Airbus A330 MRTT refuelling progress

I was pleased to read in today's news (Aerospace Testing International) that the Airbus A330 Multi-Role Tanker Transport (MRTT) has completed more flight testing milestones, including extended testing of its refuelling systems.

The A330 MRTT is an interesting design, as it has a centreline refuelling boom and two underwing refuelling pods, and although these perform similar functions, the electronic systems have quite different operating environments, which is reflected in their system architecture. The refuelling boom runs VxWorks 653 on an Integrated Modular Avionics (IMA) platform, whereas the underwing refuelling pods run VxWorks Cert on a federated avionics architecture in the harsh under wing environment, which can experience extremes of temperature. This is an excellent case of how a hybrid architecture can be used to achieve diverse mission requirements.

There's a photo of the view of the underwing refueling pods in the news story, and there's also a great photo of an A330 MRTT being refueled by a French Air Force tanker on the EADS website (click on the image to view a larger version).

The A330 MRT will enter service Royal Australian Air Force (RAAF) in the near future, and I am looking forward to see them enter service with the UK Royal Air Force (RAF).

Active Driver Restraint

I blogged last year on Active Driver Assistance and noted my concerns about the potential for adaptive cruise control to make an incorrect decision and increase the risk of an accident rather than reduce it.

So I was interested to hear a BBC news report earlier this week about a device which automatically stops acceleration when a vehicle exceeds the speed limit going on test in London. Intelligent Speed Adaptation (ISA) is being developed by Transport for London (TfL) and uses a newly-introduced digital speed limit map of the city. On the Radio4 Today programme, journalist Quentin Wilson said that anything that takes away driver control has to be looked at carefully.

The levels of interventions are reported as: 

• Advisory ISA: the driver is informed of the limit and of violations but there is no direct link between this information and the vehicle controls.
  

• Voluntary ISA: the system is linked to the vehicle controls but the driver can choose when to have the system enabled.

• Mandatory ISA: no override of the system is possible.

I can appreciate the potential benefit of an Advisory ISA, but this capability has been available for quite some time in proven systems such as Road Angel (which has an interesting heritage); however, as I mentioned in my earlier blog, I still don't think the arguments for voluntary/mandatory ISA are convincing...but if the Mandatory ISA scheme were to be introduced in London, I'm sure that my brother's BMW M5 would be in need of a new home.

VxWorks MILS 2.0 EAL6+ Evaluation

In case you missed the news, VxWorks MILS 2.0 has officially entered formal security evaluation at Common Criteria EAL 6+ (NIAP website).

So what does this mean for Wind River's customers? Well, VxWorks MILS 2.0 will enable them to develop applications to what the US National Security Agency (NSA) defines as "High Robustness".

Many people are familiar with Communications Security (ComSec), which involves the secure transmission and reception of information across networks, using technologies such as encryption and firewalls. However, what is less well known is Information Security (InfoSec), which involves the secure transformation of information between applications, subsystems, or networks. This is becoming an increasingly important requirement in systems, where there is the need for applications to handle data of different security classifications and to ensure that only that the authorized data flows are allowed and no unauthorized information disclosure can occur.

In the defence sector, the application of VxWorks MILS 2.0's high robustness technology is obvious, providing the means to host Top Secret (TS), Secret (S) and even Unclassified (U) on the same platform. This could be used for example in a military UAV mission system which needs to communicate with a civilian Air Traffic Control (ATC) system as it flies through unsegregated airspace (my colleague Chris Constantinides & I discussed this scenario in detail in the case of a UAV system architecture in the paper "Security Challenges in UAV System Development", at the 27th Digital Avionics Systems Conference, IEEE Proceedings).

In the commercial sector, VxWorks MILS 2.0's high robustness could be used to protect critical national infrastructure, which is a growing concern given the increasing threat of cyber warfare - see my previous post 'Cyber warfare and déjà vu' and the recent news story 'Electricity Grid in U.S. Penetrated By Spies' (Wall Street Journal) for details. This technology could also provide a secure platform many other types of application that needs to enforce strict separation based on data classification and access controls, including banking and commerce, to name a few.

