SAHARA: A Security-Aware Hazard and Risk Analysis Method

Macher, Georg; Sporer, Harald; Berlach, Reinhard; Armengaud, Eric; Kreiner, Christian

doi:10.7873/date.2015.0622

Cited by 128 publications

(61 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We also proposed an approach of a security-informed hazard analysis and describe an assessment process determining the impact of security attacks on safety features [16]. This work presented a combined approach of the automotive HARA (hazard analysis and risk assessment) with the security domain STRIDE.…”

Section: Related Workmentioning

confidence: 99%

Service Deterioration Analysis (SDA): An Early Development Phase Dependability Analysis Method

Macher

Höller

Sporer

et al. 2015

2015 IEEE International Conference on Dependable Systems and Networks Workshops

Self Cite

View full text Add to dashboard Cite

Dependability is a superordinate concept regrouping different system attributes such as reliability, safety, security, or availability and a key selling point of modern embedded systems. Dependable systems rely on mature quality management and development methods such as requirements / systems engineering and system analyses. In the automotive domain analysis methods for safety and security attributes at early development phases are well known and partially mandatory by domain standards. Nevertheless, approaches for analysis of serviceability attributes (the combination of reliability and maintainability) at early development phases are not yet available.Aim of the paper is to present a novel analysis method to quantify the impact of individual system parts on the overall system serviceability at early development phases. This approach bases on the concepts of state-of-the-art methods for safety and security analysis and extends their scope of application to serviceability feature quantification, thus enables consistent identification of system dependability target attributes. This, in turn, is a pre-requisite for ensuring a certain level of system dependability from start of development. In the second part of the document the application of the novel approach is demonstrated on an automotive training example of a battery management system.

show abstract

Section: Related Workmentioning

confidence: 99%

Service Deterioration Analysis (SDA): An Early Development Phase Dependability Analysis Method

Macher

Höller

Sporer

et al. 2015

2015 IEEE International Conference on Dependable Systems and Networks Workshops

Self Cite

View full text Add to dashboard Cite

show abstract

“…Since all dependability attributes need to be supported by the same system architecture, they require a common engineering basis and a mutual understanding of focuses, language concepts and mutual dependencies. Table 1 shows a mapping of safety and security oriented engineering terms regarding the initial analysis step, which is the HARA and TARA [15]. Most modern embedded automotive systems are representative of safety and security relevant use-cases, due to their usually safety and security related nature and complexity regarding elements of the system, underlying functionality and the related external systems.…”

Section: Figure 1 Overview Of Dependability Attributes and Analysismentioning

confidence: 99%

“…This system is connected to various powertrain control units, the charging interface (enabling the communication with battery charging stations), the on-board diagnostic interface (OBD), and via a dedicated gateway to the vehicle infotainment systems (including the driver interface (HMI) and also a wireless internet connection). For the initial assessment of cyber-security threats and safety hazards the SAHARA method [15] can be applied. This method identifies safety goals (SG) and cyber-security attacks which can violate the respective SG.…”

Section: Application Of the Proposed Approachmentioning

confidence: 99%

“…This method identifies safety goals (SG) and cyber-security attacks which can violate the respective SG. Additionally, the SAHARA method assigns a quality label for the safety impact (ASIL; standardized by ISO 26262 [4]) and cyber-security factor (SecL; proposed by [15]) of the system. These labels are further inherited by components and sub-systems of this system (e.g.…”

Section: Application Of the Proposed Approachmentioning

confidence: 99%

See 1 more Smart Citation

Signal-Layer Security and Trust-Boundary Identification based on Hardware-Software Interface Definition

Macher¹,

Sporer²,

Brenner³

et al. 2018

JUSPN

Self Cite

View full text Add to dashboard Cite

An important trend in the automotive domain is to adapt established functional safety processes and methods for security engineering. Although functional safety and cyber-security engineering have a considerable overlap, the trend of adapting methods from one domain to the other is often challenged by non-domain experts. Just as safety became a critical part of the development in the late 20th century, modern vehicles are now required to become resilient against cyber-attacks. As vehicle providers gear up for this challenge, they can capitalize on experiences from many other domains, but must also face several unique challenges. Such as, that cyber-security engineering will now join reliability and safety as a cornerstone for success in the automotive industry and approaches need to be integrated into the mainly safety oriented development lifecycle of the domain. The recently released SAE J3061 guidebook for cyber-physical vehicle systems focus on designing cyber-security aware systems in close relation to the automotive safety standard ISO 26262. The key contribution of this paper is to analyse a method to identify attack vectors on complex automotive systems via signal interfaces and propose a security classification scheme and protection mechanisms on signal layer.To that aim, the hardware-software interface (HSI), a central development artefact of the ISO 26262 functional safety development process, is used and extended to support the cyber-security engineering process and provide cyber-security countermeasures on signal layer.

show abstract

“…In recent years, several methods for risk identification, evaluation and analysis eliciting both safety hazards and security threats have been proposed such as SAHARA [1], CHASSIS [2], FMVEA [3]. A majority of them, are application specific models (automotive, power) and geared towards the risk identification phase.…”

Section: Introductionmentioning

confidence: 99%

Quantitative Security and Safety Analysis with Attack-Fault Trees

Kumar

Stoelinga

2017

2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE)

View full text Add to dashboard Cite

Abstract-Cyber physical systems, like power plants, medical devices and data centers have to meet high standards, both in terms of safety (i.e. absence of unintentional failures) and security (i.e. no disruptions due to malicious attacks).This paper presents attack fault trees (AFTs), a formalism that marries fault trees (safety) and attack trees (security). We equip AFTs with stochastic model checking techniques, enabling a rich plethora of qualitative and quantitative analyses. Qualitative metrics pinpoint to root causes of the system failure, while quantitative metrics concern the likelihood, cost, and impact of a disruption. Examples are: (1) the most likely attack path; (2) the most costly system failure; (3) the expected impact of an attack. Each of these metrics can be constrained, i.e., we can provide the most likely disruption within time t and/or budget B. Finally, we can use sensitivity analysis to find the attack step that has the most influence on a given metric. We demonstrate our approach through three realistic cases studies.

show abstract

SAHARA: A Security-Aware Hazard and Risk Analysis Method

Cited by 128 publications

References 0 publications

Service Deterioration Analysis (SDA): An Early Development Phase Dependability Analysis Method

Service Deterioration Analysis (SDA): An Early Development Phase Dependability Analysis Method

Signal-Layer Security and Trust-Boundary Identification based on Hardware-Software Interface Definition

Quantitative Security and Safety Analysis with Attack-Fault Trees

Contact Info

Product

Resources

About