Integration of Security in the Development Lifecycle of Dependable Automotive CPS

Macher, Georg; Armengaud, Eric; Kreiner, Christian; Brenner, Eugen; Schmittner, Christoph; Ma, Zhenliang; Martin, Helmut; Krammer, Martin

doi:10.4018/978-1-5225-2845-6.ch015

Cited by 12 publications

(15 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of automotive domain, existing analysis method Hazard Analysis and Risk Management (HARA), which is standardized in ISO 26262 for safety, can be extended with Threat Analysis and Risk Assessment (TARA) method, as mentioned in SAE J3061 to identify cybersecurity risks [7]. Other proposals include Failure Mode and Vulnerability Effect Analysis (FMVEA) [8] and Security Aware Hazard Analysis and Risk Assessment (SAHARA) [9] that aim at combining both safety and security analysis in parallel.…”

Section: Safety and Security Co-analysis And Co-engineeringmentioning

confidence: 99%

See 1 more Smart Citation

Combined automotive safety and security pattern engineering approach

Martin

Ma²,

Schmittner

et al. 2020

Reliability Engineering & System Safety

View full text Add to dashboard Cite

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane-it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.

show abstract

Section: Safety and Security Co-analysis And Co-engineeringmentioning

confidence: 99%

“…This paper is based on the conference paper "Systematic Pattern Approach for Safety and Security Co-engineering in the Automotive Domain" from Amorim et. al [3] presented at the main track of SafeComp2017 7 in Trento/Italy. The figures in the methodology part and in the battery use case are taken from that publication.…”

Section: Introductionmentioning

confidence: 99%

Combined automotive safety and security pattern engineering approach

Martin

Ma²,

Schmittner

et al. 2020

Reliability Engineering & System Safety

View full text Add to dashboard Cite

show abstract

“…Patterns are a suitable way to support argumentation that safety and security related requirements are fulfilled. They assist in reusing best practices systematically [16]. Menon et al [12] demonstrate how patterns are used to provide argumentation structures for software safety arguments.…”

Section: Fig 1 Comparison Of Safety-and Security Engineeringmentioning

confidence: 99%

“…To visualize these relationships between requirements and work products we use GSN. A more detailed description of the argumentation approach can be found in [16], [17].…”

Section: Fig 2 Safety and Security Co-engineering Frameworkmentioning

confidence: 99%

Safety and Security Co-engineering and Argumentation Framework

Martin

Bramberger

Schmittner

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Automotive systems become increasingly complex due to their functional range and data exchange with the outside world. Until now, functional safety of such safety-critical electrical/electronic systems has been covered successfully. However, the data exchange requires interconnection across trusted boundaries of the vehicle. This leads to security issues like hacking and malicious attacks against interfaces, which could bring up new types of safety issues. Before mass-production of automotive systems, evidences and arguments are required regarding two aspects. Product engineering has been done compliant to specific standards and supports arguments that the system is free of unreasonable safety and security risks. This paper shows a safety and security co-engineering framework, which covers standard compliant process derivation and management, and supports product specific safety and security co-analysis. Furthermore, we investigate processand product-related argumentation and apply the approach to an automotive use case regarding safety and security.Keywords: Safety and security co-engineering • process-and product-based argumentation • process and argumentation patterns • automotive domain • ISO 26262 • SAE J3061

show abstract

“…For this purpose, it is crucial to perceive and remove those factors in the system which increase security risk. To consider safety and security together, even during the earliest stages of the design procedure, researchers have developed a new method for the automotive industry [5]. In light of the introduced development processes, the Test Field of Zalaegerszeg [6] has started a research to evaluate the required professional and scientific framework to prevent transport systems from malicious external intervention.…”

Section: Introductionmentioning

confidence: 99%

Development of a Novel Automotive Cybersecurity, Integrity Level, Framework

Török¹,

Szalay²,

Sághi³

2020

ACTA POLYTECH HUNG

View full text Add to dashboard Cite

As automated driver assistance functions are getting more and more popular, they will surly have a significant impact on our life especially considering security and the expected serious effects of malicious interventions. In light of the introduced aspects, the Test Field of Zalaegerszeg has started a research to evaluate the required professional and scientific framework to prevent transport systems from malicious external intervention. With regard to this aspect, the homologation system has been analyzed. In accordance with this the main objective of the article is to develop integrity level structure related to transport systems especially focusing on security issues. In this context the paper reconsiders the structure of ASIL to provide a proper framework focusing on the outstandingly important issues of cybersecurity. To develop a novel SIL framework a tailormade method is identified to define risk parameter values related to certain SIL categories. At the end of the research, the investigation has determined the acceptable hazard rates related to the S&SIL architecture.

show abstract

Integration of Security in the Development Lifecycle of Dependable Automotive CPS

Cited by 12 publications

References 11 publications

Combined automotive safety and security pattern engineering approach

Combined automotive safety and security pattern engineering approach

Safety and Security Co-engineering and Argumentation Framework

Development of a Novel Automotive Cybersecurity, Integrity Level, Framework

Contact Info

Product

Resources

About