So, even if our customers are working projects which don't have an explicit InfoSec requirement today (perhaps because the systems aren't even networked), it is reassuring to know that they have a route to Common Criteria security certification with VxWorks MILS 2.0.

Now, I must get back to learning a crypto demo which one of my colleagues has created for VxWorks MILS 2.0...

Cyber warfare and déjà vu

Yesterday, I had strong sense of déjà vu as I read the news story 'Major cyber spy network uncovered' (BBC News), which reports on a 10-month investigation by the Information Warfare Monitor (IWM) into a cyber espionage network, which they called GhostNet. This has a number of similarities with the plot within the novel 'The Edge of Madness' which I discussed in a previous blog.

The IWM report ''Tracking Ghostnet: Investigating a Cyber Espionage Network' is comprehensive to say the least, and I expect that people will find it either fascinating or terrifying, depending on their disposition. The IWM report is available to view online at the IWM website, but I found it more convenient to download the PDF version from the F-Secure mirror site to read offline.

The report contains lots of fascinating detail about the IWM investigation, but what really struck me was that the infection methods (p 39) were all based on contamination of data with executable code (web pages, PDF documents and Word documents), and relied on the application processing the data to execute the code. Once these trojans had opened a back door into a system, this provided access to the attacker for control and further exploitation.

This security vulnerability is due to the principle of allowing applications to run commands and/or code from an external source.

Q. Do I trust my web browser not to run malicious code?
Well no, I don't. I could disable all Javascript and Flash in my web browser and restrict other behaviour as well, but that would mean that many websites would become unusable.

Q. Do I rely on the host operating system to limit their actions?
Again, no, as the host operating system that I have to use has a relatively weak file system and security architecture.

So, because I don't trust either the web browser or the host operating system on which it executes, I instead use an secure containment approach. I do this by running the web browser in a virtualized environment. This means that the web browser has only the resources it needs to operate, but runs in a restricted environment, isolated from the rest of the system and is unable to perform priviledged operations, and most importantly it cannot access or corrupt my documents.

I decided to use this approach a while ago, after learning about the secure separation kernel and virtualization approaches used in VxWorks MILS 2.0, and after reading the IWM report my actions no longer seem as paranoid to me as they did at the time...

Quantum Leap for encryption

The topic of data security is finding its way into mainstream media news reports these days, often due to high-profile lapses or breaches; and whilst encryption is sometimes mentioned in passing, the media reports rarely delve into the detail.

So, on Wednesday evening when I had the opportunity to attend a local history talk about the Enigma machine and other encryption devices, I jumped at the chance. In addition to listening to the talk, I saw a number of working exhibits, including two Enigma machines used during WWII, and a Russian Fialka which was used in the Cold War.

One of the things which struck me about the talk was the race to increase encryption strength versus code-breaking attacks, and how these related to the computing power available at the time. In the early 1940's, the British used Colossus, the world's first programmable digital electronic computing devices to break the Lorenz cipher, used for German high-level military communications. Colossus was able to decipher an encrypted message in hours, far faster than by other means available at the time; whereas today a Lorenz simulator can be run on a modern PC and break an encrypted message in minutes.

The widespread availability of high-performance PCs available now at relatively low-cost, and modern encryption technologies, such as TrueCrypt and PGP, means that data can be secure from prying eyes, apart perhaps from those with arrays of supercomputers at their disposal.

However, the advent of quantum cryptography ('Quantum Leaps', IET Engineering & Technology) could result put an end to this race in the near future, by finally providing unbreakable encryption and intercept detection. If realised, this would render brute-force computational attacks to be useless, and attackers would be forced to revert to compromising the encryption keys instead....which is another approach which has been used for years, so maybe the status quo will remain?

