New methodology to develop certified safe and secure aeronautical software — An embedded router case study

New aeronautical traffic profiles are growing in usage and complexity. Higher throughputs and new opportunities could be served by multiplexing some different data but the heterogeneity of their safety and security constraints remains the main problem for promoting multiplexing solutions through a unique network link. For this purpose we are producing an IP based Secure Next Generation Router (SNG Router). This SNG Router provides regulation, routing, secure merging of different data sources as well as preserving their segregation. In order to ease the SNG router development we defined a new methodology for the process of aeronautical software development. This methodology permits us to rapidly transform verifiable models into a safe and secure byte-code certifiable at DO-178B highest levels with reduced costs. This paper presents the methodology tool chain, which uses a qualified model transformer to generate code for a secure virtualization infrastructure with controlled inter-partition communications. A separation kernel running on an embedded target enforces the segregation of computations done on the data. The case study of the SNG Router illustrates concretely how the methodology can be conducted.