach a higher technical readiness level. As no well-established validation approach is available which considers the special aspects of security this forms an additional barrier when developing air traffic control security systems. This is true because suitable validation approaches have to be developed first. The latter includes the risk of forgetting something, when the development is not initiated in a structured way. Within the air traffic security project GAMMA such an approach has been developed and applied to a set of seven prototypes. Based on the European Operational Concept Validation Methodology and a Security Risk Assessment Methodology, this approach identifies additional security controls, system requirements, validation objectives and key performance indicators. These are the driving elements for the design of the validation setup and procedure The paper demonstrates the feasibility of this new approach using one specific example, the Secure Air Traffic Control Communications prototype. The paper describes the approach and the resulting validation setup and procedures in detail. It briefly describes the obtained results for the developed prototype as one specific use case of the approach.