Jet Propulsion Laboratory, California Institute of Technology (USA)
Date: September 29, 12:45 - 13:15 Room: Sala 3M
Design principles gathered from over 20 years of experience in research, implementing and protecting mission critical flight systems used by the Navigation and Mission Design Section at the Jet Propulsion Laboratory are reviewed. The work of spacecraft navigation involves rigorous requirements for accuracy and completeness, often carried out under uncompromising critical time pressures. Robust and fault tolerant design for the ground data system is crucial for the numerous space missions we support, from the Mars rover Curiosity to Cassini in orbit around Saturn. We begin by examining the design principles learned from fault tolerant design efforts to protect against random failure, and consider computer security engineering as a derivative effort to protect against intelligent actors promoting malicious failure. Examples for best practices of reliable system design from computer and aviation industry are considered and security fault tolerance principles are derived from this effort. Computer security design approaches are reviewed, both as abstract principles (starting from cornerstones in Confidentiality, Integrity, and Availability) and from implementation. Strategic design principles such as defense in depth, least privilege, and vulnerability removal are used in this design. We evaluate system design from external access data flows, through internal host security mechanisms, and finally to user access controls. A complementary intersection – the balance between the protection of the system and promoting its ease of use by engineers (making their experience as user friendly and efficient as possible) is evaluated. Finally, we consider future refinements to secure system architecture.