Avionics is one of the fields in which verification methods have been pioneered and brought a new level of reliability to systems used in safety critical environments. Tragedies, like the 2015 insider attack on a German airplane, in which all 150 people on board died, show that safety and security crucially depend not only on the well functioning of systems but also on the way how humans interact with the systems. Policies are a way to describe how humans should behave in their interactions with technical systems, formal reasoning about such policies requires integrating the human factor into the verification process. In this paper, we report on our work on using logical modelling and analysis of infrastructure models and policies with actors to scrutinize security policies in the presence of insiders. We model insider attacks on airplanes in the Isabelle Insider framework. This application motivates the use of an extension of the framework with Kripke structures and the temporal logic CTL to enable reasoning on dynamic system states. Furthermore, we illustrate that Isabelle modelling and invariant reasoning reveal subtle security assumptions. We summarize by providing a methodology for the development of policies that satisfy stated properties.

中文翻译：

---

将 Isabelle Insider 框架应用于飞机安全

航空电子设备是验证方法被开创的领域之一，它为在安全关键环境中使用的系统带来了新的可靠性水平。悲剧，例如 2015 年对德国飞机的内部袭击，机上 150 人全部遇难，表明安全和保障不仅取决于系统的良好运行，还取决于人类如何与系统互动。策略是一种描述人类在与技术系统交互时应该如何表现的方式，关于此类策略的正式推理需要将人为因素整合到验证过程中。在本文中，我们报告了我们在内部人员在场的情况下使用逻辑建模和基础架构模型和策略分析与参与者一起审查安全策略的工作。我们在 Isabelle Insider 框架中模拟对飞机的内部攻击。该应用程序鼓励使用具有 Kripke 结构和时间逻辑 CTL 的框架扩展，以实现对动态系统状态的推理。此外，我们说明 Isabelle 建模和不变推理揭示了微妙的安全假设。我们通过提供一种方法来制定满足规定属性的政策进行总结。