Combined automotive safety and security pattern engineering approach

Martin, Helmut; Ma, Zehndong; Schmittner, Christoph; Winkler, Bernhard; Krammer, Martin; Schneider, Daniel; Amorim, Tiago; Macher, Georg; Kreiner, Christian

doi:10.1016/j.ress.2019.106773

Cited by 34 publications

(22 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Related Workmentioning

confidence: 99%

“…Safety and security co-analysis using patterns has been addressed by some previous work [21,26]. We have been greatly inspired by [21] that proposed a pattern-based approach for safety and security co-analysis, and by [26] with security analysis of safety patterns. A key difference to our work is that we propose automated reasoning methods with safety and security patterns, whereas previous activities were done manually.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns

Dantas¹,

Nigam²

2022

Preprint

View full text Add to dashboard Cite

During the design of safety-critical systems, safety and security engineers make use of architectural patterns, such as Watchdog and Firewall, to address identified failures and threats. Often, however, the deployment of safety patterns has consequences on security, e.g., the deployment of a safety pattern may lead to new threats. The other way around may also be possible, i.e., the deployment of a security pattern may lead to new failures. Safety and security co-design is, therefore, required to understand such consequences and trade-offs, in order to reach appropriate system designs. Currently, pattern descriptions, including their consequences, are described using natural language. Therefore, their deployment in system design is carried out manually, thus time-consuming and prone to human-error, especially given the high system complexity. We propose the use of semantically-rich architectural patterns to enable automated support for safety and security co-design by using Knowledge Representation and Reasoning (KRR) methods. Based on our domain-specific language, we specify reasoning principles as logic specifications written as answer-set programs. KRR engines enable the automation of safety and security co-engineering activities, including the automated recommendation of which architectural patterns can address failures or threats and consequences of deploying such patterns. We demonstrate our approach on an example taken from the ISO 21434 standard.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns

Dantas¹,

Nigam²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…One approach uses an architecture description language for safety verification [15]. Martin et al [37] uses architecture patterns to incorporate FSRs in the design phase. Sljivo et al [49] presents a methodology for fulfillment of FSRs at design time using design patterns and contracts.…”

Section: Safety Engineeringmentioning

confidence: 99%

A Functional Safety Assessment Method for Cooperative Automotive Architecture

Kochanthara¹,

Rood²,

Saberi³

et al. 2021

Preprint

View full text Add to dashboard Cite

The scope of automotive functions has grown from a single vehicle as an entity to multiple vehicles working together as an entity, referred to as cooperative driving. The current automotive safety standard, ISO 26262, is designed for single vehicles. With the increasing number of cooperative driving capable vehicles on the road, it is now imperative to systematically assess the functional safety of architectures of these vehicles. Many methods are proposed to assess architectures with respect to different quality attributes in the software architecture domain, but to the best of our knowledge, functional safety assessment of automotive architectures is not explored in the literature. We present a method, that leverages existing research in software architecture and safety engineering domains, to check whether the functional safety requirements for a cooperative driving scenario are fulfilled in the technical architecture of a vehicle. We apply our method on a real-life academic prototype for a cooperative driving scenario, platooning, and discuss our insights.

show abstract

“…The separate analyses of safety and security during systems design are complex topics and have attracted attention in the research community and industry for several decades. Ongoing discussions and work recently published suggest that safety and security concerns should be addressed following a co-engineering process [28], [15]. Some advantages mentioned in the literature are preventing design flaws due to conflicts between safety and security requirements not identified at early phases of the system development.…”

Section: Introductionmentioning

confidence: 99%

“…Some advantages mentioned in the literature are preventing design flaws due to conflicts between safety and security requirements not identified at early phases of the system development. Many of the approaches proposed to separately conduct safety and security analyses follow a risk-oriented perspective [15]. However, despite the similarities observed in safety and security risks methods, achieving a consistent intertwining is a challenging topic [19].…”

Section: Introductionmentioning

confidence: 99%

Method and framework for security risks analysis guided by safety criteria

Pedroza

Mockly

2020

Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedi

View full text Add to dashboard Cite

As previously discussed [19], the challenges to achieve a consistent intertwining between safety and security are rather diverse and complex. Recent advances in safety and security suggest that risks analyses provide guidance for achieving a comprehensive alignment. However, for many domains, like in aeronautics, security is rather a recent concern whereas aircraft development has been mostly guided by safety criteria for several decades. The referred disparity along with the fact that security is, in many respects, a discipline still in evolution, imposes restrictions for specifying and applying methods to conduct safety and security co-engineering as a unified process. In this paper, we present the progress in the development of a model-based method, a framework and a tool useful to conduct a security risks analysis guided by safety criteria and goals. Among others, the approach relies on know-how found in the state of the art, in standards like ED202, ED203 (EUROCAE) 1 , as well as in open knowledge bases like CAPEC and CWE (MITRE) 2. These sources are integrated which allows the instantiation of patterns of attacks, vulnerabilities, and architectures, which are crucial elements to semi-automate the analysis. A rule-based algorithm for exploring potential attack paths across an architecture is proposed and implemented. The approach is finally demonstrated by analyzing a combined attack-failure path in a Flight Control System which can undermine the safety of a modern aircraft. The framework and tool support seek safety-security by design and aim to facilitate the reuse of case studies and to settle a basis for repeatability and results comparison. CCS CONCEPTS • Applied computing → Computer-aided design; • Security and privacy → Distributed systems security; • Computing methodologies → Model development and analysis; • Software and its engineering → Integrated and visual development environments.

show abstract

Combined automotive safety and security pattern engineering approach

Cited by 34 publications

References 13 publications

Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns

Automating Safety and Security Co-Design through Semantically-Rich Architecture Patterns

A Functional Safety Assessment Method for Cooperative Automotive Architecture

Method and framework for security risks analysis guided by safety criteria

Contact Info

Product

Resources

About