Supporting Cyber-Security Based on Hardware-Software Interface Definition

The SOQRATES (www.soqrates.de) working party has been established in 2003 with the support of the Bavarian SW initiative. Major automotive suppliers joined forces to exchange best practices in topics such as Automotive SPICE, functional safety, and cybersecurity.The research method of SOQRATES is to compare the best practices, and in case that a specific design pattern is accepted by all parties, it is declared and published as a state of the art.Some of the results of the working party have been packaged into training courses.For example, in the EU project SafEUr (518632-LLP-1-2011-1-AT-LEONARDO-LMP, 2011-2012) a European partnership with inputs from SOQRATES developed a skill set, training materials, and best practices for the implementation of ISO 26262.For example, in the EU project AQUA (Knowledge Alliance for Quality in Automotive, EAC-2012EAC- -0635, 2013EAC- -2014, a European partnership with inputs from SOQRATES developed a skill set, training materials, and best practices for integrating Automotive SPICE, ISO 26262, and Six Sigma.For example, in the EU project AQU (Automotive Quality Universities, 2015-1-CZ01-KA203-013986, 2015-2017), a European partnership with inputs from SOQRATES applied the AQUA concept with universities in Austria, Germany, France, and Czech Republic who educate students that will work in the automotive industry.Also, the working party elaborated integrated assessment models where the Automotive SPICE 3.0 has been merged with ISO 26262 (further safety related questions) and SAE J3061 (further cybersecurity questions). This paper will look into the future of self-driving cars and discuss the design patterns that are currently analysed in the working party to support a vehicle in future self-driving infrastructure architectures and processes. KEYWORDSAutomotive SPICE, cybersecurity, functional safety, ISO 26262, SAE J3061, service architectures for automotive 1 | INTRODUCTION ADAS stands for Autonomous Driving Assistance Systems and realises functions that support the driver but still keep the driver in the flow. It is still expected that there is a driver with a driver licence who is part of the control flow. From 2030 on the plans from OEMs are to produce self-driving cars where there are no drivers, the passenger is a person that is provided with a mobility service. The car itself must control the situation (supported by infrastructure), and also the insurance model will have been changed by then. Cars will have a black box that logs all vehicle data from all electronic control units (ECUs) and insurance will go with the car and the component, and will not be on the driver as a person any more.In case of the steering example in this paper, the authors also outline the future of a self-driving scenario.Automotive companies experience an exponential increase in functional development. Major car manufacturers develop vehicle functions that can be decomposed into features (functions) on ECU and supplier level. A real time communication (via a bus) of a set of electronic control units ...

show abstract

“…And in cybersecurity, an additional view of a cybersecurity related defence model with static and dynamic design will be needed (Figures and ).…”

Section: Integrating Automotive Spice Functional Safety and Cybersementioning

confidence: 99%

Extending Automotive SPICE 3.0 for the use in ADAS and future self‐driving service architectures

Messnarz¹,

Kreiner

Macher

et al. 2018

J Software Evolu Process

Self Cite

View full text Add to dashboard Cite

show abstract

“…In our work [9] we described the linking of such a HSI based attack vectors identification in relation to the afore mentioned Automotive SPICE reference model and also in relation to the ISO 26262 -road vehicle functional safety standard. Other works postulate the problematic of defining HW/SW interfaces are part of an emerging domainindependent paradigm for contract-based design.…”

Section: Related Workmentioning

confidence: 99%

“…This follows the concept of a layered cybersecurity defense approach mentioned before. [4], AutomotiveSPICE [5], and SAE J3061 [3]), scientific papers like [8,14], and the authors' experiences [9]. Security related information have been added (marked in coloured text) to support identification of attack vectors via their signal interfaces of the systems.…”

Section: Security Extensionmentioning

confidence: 99%

Signal-Layer Security and Trust-Boundary Identification based on Hardware-Software Interface Definition

Macher¹,

Sporer²,

Brenner³

et al. 2018

JUSPN

Self Cite

View full text Add to dashboard Cite

An important trend in the automotive domain is to adapt established functional safety processes and methods for security engineering. Although functional safety and cyber-security engineering have a considerable overlap, the trend of adapting methods from one domain to the other is often challenged by non-domain experts. Just as safety became a critical part of the development in the late 20th century, modern vehicles are now required to become resilient against cyber-attacks. As vehicle providers gear up for this challenge, they can capitalize on experiences from many other domains, but must also face several unique challenges. Such as, that cyber-security engineering will now join reliability and safety as a cornerstone for success in the automotive industry and approaches need to be integrated into the mainly safety oriented development lifecycle of the domain. The recently released SAE J3061 guidebook for cyber-physical vehicle systems focus on designing cyber-security aware systems in close relation to the automotive safety standard ISO 26262. The key contribution of this paper is to analyse a method to identify attack vectors on complex automotive systems via signal interfaces and propose a security classification scheme and protection mechanisms on signal layer.To that aim, the hardware-software interface (HSI), a central development artefact of the ISO 26262 functional safety development process, is used and extended to support the cyber-security engineering process and provide cyber-security countermeasures on signal layer.

show abstract

“…This follows the concept of a layered cybersecurity defense approach mentioned before. Table 2 itemizes essential HSI attributes extracted from standards (ISO 26262 [4], AutomotiveSPICE [5], and SAE J3061 [3]), scientific papers like [8,14], and the authors' experiences [9]. Security related information have been added (marked in coloured text) to support identification of attack vectors via their signal interfaces of the systems.…”

Section: Security Extensionmentioning

confidence: 99%

Untitled

2018

JUSPN

View full text Add to dashboard Cite

An important trend in the automotive domain is to adapt established functional safety processes and methods for security engineering. Although functional safety and cyber-security engineering have a considerable overlap, the trend of adapting methods from one domain to the other is often challenged by non-domain experts. Just as safety became a critical part of the development in the late 20th century, modern vehicles are now required to become resilient against cyber-attacks. As vehicle providers gear up for this challenge, they can capitalize on experiences from many other domains, but must also face several unique challenges. Such as, that cyber-security engineering will now join reliability and safety as a cornerstone for success in the automotive industry and approaches need to be integrated into the mainly safety oriented development lifecycle of the domain. The recently released SAE J3061 guidebook for cyber-physical vehicle systems focus on designing cyber-security aware systems in close relation to the automotive safety standard ISO 26262. The key contribution of this paper is to analyse a method to identify attack vectors on complex automotive systems via signal interfaces and propose a security classification scheme and protection mechanisms on signal layer. To that aim, the hardware-software interface (HSI), a central development artefact of the ISO 26262 functional safety development process, is used and extended to support the cyber-security engineering process and provide cyber-security countermeasures on signal layer.

show abstract

Supporting Cyber-Security Based on Hardware-Software Interface Definition

Cited by 35 publications

References 8 publications

Extending Automotive SPICE 3.0 for the use in ADAS and future self‐driving service architectures

Extending Automotive SPICE 3.0 for the use in ADAS and future self‐driving service architectures

Signal-Layer Security and Trust-Boundary Identification based on Hardware-Software Interface Definition

Untitled

Contact Info

Product

Resources

About