The proportion of software in UAVs has increased rapidly in recent years. However, it is becoming increasingly difficult to secure the avionic software against security threats. There are no airworthiness certification criteria for the security as well as the safety of UAVs. Therefore, it will be necessary to study on the airworthiness certification criteria and methodology for the safety and security of UAVs, considering the recent trend of the increase in the use of UAVs. The integrated airworthiness certification criteria for safety and security in avionic software to save time and cost were most recently proposed. This paper introduces the comparison between CC, DO-178C, and airworthiness security activities. It also presents the quantitative risk assessment method that is capable of analyzing vulnerabilities and assesses risks quantitatively using the case of security threats to the avionic software of UAVs. It derives the security objectives and requirements for UAVs’ avionic software based on the result of the security risk assessment. Finally, this paper proves the effectiveness of the risk assessment methods by applying them to real case of UAVs.
Copyright © 2019 Praise Worthy Prize - All rights reserved.

Silvia Gil Casals, Philippe Owezarski, and Gilles Descargues, Risk Assessment for Airworthiness Security, SAFECOMP 2012 : Computer Safety, Reliability, and Security (2012, pp. 25-36).
https://doi.org/10.1007/978-3-642-33678-2_3

RTCA., DO-178C, Software Considerations in Airborne Systems and Equipment Certification (RTCA, 2011).

NIST, Common Criteria for Information Security Evaluation. Parts 1, 2, 3 (NIST, 1999).

RTCA, DO-326A, Airworthiness Security Process Specification (RTCA, Aug. 6, 2014).

RTCA, DO-356, Airworthiness Security Methods and Considerations (RTCA, Sep. 23, 2014).

RTCA, DO-355, Information Security Guidance for Continuing Airworthiness (RTCA, June 17, 2014).

Man-Goon Han, Tae-Kyou Park, A Study on Integrated Airworthiness Certification Criteria for Avionics Software Safety and Security, Journal of The Korean Society for Aeronautical and Space Sciences, vol. 46, no. 1 (Jan. 2018).

Arlen Baker, Paul J. Parkinson, Cyber security enhancements for a safety-critical ARINC 653 avionics platform, Twenty-sixth Safety-critical Systems Symposium (York, UK, Feb. 2018).

Christian Raspotnig, Peter Karpati, Andreas L Opdahl, Combined Assessment of Software Safety and Security Requirements: An Industrial Evaluation of the CHASSIS Method, Journal of Cases on Information Technology, vol. 20, issue 1, (Jan.-Mar., 2018).
https://doi.org/10.4018/jcit.2018010104

Liao N., Li F., Song Y., Research on real-time network security risk assessment and forecast, 2010 International Conference on Intelligent Computation Technology and Automation (ICITA), Vol. 3 (Changsha, China, 2010, pp. 84-87).
https://doi.org/10.1109/icicta.2010.273

Alhabeeb M., Almuhaideb A., Dung L.P., Srinivasan B., Information Security Threats Classification Pyramid, 24th IEEE International Conference on Advanced Information Networking and Applications Workshops (Paderborn, Germany, 2010, pp. 208-213).
https://doi.org/10.1109/waina.2010.39

Ortalo R., Deswarte Y., Kaaniche M., Experimenting with quantitative evaluation tools for monitoring operational security, 6th International Conference on Dependable Computing for Critical Application (DCCA-6) (Garmish, Germany, 1997).
https://doi.org/10.1109/32.815323

Ben Mahmoud M.S., Larrieu N., Pirovano A., A risk propagation based quantitative assessment methodology for network security, 2011 Conference on Network and Information Systems Security (SAR-SSI) (La Rochelle, France, 2011, pp. 1-9).
https://doi.org/10.1109/sar-ssi.2011.5931372

Karel Domin, Eduard Marin, Iraklis Symeonidis, Security Analysis of the Drone Communication Protocol: Fuzzing the MAVLink protocol, KU Leuven ESAT-COSIC and iMinds (2016).

ieee.org, Ar drone that infects other drones with virus wins dronegames,
URL:https://spectrum.ieee.org/automaton/robotics/diy/ar-drone-that-infects-other-drones-with-virus-wins-dronegames, last checked on 2018-09-06.

SamyK, Skyjack, Url: https://github.com/samyk/skyjack, last checked on 2018-09-06.

garage4hackers, Maldrone,
URL:http://garage4hackers.com/entry.php?b=3105, last checked on 2018-06-30.

Tae-Kyou Park et al., UAV cyber security accident case and security vulnerability, Institute for Information & Communications Technology Promotion (Oct. 7, 2015).

Kim Hartmann and Christoph Steup, The vulnerability of UAVs to cyber attacks-an approach to risk assessment, 2013 5th International Conference on Cyber Conflict (2013).

Stephen George, FAA Unmanned Aircraft Systems (UAS)-Cyber Security Initiatives, FAA (Feb. 11, 2015).

mitre.org, Gps spoofing.

Url: https://capec.mitre.org/data/definitions/628.html, last checked on 2018-06-30

K. B. Rasmussen N. O. Tippenhauer, C. Popper and S. Capkun. On the requirements for successful gps spoofing attacks, Technical report, ETH Zurich, Switzerland and UCI, Irvine (CA, 2011).
https://doi.org/10.1145/2046707.2046719

Karel Domin et al., Security Analysis of the Drone Communication Protocol: Fuzzing the MAVLink Protocol (KU LEUVEN, Thesis submitted for the degree of Master of Science in Engineering, 2016).

Emy Rivera, Robert Baykov, and Guofei Gu, A Study on Unmanned Vehicles and Cyber Security, Texas A&M University (2014).

Cbsnews, Insurgents intercepted drone spy videos, URL:http://www.cbsnews.com/news/insurgents-intercepted-drone-spy-videos/, last checked on 2018-09-06

R. Creutzburg J. S. Pleban, R. Band, Hacking and securing the ar.drone 2.0 quadcopter - investigations for improving the security of a toy, Technical report, Brandenburg University of Applied Sciences (2014).
https://doi.org/10.1117/12.2044868

Higashino, S., Maruyama, Y., Flight Demonstration of Realtime Path Planning of an UAV Using Evolutionary Computation and Rule-Based Hybrid Method, (2018) International Journal on Engineering Applications (IREA), 6 (5), pp. 156-162.
https://doi.org/10.15866/irea.v6i5.16629

Carloni, G., Bousson, K., A Nonlinear Control Method for Autonomous Navigation Guidance, (2016) International Review of Civil Engineering (IRECE), 7 (4), pp. 102-113.
https://doi.org/10.15866/irece.v7i4.10757

Belhadri, K., Kouadri, B., Zegai, M., Adaptive Neural Control Algorithm Design for Attitude Stabilization of Quadrotor UAV, (2016) International Review of Automatic Control (IREACO), 9 (6), pp. 390-396.
https://doi.org/10.15866/ireaco.v9i6.9919