Forty Years of the Boeing 747

Today, it's exactly forty years since the first flight of the Boeing 747. (Photo: Flight Global).

This significant milestone was discussed on the BBC Radio 4 business programme 'The Bottom Line' on Saturday. During the programme, two key questions were raised: firstly, whether the 747 had changed people's lives; and secondly, whether the 747 has improved service or not? I listened with interest, as I had just flown back to London from Cape Town from the Wind River A&D Seminars on a British Airways Boeing 747-400 the previous day. 

The question of impact of the 747 on people's lives is hard to dispute. The 747's impressive range, speed and capacity have brought long-haul destinations around world within reach of many people, and has also drastically reduced travel times. The 747 also is affectionately referred to by many people as a 'jumbo jet', and even after having flown on a 747 many times, I still find it an awesome sight when it comes into view at an airport departure gate.

I think the question about improved service is more subjective - I find that have to almost perform a limbo dance to get back into my economy seat if the passenger in front of me has reclined their seat; but this is due to airlines trying to maximize seating capacity at the expense of individual passenger comfort, rather than being due the manufacturer's design.

However, continuous advances in technology can lead to incremental improvements in service overall. In recent years, the introduction of Integrated Modular Avionics architectures (which I discussed in an earlier blog 'ARINC653 software weighs less') can reduce the Space, Weight and Power (SWaP) requirements of avionics systems significantly. In some aircraft the reduction in weight of aircraft avionics and cabling can be as much as 500kg, which provides the airlines with the option of carring more passengers and/or cargo for the same fuel load, or alternatively reducing the fuel load and providing more space for passengers (guess my preference). In addition, other technological advances, such as the implementation of continuous descent arrival software algorithms in the latest Flight Management Systems will reduce fuel consumption even further. 

These incremental advances are often applied to aircraft during technology refreshes, which means that the 747 of today is very much more advanced than the first plane that rolled of the production line. Of course, there's even greater scope for applying these technological advances in completely new designs, so I will be looking forward to stretching out on a British Airways Boeing 787 when it comes into service...

South African A&D Seminars

Tomorrow, I will be traveling to South Africa to present at the Wind River Aerospace & Defence Seminars which will be held in Pretoria and Cape Town next week. 

I'm really looking forward to the events, as we will be covering some interesting topics including the latest trends in Aerospace & Defence, including Safety and Security. This will also be the my first opportunity to present some new Wind River A&D customer case studies, which I hope the audiences will find interesting and informative. In the afternoons, we'll be providing some technical deep-dive sessions on Multicore, Virtualization and Hypervisor technologies, VxWorks 6.6 safety certification, and Wind River Linux. So it's a pretty packed agenda.

I'm also looking forward to seeing the scenery again which is stunning, particularly around Cape Town and Stellenbosch. Thunder City, on the outskirts of Cape Town, has three operational English Electric Lightnings, which is my all-time favourite military fast jet. It would provide the ideal way to see Table Mountain and The Cape in real style, but unfortunately, that's not part of the seminar programme. (For some interesting facts and anecdotes on the Lightning, the Wikipeda entry is well worth reading!).

Security and cyber warfare

One of the Christmas presents I received was the book The Edge of Madness by Michael Dobbs. It's a novel about cyber warfare and is set in the present day. Despite mixed reviews of the book in the media (Daily Telegraph, Guardian), I found it to be a gripping read, and finished it over two evenings.

The reason why it held my attention was because of its central theme: the imminent threat of cyber warfare against a nation through co-ordinated attacks against critical national infrastructure (banking, commerce, energy,  telecommunications, etc.) bypassing national defence forces. Although we have yet to witness an offensive on this scale, there have been several instances of international cyber warfare in recent years, so perhaps these can only escalate in the future?

As I read the book, I was trying to distinguish between those scenarios which were accurate and/or technically feasible, and those where the author may have used artistic license. However, when I did a bit of research afterwards, I found that I had some misconceptions. For example, I thought that the scenario of a nuclear power station's control systems being accessible from the Internet was far-fetched, as I expected that it would operate on a completely isolated network for security reasons, but Google found at least one instance where this has actually happened ('Slammer worm crashed Ohio nuke plant network', Securityfocus.com).

