[摘要] Field Loadable Software in commercial aviation is indispensable for vital avionics functions yet its security has never been studied in depth. Due to the recent introduction of wireless software loading capabilities and Internet-connected in-flight entertainment systems along with several high-profile information security breaches in other sectors, the security of Field Loadable software has come under closer scrutiny. Conventional information systems security analysis approaches focus on finding and preventing vulnerabilities in the implementation of a system, but they are not designed to include the organizational ;;soft;; components of a system. The aim of this thesis is to provide a comprehensive security analysis of Field Loadable Software that includes organizational aspects in order to find existing vulnerabilities and propose security constraints that would fix the vulnerabilities or prevent them from being exploited. A novel safety approach from safety engineering, called Systems Theoretic Process Analysis (STPA) was adapted and used to perform the security analysis of Field Loadable Software in commercial aviation. The analysis produced a simple systems model for Field Loadable Software and found that current regulations and practices are not sufficient: there several significant vulnerabilities in the way Field Loadable Software is currently designed and distributed. However, the analysis also showed that the vulnerabilities could be removed with the addition of simple technical measures and security constraints.