Security constraints of an On-Site Inspection dictate air-gapped isolation of networks, introducing challenges for the reliable provisioning and updating of distributed mission-critical software systems employed during an OSI. Further goals include process transparency and operational robustness, while accommodating domain-specific requirements. To this end, we propose a technical framework addressing the software configuration update in network-isolated environments. Within our comprehensive framework, dependencies are resolved using satisfiability modulo theories, ensuring correctness in terms of version compatibility. The end-to-end system facilitates the update and reconfiguration of isolated on-site systems, while being compatible with container-based software component management as used in practice. We demonstrate the framework over a case study representing a typical scenario.
The paper highlights the importance of appropriate measures to manage software systems during an OSI, ensuring transparency, robustness and availability of mission-critical software.