Threat modeling for aviation computer security

The safety of aircraft cannot be analyzed anymore based only on potential hazards and failures. Due to their increasing interconnectivity, modern computer systems are exposed to a variety of security threats. Additionally, complexity of the system may be a source of vulnerabilities opening the system to malicious actions with ultimate impact on safety. Threat Modeling is the technique that assists software engineers to identify and document potential security threats associated with a software product, providing development teams a systematic way of discovering strengths and weaknesses in their software applications. Microsoft's SDL Threat Modeling Tool offers automated analysis of security threats of systems that can be represented using data flow diagrams. The article discusses issues of security in aviation and presents a case study of a realistic cyber-physical system to introduce tool-supported threat modeling method which can be used for unmanned aerial systems security analyses.