It would be easy to dismiss this particular instance as a bad (and hopefully not very representative) example, but this would be missing the point. Even if nuclear power station control systems could/should operate in a completely isolated network, there are many other classes of systems that are part of the critical national infrastructure which will not have this option. These systems need to employ secure computing platforms and communication systems. 

This area is of particular interest to me, as this year I will be spending a significant proportion of my time focusing on Information Security (InfoSec). This is not just for Aerospace & Defence customers but also for security-critical applications in other vertical markets. Over the last two weeks, I've had the opportunity to get hands-on experience with VxWorks MILS, and I'm looking forward to gaining more experience in the coming year. I'm also getting up to speed with the Common Criteria, but I wish it was as riveting a read as the novel...

Farnborough Air Show 2008

Earlier this week, I attended the 2008 Farnborough Air Show, one of the highlights of the aerospace industry's calendar. I spent quite a lot of time visiting some of our partners and customers on their exhibition stands, as I'm interested in seeing how Wind River's technologies are used in the end applications. It was also a good opportunity to catch up with contacts and find out more about the progrress of current developments and new programmes. Whilst walking around the exhibition, I couldn't help but notice two significant differences compared to the previous event: an increased focus on unmanned systems and also on carbon footprint reduction.

Although Unmanned Air Vehicles (UAVs) were present at the show for several years, they were much more prominent this year, with companies announcing new military and civilian UAVs. The latter are intended for law enforcement, border patrol and maritime surveillance operations. However, although there are still a number of issues related to the safety certification and operation of UAVs in civil airspace to be addressed, as I've discussed in previous blogs ('Police Drone', 'Avionics 2007 Amsterdam'), it may be that increased end-user demand could result in pull-through which could accelerate this process.

A number of companies highlighted their development efforts to produce new technologies which will reduce aviation CO2 emissions. These include increased engine efficiency, and optimization of flight paths of aircraft to reduce fuel consumption and emissions. Two techniques to achieve the latter - continuous descent arrival (CDA) and area navigation (RNAV) - rely on advanced Flight Management Systems (FMS) which use complex device software to calculate and maintain the optimal flight paths. (If you're interested in reading more about these techniques, I'd recommend reading George Marsh's article 'Europe's Green Pursuit' in Avionics Magazine).   

Whilst at the show, I also took the opportunity to watch a few of the air displays. The Eurofighter Typhoon, is best known for its supersonic performance, and uses a deliberately aerodynamic unstable design to achieve high levels of agility but needs a complex flight control computers to keep it in the air, put on a very impressive display as usual including low-speed pass (There's a brief glimpse of this manoeuvre from 0.19-0.22 in the video clip on the BBC News website). The Lockheed Martin F-22 Raptor (Air Force Technology) was at Farnborough for the first time and made a lot of use of its vectored thrust engines in its flight display (there's a great video clip of the display on the BBC News website). In 2006, the MiG-29VT (precursor to the MiG-35) also performed some physics-defying acrobatics with its Klimov three-dimensional thrust vectoring (as opposed to the Raptor's two), so it would have been interesting to compare the aircraft displays back to back...maybe in 2010?

Astute optronic mast case study

I don't often have the opportunity to discuss how Wind River's Aerospace and Defence customers are using our technologies in their applications due to security restrictions and commercial confidentiality.

So, I am very grateful to Thales for allowing us to announce that they have used VxWorks for their latest generation optronic mast which is being used on the UK Royal Navy's Astute class submarines.

If you're interested in the challenges Thales faced in migrating their Ada application from a custom Digital Signal Processor (DSP) architecture to COTS multi-processor PowerPC architecture running VxWorks, and how they overcame them, the case study (PDF) has recently been published on the A&D Customers page.